H3C WA Series Fundamentals Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Wireless Access Point
  5. WA Series
  6. Fundamentals configuration manual
H3C WA Series Fundamentals Configuration Manual

H3C WA Series Fundamentals Configuration Manual

Wlan access points
Hide thumbs Also See for WA Series:
Table of Contents

Advertisement

Quick Links

H3C WA Series WLAN Access Points
Fundamentals Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W100-20100910

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WA Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C WA Series

Summary of Contents for H3C WA Series

  • Page 1 H3C WA Series WLAN Access Points Fundamentals Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W100-20100910...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 The H3C WA documentation set includes 10 configuration guides, which describe the software features for the H3C WA Series WLAN Access Points and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply the software features to different network scenarios.
  • Page 4 Means an action or information that needs special attention to ensure successful configuration or good performance. Means a complementary description. Means techniques helpful for you to make configuration with ease. About the H3C WA Documentation Set The H3C WA documentation set includes: Category Documents...
  • Page 5 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 6: Table Of Contents

    Table of Contents 1 Applicable Models and Software Versions .....................1-1 2 Feature Matrix ............................2-1 3 Command/Parameter Matrix........................3-1 4 CLI Configuration ............................4-1 What Is CLI? ............................4-1 Entering the CLI ............................4-2 Entering CLI Through the Console Port ..................4-2 Entering the CLI Through Telnet .....................4-6 CLI Description............................4-7 Command Conventions ........................4-7 CLI View Description ........................4-8...
  • Page 7 Logging off Online Web Users ......................5-7 Configuration Example ........................5-7 6 File Management Configuration.......................6-1 Managing Files............................6-1 Filename Formats..........................6-1 Directory Operations........................6-2 File Operations ..........................6-3 Renaming a file..........................6-3 Batch Operations..........................6-4 Memory Space Management ......................6-5 Setting File System Prompt Modes ....................6-5 Example for File Operations......................6-6 7 Configuration File Management.......................7-1 Configuration File Overview........................7-1 Types of Configuration ........................7-1...
  • Page 8 Device Management Configuration Task List ..................10-1 Configuring the Exception Handling Method ..................10-2 Rebooting a Device..........................10-2 Configuring the Scheduled Automatic Execution Function..............10-3 Upgrading Device Software ........................10-4 Device Software Overview ......................10-4 Upgrading the Boot ROM Program Through Command Lines .............10-5 Upgrading the Boot File Through Command Lines...............10-6 Clearing the 16-Bit Interface Indexes Not Used in the Current System ..........10-6 Displaying and Maintaining Device Management Configuration ............10-7 Device Management Configuration Example ..................10-7...
  • Page 9 Associating the HTTP Service with an ACL..................12-2 Displaying and Maintaining HTTP......................12-3 HTTP Configuration Example .......................12-3 13 HTTPS Configuration ..........................13-1 HTTPS Overview ..........................13-1 HTTPS Configuration Task List ......................13-1 Associating the HTTPS Service with an SSL Server Policy ..............13-2 Enabling the HTTPS Service ........................13-2 Associating the HTTPS Service with a Certificate Attribute Access Control Policy......13-3 Configuring the Port Number of the HTTPS Service ................13-3 Associating the HTTPS Service with an ACL ..................13-4...
  • Page 10 15 Index ...............................15-1...

  • Page 11: Applicable Models And Software Versions

    Read this chapter before using an H3C WA series WLAN access point. Applicable Models and Software Versions H3C WA series WLAN access points include the WA2200 series and WA2600 series. Table 1-1 shows the applicable models and software versions.

  • Page 12: Feature Matrix

    Feature Matrix Support of the H3C WA series WLAN access points for features, commands and parameters may vary by device model. See this document for more information. For information about feature support, see Table 2-1. For information about command and...

  • Page 13: Command/Parameter Matrix

    Command/Parameter Matrix Table 3-1 Command/Parameter matrix Document Module Command/Parameter WA2200 series WA2600 series display ip https Not supported Supported ip https acl Not supported Supported Fundamentals Command HTTP commands ip https certificate Not supported Supported Reference access-control-policy ip https enable Not supported Supported a-mpdu enable...
  • Page 14 Document Module Command/Parameter WA2200 series WA2600 series The maximum number of broadcast packets pps max-pps pps max-pps broadcast-suppression that can be ranges from 1 to ranges from 1 to { ratio | pps max-pps } forwarded on an 148810. 1488100. Ethernet interface per second The maximum...

  • Page 15: Cli Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 16: Entering The Cli

    Figure 4-1 CLI Entering the CLI The WA series WLAN access points provide multiple methods of entering the CLI, as follows: Through the console port. For more information, see Entering CLI Through the Console Port. Through Telnet. For more information, see Entering the CLI Through Telnet.
  • Page 17 Because the serial port of a PC is not hot swappable, do not plug or unplug the console cable when your AP is powered on. When connecting the PC to your AP, first plug the DB-9 connector of the console cable into the PC, and then plug the RJ-45 connector of the console cable into your AP.
  • Page 18 Figure 4-4 Specify the serial port used to establish the connection The COM1 Properties window as shown in Figure 4-5 appears. On the window, set Bits per second to 9600, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None. Click Figure 4-5 Set the properties of the serial port The HyperTerminal window as shown in Figure 4-6...
  • Page 19 Figure 4-6 The HyperTerminal window Select File > Properties on the HyperTerminal window, and the test Properties window appears. Select the Settings tab as shown in Figure 4-7, select VT100 from the Emulation drop-down list, and then click OK. Figure 4-7 Select the emulation terminal on the test Properties window...

  • Page 20: Entering The Cli Through Telnet

    Press Enter on the HyperTerminal window. Then the CLI of your access point appears on the window, as shown in Figure 4-8, indicating that you have logged in to your access point successfully. Figure 4-8 Schematic diagram for successful login through the console port Entering the CLI Through Telnet After you log in to your access point through the console port for the first time, it is recommended that you configure Telnet login as soon as possible, so that you can use a remote terminal to configure and...

  • Page 21: Cli Description

    Authentication Description Application scenarios Configuration method Complex to configure Allows users inputting correct Environments where username and password to telnet to your Username and multiple operators access point password cooperate to manage Most secure, and capable of assigning the AP different privilege levels to different users An access point provides multiple VTY user interfaces.

  • Page 22: Cli View Description

    Convention Description Optional alternative items are grouped in square brackets and separated by [ x | y | ... ] vertical bars. One or none is selected. Alternative items are grouped in braces and separated by vertical bars. A { x | y | ... } * minimum of one or a maximum of all can be selected.

  • Page 23: Using The Cli

    Follow these steps to enter system view: To do… Use the command… Remarks Required Enter system view. system-view Available in user view Exiting the current view The AP’s CLI views are multi-layered, for example, user view > system view > interface view, VLAN view, etc.

  • Page 24: Command Line Error Information

    ..omitted..Type part of a command and ? separated by a space. If ? is at the position of a keyword, the CLI displays all possible keywords with a brief description about each of these keywords. <Sysname> terminal ? debugging Send debug information to terminal logging Send log information to terminal...

  • Page 25: Typing And Editing Commands

    Typing and Editing Commands Fuzzy match The access point support fuzzy match for efficient input of commands. If in the current view, the character string you have typed can already uniquely identify a keyword, you do not need to type the complete keyword. For example, in user view, commands starting with an s include save, startup saved-configuration, and system-view.

  • Page 26: Undo Form Of A Command

    Table 4-5 Access history commands To do… Use the key/command… Result Display history commands display history-command Displays valid history commands you used Access the previous history Up arrow key or Ctrl+P Displays the previous history command, if any command Access the next history Down arrow key or Ctrl+N Displays the next history command, if any command...
  • Page 27 Action Function Press Space Displays the next screen. Press Enter Displays the next line. Press Ctrl+C Stops the display and the command execution. Press <Ctrl+E> Moves the cursor to the end of the current line. Press <PageUp> Displays the previous page. Press <PageDown>...
  • Page 28 Character Meaning Remarks Starting sign. string appears only at For example, regular expression “^user” only ^string the beginning of a line. matches a string beginning with “user”, not “Auser”. Ending sign. string appears only at For example, regular expression "user$” only string$ the end of a line.

  • Page 29: Configuring The Cli

    Character Meaning Remarks Matches a character string ending For example, “do\>” matches word “undo” and string string\> with string. “abcdo”. Matches character1character2. For example, “\ba” matches “-a” with “-“ being character1 can be any character \bcharacter2 character1, and “a” being character2, but it does not except number, letter or underline, match “2a”...

  • Page 30: Configuring Command Aliases

    Table 4-6 Hotkeys reserved by the system Hotkey Function <Ctrl+A> Moves the cursor to the beginning of the current line. <Ctrl+B> Moves the cursor one character to the left. <Ctrl+C> Stops performing a command. <Ctrl+D> Deletes the character at the current cursor position. <Ctrl+E>...

  • Page 31: Synchronous Information Output

    keyword for each display command, you can input the command alias show xx to execute the display xx command. Note the following when you configure command aliases: When you type a command alias, the system displays and saves the command in its original format instead of its alias.

  • Page 32: Configuring Command Levels

    With this feature enabled: If you have no input at the command line prompt and the system outputs system information, for example, logs, the system will not display the command line prompt after the outputs. If the system outputs system information when you are typing interactive information (not YES/NO for confirmation), the system will not redisplay the prompt information but a line break after the outputs and then what you have typed.

  • Page 33: Saving Configurations

    Modifying the Command Level All the commands are defaulted to different levels. The administrator can modify the default command level to improve management flexibility. Follow these steps to change the command level: To do… Use the command… Remarks Enter system view system-view —...

  • Page 34: Controlling Login Users

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 35: Controlling Telnet Users By Ssids

    Controlling Telnet Users by SSIDs This configuration needs to reference WLAN ACLs, the numbers of which range from 100 to 199. For more information about ACLs, see ACL in the ACL and QoS Configuration Guide. Follow these steps to control Telnet users by WLAN ACLs: To do…...

  • Page 36: Controlling Telnet Users By Source And Destination Ip Addresses

    Controlling Telnet Users by Source and Destination IP Addresses This configuration needs to be implemented by advanced ACL; an advanced ACL ranges from 3000 to 3999. For more information about ACLs, see ACL in the ACL and QoS Configuration Guide. Follow these steps to control Telnet users by source and destination IP addresses: To do…...

  • Page 37: Configuration Example

    [Sysname-ui-vty0-4] acl 2000 inbound Controlling Network Management Users by Source IP Addresses You can manage a WA series WLAN access point through network management software. Network management users can access APs through SNMP. Perform the following two operations to control network management users by source IP addresses.

  • Page 38: Prerequisites

    Prerequisites The controlling policy against network management users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying). Controlling Network Management Users by Source IP Addresses This configuration needs to be implemented by basic ACLs; a basic ACL ranges from 2000 to 2999. For more information about ACLs, see ACL in the ACL and QoS Configuration Guide.

  • Page 39: Controlling Web Users By Source Ip Addresses

    [Sysname] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000 Controlling Web Users by Source IP Addresses The WA series WLAN access points support Web-based remote management, which allows Web users to access the access points using the HTTP protocol. By referencing access control lists (ACLs), you can control the access of Web users to the access points.

  • Page 40: Logging Off Online Web Users

    To do… Use the command… Remarks rule [ rule-id ] { deny | permit } [ fragment | logging | source Define rules for the ACL Required { sour-addr sour-wildcard | any } | time-range time-range-name ] * quit Quit to system view —...

  • Page 41: File Management Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 42: Directory Operations

    Format Description Length Example Specifies a file in the specified storage medium on the device. drive represents the storage flash:/test/a.cfg indicates a file medium name. The storage drive:/[path]/file-na 1 to 135 named a.cfg in the test folder medium on the device is flash. The characters under the root directory of the flash device has only one storage...

  • Page 43: File Operations

    The directory to be removed must be empty, meaning that before you remove a directory, you must delete all the files and the subdirectory under this directory. For more information about the delete and rmdir commands, see File Management in the Fundamentals Command Reference. The rmdir command automatically deletes the files in the recycle bin in the current directory.

  • Page 44: Batch Operations

    Moving a file To do… Use the command… Remarks Required Move a file move fileurl-source fileurl-dest Available in user view Deleting a file To do… Use the command… Remarks Required Move a file to the recycle bin or delete [ /unreserved ] file-url delete it permanently Available in user view The files in the recycle bin still occupy storage space.

  • Page 45: Memory Space Management

    Download the batch file to the device. If the suffix of the file is not .bat, use the rename command to change the suffix to .bat. Execute the batch file. Follow these steps to execute a batch file: To do… Use the command…...

  • Page 46: Example For File Operations

    Follow these steps to set file system prompt modes: To do… Use the command… Remarks Enter system view system-view — Optional Set the operation prompt mode of file prompt { alert | quiet } the file system The default is alert. Example for File Operations # Display the files and the subdirectories in the current directory.

  • Page 47: Configuration File Management

    Configuration File Management The device provides the configuration file management function. You can manage configuration files at a user-friendly command line interface (CLI). This chapter includes these sections: Configuration File Overview Saving the Current Configuration Setting Configuration Rollback Configuration File Overview A configuration file saves the device configurations in command lines in text format to ensure that these configurations can be kept when the device restarts or the configurations are rolled back.

  • Page 48: Startup With The Configuration File

    At a moment, there are at most one main startup configuration file and one backup startup configuration file. You can specify neither of the two files (displayed as NULL). You can specify main and backup startup configuration files to be used at the next startup of the device in two methods: Specify them when saving the current configuration.

  • Page 49: Setting Configuration Rollback

    The configuration file must be with extension .cfg. The execution of the save [ safely ] and save [ safely ] main commands has the same effect: The system saves the current configuration and specifies the configuration file as the main startup configuration file to be used at the next system startup.
  • Page 50 Task Remarks Configuring parameters for saving the current running configuration Required Enabling automatic saving of the current running configuration Required Use either approach Manually saving the current running configuration Setting configuration rollback Required Configuring parameters for saving the current running configuration Before the current running configuration is saved manually or automatically, the file path and filename prefix must be configured.
  • Page 51 Enabling automatic saving of the current running configuration You can configure the system to save the current running configuration at a specified interval, and use the display archive configuration command to view the filenames and save time of the saved configuration files, so as to roll back the current configuration to a previous configuration state.

  • Page 52: Specifying A Configuration File To Be Used At The Next Startup

    Setting configuration rollback Follow these steps to set configuration rollback: To do… Use the command… Remarks Enter system view system-view — Set configuration rollback configuration replace file filename Required Do not unplug and plug a card during configuration rollback, in other words, when the system is executing the configuration replace file command.

  • Page 53: Backing Up The Startup Configuration File

    A configuration file must use .cfg as its extension name and the startup configuration file must be saved in the root directory of the storage medium of the AP. Backing Up the Startup Configuration File Follow the step below to back up the startup configuration file to be used at the next system startup: To do…...

  • Page 54: Restoring The Startup Configuration File

    This command permanently deletes the configuration file from the device. Use it with caution. Restoring the Startup Configuration File The restore function allows you to copy a configuration file from a TFTP server to the device and specify the file as the startup configuration file to be used at the next system startup. Follow the step below to restore the startup configuration file to be used at the next system startup: To do…...
  • Page 55 For detailed description of the display this and display current-configuration commands, see Basic System Configuration in the Fundamentals Command Reference.

  • Page 56: Ftp Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 57: Configuring The Ftp Client

    Figure 8-1 Network diagram for FTP At present, the device can only serve as an FTP client. When the device serves as the FTP client, you need to perform the following configuration: Table 8-1 Configuration when the device serves as the FTP client Device Configuration Remarks...
  • Page 58 If the source address is specified with the ftp client source or ftp command, this source address is used to communicate with an FTP server. If the source address is specified with the ftp client source command and then with the ftp command, the address specified with the latter one is used to communicate with an FTP server.

  • Page 59: Configuring The Ftp Client

    Configuring the FTP Client After the AP serving as the FTP client has established a connection with the FTP server (For how to establish an FTP connection, see Establishing an FTP Connection.), the device can perform the following operations in the authorized directories: To do…...

  • Page 60: Ftp Client Configuration Example

    To do… Use the command… Remarks Optional Disconnect from the FTP server close without exiting the FTP client view Equal to the disconnect command Disconnect from the FTP server Optional and exit to user view Optional Terminate the connection with the remote FTP server, and exit to user quit Available in FTP client view, equal...
  • Page 61 Configuration procedure If the available memory space of the master and slave is insufficient, use the fixdisk command to clear the memory or use the delete /unreserved file-url command to delete the files not in use and then perform the following operations. # Log in to the server through FTP.

  • Page 62: Displaying And Maintaining Ftp

    The boot file for the next startup must be saved in the root directory of the storage medium. For more information about the boot-loader command, see Device Management in the Fundamentals Command Reference. Displaying and Maintaining FTP To do… Use the command… Remarks Display the configuration of the display ftp client configuration...

  • Page 63: Tftp Configuration

    TFTP Configuration This chapter includes these sections: TFTP Overview Configuring the TFTP Client Displaying and Maintaining the TFTP Client TFTP Client Configuration Example TFTP Overview Introduction to TFTP The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP, but it is not as complex as FTP in interactive access interface and authentication.

  • Page 64: Configuring The Tftp Client

    Table 9-1 Configuration when the device serves as the TFTP client Device Configuration Remarks Configure the IP address and routing function, and ensure that the route between the device and the TFTP server is available. Device (TFTP client) — You can use the tftp command to establish a connection to the remote TFTP server to upload/download files to/from the TFTP server Enable TFTP server on the PC, and configure the TFTP working...

  • Page 65: Displaying And Maintaining The Tftp Client

    To do… Use the command… Remarks Enter system view system-view — Optional Use an ACL to control the device’s By default, no ACL is used to tftp-server [ ipv6 ] acl acl-number access to TFTP servers control the device’s access to TFTP servers.
  • Page 66 Figure 9-2 Smooth upgrading using the TFTP client function TFTP Server TFTP Client Vlan-int1 1.2.1.1/16 1.1.1.1/16 Internet Configuration procedure Configure PC (TFTP Server), the configuration procedure omitted. On the PC, enable the TFTP server Configure a TFTP working directory Configure AP (TFTP Client) If the available memory space of the device is not enough, use the fixdisk command to clear the memory or use the delete /unreserved file-url command to delete the files not in use and then perform the following operations.

  • Page 67: Device Management

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 68: Configuring The Exception Handling Method

    Task Remarks Configuring the Exception Handling Method Optional Rebooting a Device Optional Configuring the Scheduled Automatic Execution Function Optional Upgrading Device Software Optional Clearing the 16-Bit Interface Indexes Not Used in the Current System Optional Configuring the Exception Handling Method When the system detects any software abnormality, it handles the situation with one of the following two methods: reboot: The system recovers itself through automatic reboot.

  • Page 69: Configuring The Scheduled Automatic Execution Function

    To do… Use the command… Remarks Optional Reboot the AP immediately reboot Available in user view Follow these steps to reboot a device: To do… Use the command… Remarks Enable the scheduled reboot schedule reboot at hh:mm Optional function and specify a specific [ date ] The scheduled reboot function is reboot time and date...

  • Page 70: Upgrading Device Software

    To do… Use the command… Remarks Required Specify the view in which the task view view-name By default, no view is specified for is executed executing the scheduled task. time timeID at time1 date command command Bind the execution time with the time timeID { one-off | repeating } Required commands in the task, that is,...

  • Page 71: Upgrading The Boot Rom Program Through Command Lines

    Figure 10-1 Relationship between the Boot ROM program and the system boot file Select the Reboot option to reboot the device Start Boot ROM runs Enter Boot ROM menu to upgrade the Press Ctrl+B Boot ROM program or boot File Run boot file Enter CLI Finish...

  • Page 72: Upgrading The Boot File Through Command Lines

    Upgrading the Boot File Through Command Lines Follow the steps to upgrade the boot file: Save the boot file to the root directory of the AP's storage medium using FTP, TFTP, or other approaches. Use a command to specify the boot file for the next boot of the AP. Reboot the AP to make the boot file take effect.

  • Page 73: Displaying And Maintaining Device Management Configuration

    A confirmation is required when you execute this command. If you fail to make a confirmation within 30 seconds or enter “N” to cancel the operation, the command will not be executed. Displaying and Maintaining Device Management Configuration Follow these steps to display and maintain device management configuration: To do…...
  • Page 74 Figure 10-2 Network diagram for remote upgrade FTP Server 2.2.2.2/24 Internet Telnet FTP Client User 1.1.1.1/24 Configuration procedure Configuration on FTP Server (Note that configurations may vary with different types of servers) # Enable FTP Server. <FTP-Server> system-view [FTP-Server] ftp server enable # Set the FTP username to aaa and password to hello.
  • Page 75 [ftp] get test.bin [ftp] get boot.btm # Clear the FTP connection and return to user view. [ftp] bye <AP> # Upgrade the BootWare file of the main board. <AP> bootrom update file boot.btm # Specify the application program for the next boot of the main board. <AP>...

  • Page 76: Basic Configurations

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 77: Basic System Configuration

    For more information about the more and display saved-configuration commands, see File Management in the Fundamentals Command Reference. Basic System Configuration Entering System View The CLI is divided into different command views. Each view has a set of specific commands and limits the effective scope of the commands.

  • Page 78: Configuring The Ap Name

    To do… Use the command… Remarks Required Exit to user view return Available in any view except user view Configuring the AP Name The AP name is used to identify an AP in a network. Inside the system, the AP name corresponds to the prompt of the CLI.
  • Page 79 displayed in the ways shown in Table 11-1. The meanings of the parameters in the configuration column are as follows: 1 indicates date-time has been configured with the clock datetime. 2 indicates time-zone has been configured with the clock timezone command and the offset time is zone-offset.

  • Page 80: Enabling/Disabling The Display Of Copyright Information

    AUX port. The copyright information will not be displayed under other circumstances. The display format of copyright information is as shown below: ************************************************************************** Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 81: Configuring A Banner

    Follow these steps to enable/disable the display of copyright information: To do… Use the command… Remarks Enter system view system-view — Optional Enable the display of copyright copyright-info enable information Enabled by default. Required Disable the display of copyright undo copyright-info enable information Enabled by default.

  • Page 82: Configuring Cli Hotkeys

    Configure the banner to be displayed before login header motd text Optional Banner configuration example # Configure the banner to be displayed when a user enters user view as Welcome to H3C!. Single-line input mode: <System> system-view [System] header shell %Welcome to H3C!% Multiple-line input mode (method I): <System>...
  • Page 83 To do… Use the command… Remarks Available in any view. See Table 11-2 Display hotkeys display hotkey hotkeys reserved by the system. By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are configured with command line and the Ctrl+T and Ctrl+U commands are NULL. Ctrl+G corresponds to the display current-configuration command.

  • Page 84: Configuring Command Aliases

    Hotkey Function Esc+> Specifies the cursor as the ending of the clipboard. These hotkeys are defined by the AP. When you interact with the AP from terminal software, these keys may be defined to perform other operations. If so, the definition of the terminal software will dominate. Configuring Command Aliases You can replace the first keyword of a command supported by the AP with your preferred keyword by configuring the command alias function.

  • Page 85: Configuring User Privilege Levels And Command Levels

    Configuring User Privilege Levels and Command Levels Introduction To restrict different users’ access to the AP, the system manages the users by their privilege levels. User privilege levels correspond to command levels. After users at different privilege levels log in, they can only use commands at their own, or lower, levels.
  • Page 86 To do… Use the command… Remarks Use the local-user command to create a local user and enter User either approach local user view. Using local For local authentication, if you Use the level keyword in the authentication do not configure the user level, Configure the authorization-attribute the user level is 0, that is, users...
  • Page 87 Follow these steps to configure the user privilege level under a user interface: To do… Use the command… Remarks Enter system view system-view — user-interface { first-num1 Enter user interface view [ last-num1 ] | { console | vty } —...
  • Page 88 send Send information to other user terminal interface super Set the current user priority level telnet Establish one TELNET connection terminal Set the terminal line characteristics tftp Open TFTP connection tracert Trace route function undo Cancel current setting Authenticate the users logging in to the AP through Telnet, verify their passwords, and specify the user privilege levels as 2.
  • Page 89 level switch succeeds; for the user logged in from any of the AUX, TTY, or VTY user interfaces, the AAA authentication is performed. scheme local: First scheme and then local, that is, AAA authentication is performed first, and if the AAA configuration is invalid (domain parameters or authentication scheme are not configured) or the server does not respond, the authentication requiring the local password is performed.

  • Page 90: Configuring The Number Of Concurrent Users

    Modifying command level All the commands in a view are defaulted to different levels, as shown in Table 11-3. The administrator can modify the command level based on users’ needs to make users of a lower level use commands with a higher level or improve AP security. Follow these steps to modify the command level: To do…...

  • Page 91: Cli Features

    To do… Use the command… Remarks Display the users that have logged in to the AP and display configure-user that are not in user view Display the valid configuration under current view display this [ by-linenum ] Display clipboard information display clipboard Display and save statistics of the running status of display diagnostic-information...

  • Page 92: Online Help With Command Lines

    Hierarchical command protection where you can only execute the commands at your own or lower levels. See Configuring Command Aliases for details. Easy access to on-line help by entering “?”. See Online Help with Command Lines for details. Abundant debugging information for fault diagnosis Saving and executing commands that have been executed Fuzzy match for convenience of input.

  • Page 93: Synchronous Information Output

    [Sysname] interface vlan-interface 1 ? <cr> [Sysname] interface vlan-interface 1 Where, <cr> indicates that there is no parameter at this position. The command is then repeated in the next command line and executed if you press Enter. Enter a character string followed by a ?. All the commands starting with this string are displayed. <Sysname>...

  • Page 94: Cli Display

    Table 11-4 Edit functions Function If the editing buffer is not full, insert the character at the position of the cursor Common keys and move the cursor to the right. Deletes the character to the left of the cursor and move the cursor back one Backspace character.
  • Page 95 Table 11-5 Special characters in a regular expression Character Meaning Remarks Starting sign. string appears only at For example, regular expression “^user” only ^string the beginning of a line. matches a string beginning with “user”, not “Auser”. Ending sign. string appears only at For example, regular expression "user$”...
  • Page 96 Character Meaning Remarks Matches a character string ending For example, “do\>” matches word “undo” and string string\> with string. “abcdo”. Matches character1character2. For example, “\ba” matches “-a” with “-“ being character1 can be any character \bcharacter2 character1, and “a” being character2, but it does not except number, letter or underline, match “2a”...

  • Page 97: Saving Commands In The History Buffer

    Action Function Ctrl+E Moves the cursor to the end of the current line. PageUp Displays information on the previous page. PageDown Displays information on the next page. Saving Commands in the History Buffer The CLI can automatically save the commands that have been used lately to the history buffer. You can know the operations that have been executed successfully, invoke and repeatedly execute them as needed.
  • Page 98 Table 11-7 Common command line errors Error information Cause The command was not found. The keyword was not found. % Unrecognized command found at '^' position. Parameter type error The parameter value is beyond the allowed range. % Incomplete command found at '^' position. Incomplete command % Ambiguous command found at '^' position.

  • Page 99: Http Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 100: Protocols And Standards

    To implement security management on the device, use the following methods to enhance the security of the device. Enable HTTP service only when necessary. Change the port number of the HTTP service as a port number not commonly used (for example 8080), thus reducing attacks from illegal users on the HTTP service.

  • Page 101: Displaying And Maintaining Http

    To do… Use the command… Remarks Enters system view system-view — Required Associate the HTTP service with ip http acl acl-number The HTTP service is not an ACL associated with an ACL by default. The HTTP service can be associated with a WLAN ACL (with the ACL numbers 100 to 199) and basic ACL (with the ACL numbers 2000 to 2999), and the two types of ACLs will not overwrite each other.
  • Page 102 Configuration procedure Configure the HTTP server Device. # Create basic ACL 2000, allowing packets with the source IP address in 10.1.1.0/24. <Device> system-view [Device] acl number 2000 [Device-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255 [Device-acl-basic-2000] quit # Associate the HTTP service to ACL 2000. [Device] ip http acl 2000 # Enable the HTTP service.

  • Page 103: Https Configuration

    HTTPS Configuration This chapter includes these sections: HTTPS Overview HTTPS Configuration Task List Associating the HTTPS Service with an SSL Server Policy Enabling the HTTPS Service Associating the HTTPS Service with a Certificate Attribute Access Control Policy Configuring the Port Number of the HTTPS Service Associating the HTTPS Service with an ACL Displaying and Maintaining HTTPS HTTPS Configuration Example...

  • Page 104: Associating The Https Service With An Ssl Server Policy

    Configuration task Remarks Configuring the Port Number of the HTTPS Service Optional Associating the HTTPS Service with an ACL Optional Associating the HTTPS Service with an SSL Server Policy Before enabling the HTTPS service, associate the HTTPS service with a created SSL server policy. Follow these steps to associate the HTTPS service with an SSL server policy: To do…...

  • Page 105: Associating The Https Service With A Certificate Attribute Access Control Policy

    After the HTTPS service is enabled, you can use the display ip https command to view the state of the HTTPS service and verify the configuration. Enabling of the HTTPS service will trigger an SSL handshake negotiation process. During the process, if the local certificate of the device already exists, the SSL negotiation is successfully performed, and the HTTPS service can be started normally.

  • Page 106: Associating The Https Service With An Acl

    To do… Use the command… Remarks Enter system view system-view — Optional Configure the port number of the ip https port port-number By default, the port number of the HTTPS service HTTPS service is 443. If you execute the ip https port command for multiple times, the last configured port number is used. Associating the HTTPS Service with an ACL Associating the HTTPS service with an ACL can filter out requests from some clients to let pass only clients that pass the ACL filtering.

  • Page 107: Https Configuration Example

    HTTPS Configuration Example Network requirements Users can access and control the device through logging in to the Web page. To prevent unauthorized users from accessing and controlling the device and enhance the device management security, the device requires the users log in to the Web page through HTTPS and authenticates the users using SSL, and ensures that the transmitted data will not be spoofed and tampered.
  • Page 108 [Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll [Device-pki-domain-1] certificate request from ra [Device-pki-domain-1] certificate request entity en [Device-pki-domain-1] quit # Generate a local RSA key pair. [Device] public-key local create rsa # Retrieve a CA certificate. [Device] pki retrieval-certificate ca domain 1 # Request a local certificate for Device.
  • Page 109 The URL of the HTTPS server starts with https://, and that of the HTTP server starts with http://. For more information about PKI commands, see PKI in the Security Command Reference. For more information about the public-key local create rsa command, see Public Key in the Security Command Reference.

  • Page 110: Logging In To An Ap

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 111: Users And User Interfaces

    One user interface corresponds to one user interface view, where you can configure a set of parameters, such as authentication mode at login and the user levels after login. When a user logs in through a user interface, the user’s access is restricted by these parameter settings. Thus, the centralized management of user sessions can be achieved.

  • Page 112: Logging In Through The Console Port

    To do… Use the command… Remarks Optional Enabled by default. When the display of copyright information is enabled, the Enable the display of copyright copyright information is displayed copyright-info enable information when you log in to your AP through telnet or SSH, or exit user view through the console port.
  • Page 113 If you use the Windows 2003 Server operating system on your PC, add a HyperTerminal, and then log in to and manage the AP as described in this document. If you use Windows 2008 Server, Windows 7, Windows Vista, or any other operating system on your PC, use the third party terminal software. For how to use the third party terminal software, see the user guide or online help of that software.
  • Page 114 Figure 14-4 Set port parameters terminal window Step3 Turn on the AP. You are prompted to press Enter if the AP successfully completes the power-on self test (POST). The prompt (such as <WA2610E-GNP>) appears after you press Enter, as shown in Figure 14-5.

  • Page 115: Configuring Common Settings For Console Login

    Figure 14-5 Configuration page Step4 You can then configure the AP or check the information about the AP by executing commands. You can also get help by typing ?. For information about the commands, see the following sections. Configuring Common Settings for Console Login Table 14-3 lists the common settings for console port login.
  • Page 116 To do… Use the command… Description Configure the type Optional of terminal display terminal type { ansi | By default, the terminal display type is under the current vt100 } ANSI. user interface. Configure the Optional command level available to the By default, commands of level 3 are user privilege level level users logging in to...

  • Page 117: Configuring None Authentication For Console Port Login

    Authentication Configuration Description mode Configure the authentication scheme For more information, see Configuring Configure to authenticate users locally or Scheme Scheme Authentication for Console Port remotely Login. Configure password authentication A change to the authentication mode of console port login does not take effect unless you exit and enter the CLI again.

  • Page 118: Configuring Password Authentication For Console Port Login

    Figure 14-6 Network diagram for console login configuration (with the authentication mode none) Configuration procedure # Enter system view. <Sysname> system-view # Enter console user interface view. [Sysname] user-interface console 0 # Specify the none authentication mode for user s t hat log in through the console port. [Sysname-ui-console0] authentication-mode none # Specify command level 2 for console users.
  • Page 119 Configuration example Network requirements Assume the AP supports Telnet, and the user level of telnet users is set to the manage level (level 3). Telnet to the AP, and configure parameters for console login as follows. Configure the password authentication mode for console login. Configure the local password as 123456 (in plain text).

  • Page 120: Configuring Scheme Authentication For Console Port Login

    To ensure successful login, change the settings of the terminal emulation program running on the PC, as shown in Figure 14-4, to make them consistent with those on the AP. Configuring Scheme Authentication for Console Port Login Configuration procedure Follow these steps to configure scheme authentication for console port login: To do…...
  • Page 121 For more information about AAA and RADIUS, see AAA in the Security Configuration Guide. Configuration example Network requirements Assume the AP supports Telnet, and the user level of telnet users is set to the manage level (level 3). Telnet to the AP, and configure parameters for console login as follows. Configure the name of the local user as guest.

  • Page 122: Logging In Through Telnet

    [Sysname-ui-console0] authentication-mode scheme # Set the baud rate of the console port to 19200 bps. [Sysname-ui-console0] speed 19200 # Set the maximum number of lines the screen can contain to 30. [Sysname-ui-console0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20. [Sysname-ui-console0] history-command max-size 20 # Set the timeout time of the console user interface to 6 minutes.
  • Page 123 Launch a terminal emulation utility (such as HyperTerminal in Windows XP/Windows 2000) and set Bits per second to 9600, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None. Turn on the AP. You are prompted to press Enter if the AP successfully completes the POST. A prompt appears after you press Enter, as shown in Figure 14-10.

  • Page 124: Configuring Common Settings For Telnet Login

    AP are in use, you fail to establish the connection and receive the message that says “All user interfaces are used, please try later!”. A WA series WLAN AP can accommodate up to 5 Telnet connections at same time.
  • Page 125 Table 14-6 Common Telnet settings To do… Use the command… Remarks Enter system view system-view — Optional telnet server enable Enable the Telnet Server By default, telnet server is enabled. user-interface vty Enter one or more VTY user interface first-number —...

  • Page 126: Telnet Login Configuration Task List

    Telnet Login Configuration Task List Telnet login configurations vary with different authentication modes. Table 14-7 Telnet login configuration tasks when different authentication modes are adopted Authentication Configuration Description mode For more information, see Configuring None None Configure none authentication Authentication for Telnet Login Enable password authentication For more information, see Configuring...

  • Page 127: Configuring Password Authentication For Telnet Login

    Figure 14-13 Network diagram for Telnet configuration (with the authentication mode none) Configuration procedure # Enter system view. <Sysname> system-view # Enter VTY 0 user interface view. [Sysname] user-interface vty 0 # Enable none authentication for Telnet users that log in to VTY 0. [Sysname-ui-vty0] authentication-mode none # Specify commands of level 2 are available to users that log in to VTY 0.
  • Page 128 By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. The network requirements are as follows: Authenticate users logging in to VTY 0 using a local password. Set the local password to 123456 (in plain text).

  • Page 129: Configuring Scheme Authentication For Telnet Login

    Configuring Scheme Authentication for Telnet Login Configuration procedure Follow these steps to perform Telnet configuration (with authentication mode scheme): To do… Use the command… Remarks Enter system view system-view — Enter one or more VTY user-interface vty — user interface views first-number [ last-number ] Required Enable scheme...
  • Page 130 Configuration example Network requirements You have logged in to the AP. By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. The network requirements are as follows: Configure the name of the local user as “guest”.

  • Page 131: Logging In Through Ssh

    [Sysname-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [Sysname-ui-vty0] idle-timeout 6 Configure the authentication scheme Configure the authentication server by referring to related parts in AAA in the Security Configuration Guide. The IPv6 Telnet command is telnet ipv6 { ipv6-address | hostname } [ -i interface-type interface-number ] [ port-number ].

  • Page 132: Logging In Through A Web-Based Network Management System

    Logging In Through a Web-Based Network Management System Introduction A WA series WLAN access point has a built-in Web server. You can log in to an AP through a Web browser and intuitively manage and maintain the AP by interacting with the built-in Web server.

  • Page 133: Displaying Web Users

    When you log in to an AP by using the scheme authentication mode, your access rights depend on your user level defined in the AAA scheme. When the local authentication mode is used, the user levels are specified using the authorization-attribute level level command.

  • Page 134: Logging In Through An Nms

    Step4 Log in to the AP through IE. Launch IE on the Web-based network management terminal (your PC) and enter the IP address of the management VLAN interface of the AP (here it is http://10.153.17.82). (Make sure the web-based network management terminal and the AP can reach each other.) Step5 When the login interface (shown in Figure 14-17) appears, enter the user name and the password...

  • Page 135: Connection Establishment Through An Nms

    Connection Establishment Through an NMS Figure 14-18 Network diagram for logging in through an NMS Switch Network 14-26...
  • Page 136 Index Associating the HTTP Service with an ACL Device Management Configuration Example 12-2 10-7 Associating the HTTPS Service with a Device Management Configuration Task List Certificate Attribute Access Control Policy 10-1 13-3 Device Management Overview 10-1 Associating the HTTPS Service with an ACL Displaying and Maintaining Device 13-4 Management Configuration...
  • Page 137 Logging In Through an NMS 14-25 Logging In Through SSH 14-22 Logging In Through Telnet 14-13 Logging In Through the Console Port 14-3 Logging In to an AP 14-1 Managing Files Rebooting a Device 10-2 Saving the Current Configuration Setting Configuration Rollback TFTP Client Configuration Example TFTP Overview Upgrading Device Software...

This manual is also suitable for:

Wa2200 seriesWa2600 seriesWa2210-agWa2220-agWa2210x-gWa2220x-ag ... Show all

Table of Contents