H3C WA Series Command Reference Manual Download Page 40

Page: 40 / 105

7-1

The models listed in this document are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model.

For more information, see

Feature Matrix

The interface types and the number of interfaces vary by AP model.

WLAN IDS Configuration Commands

WLAN Rouge AP Configuration Commands

attack-detection enable

Syntax

attack-detection enable

{

all

flood

weak-iv

spoof

}

undo attack-detection enable

View

WLAN IDS view

Default Level

2: System level

Parameters

all

: Enables detection of all kinds of attacks.

flood

: Enables detection of flood attacks.

spoof

: Enables detection of spoof attacks.

weak-iv

: Enables weak-IV detection.

Description

Use the

attack-detection enable

command to enable the WIDS-IPS detection of various DoS attacks.

Use the

undo attack-detection enable

command to restore the default.

By default, no WIDS-IPS detection is enabled.

Examples

# Enable spoof attack detection.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] attack-detection enable spoof

Summary of Contents for WA Series

Page 1: ...H3C WA Series WLAN Access Points WLAN Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 6W100 20100910...

Page 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Page 3: ...ion Description Boldface Bold text represents commands and keywords that you enter literally as shown italic Italic text represents arguments that you replace with actual values Square brackets enclos...

Page 4: ...gies Compliance and safety manual Provides regulatory information and the safety instructions that must be followed during installation Quick start Guides you through initial installation and setup pr...

Page 5: ...ocuments Provides hardware installation software upgrading getting started and software feature configuration and maintenance documentation Products Solutions Provides information about products and t...

Page 6: ...dio interface view 4 8 shutdown WLAN BSS interface view 4 8 5 WLAN Security Configuration Commands 5 1 authentication method 5 1 cipher suite 5 2 gtk rekey client offline enable 5 2 gtk rekey enable 5...

Page 7: ...8 WLAN QoS Configuration Commands 8 1 display wlan wmm 8 1 reset wlan wmm 8 6 wmm cac policy 8 7 wmm edca radio 8 8 wmm edca client ac vo and ac vi 8 9 wmm edca client ac be and ac bk 8 10 wmm enable...

Page 8: ...14 max rx duration 10 14 preamble 10 15 radio type 10 16 reset wlan client 10 16 reset wlan statistics 10 17 rts threshold 10 17 service template WLAN radio interface view 10 18 service template disa...

Page 9: ...ess points include the WA2200 series and WA2600 series Table 1 1 shows the applicable models and software versions Table 1 1 Applicable models and software versions Series Model Software version WA221...

Page 10: ...Not supported Supported 802 11n radio mode Not supported Supported 802 11n bandwidth mode Not supported Supported WLAN Configuration Guide 802 11n rate configuration Not supported Supported Optical E...

Page 11: ...that support the 802 11b g radio mode support this command Only APs that support the 802 11b g radio mode support this command radio type Keywords dot11an and dot11gn not supported Supported WLAN serv...

Page 12: ...hing Command Reference The maximum number of unknown unicast packets allowed on an Ethernet interface per second unicast suppression ratio pps max pps pps max pps ranges from 1 to 148810 pps max pps r...

Page 13: ...4 WLAN Interface Configuration Commands WLAN Interface Configuration Commands description Syntax description text undo description View WLAN BSS interface view WLAN Radio interface view WLAN mesh inte...

Page 14: ...Use the description command to set the description of the current interface Use the undo description command to restore the default By default the description of an interface is interface name interf...

Page 15: ...ose packets are sent by the interface with the VLAN tag removed Port priority Priority of the interface Maximum client number Maximum number of clients allowed to access the interface Clients 0 associ...

Page 16: ...erface PVID 1 Port link type access Tagged VLAN ID none Untagged VLAN ID 1 For more details about the fields in the above output see Table 4 1 display interface wlan radio Syntax display interface wla...

Page 17: ...channel If the channel is manually selected the field will be displayed in the format of channel configured channel Available channels depend on the country code and radio type power dBm 19 auto 4 Tra...

Page 18: ...ultiple transmit retries Statistics on packets sent at the physical layer z The total number of packets and the total number of bytes z The total number of unicast packets and the total number of unic...

Page 19: ...oes not exist the command creates the WLAN mesh interface first Use the undo interface wlan mesh command to delete the specified WLAN mesh interface Examples Create WLAN mesh interface 2 in system vie...

Page 20: ...1 0 1 Sysname system view Sysname interface wlan radio 1 0 1 Sysname WLAN Radio1 0 1 shutdown shutdown WLAN BSS interface view Syntax shutdown undo shutdown View WLAN BSS interface view Default Level...

Page 21: ...4 9 Sysname system view Sysname interface wlan bss 1 Sysname WLAN BSS1 shutdown...

Page 22: ...level Parameters open system Enables open system authentication shared key Enables shared key authentication Description Use the authentication method command to select 802 11 authentication method t...

Page 23: ...les the TKIP cipher suite TKIP is an encryption method based on RC4 and dynamic key management wep40 Enables the WEP 40 cipher suite WEP is an encryption method based on RC4 and shared key management...

Page 24: ...some client is off line Examples Enable GTK refreshing when some client is off line Sysname system view Sysname wlan service template 1 crypto Sysname wlan st 1 gtk rekey client offline enable gtk rek...

Page 25: ...nd to set the refreshing method to the default value By default the GTK refreshing method is time based and the interval is 86400 seconds z If option time based is selected then the GTK will be refres...

Page 26: ...me 86400 security ie Syntax security ie rsn wpa undo security ie rsn wpa View WLAN service template view crypto type Default Level 2 System level Parameters rsn Enables the RSN Information element in...

Page 27: ...ange the TKIP counter measure time to the default value By default the TKIP counter measure time is 0 seconds that is no counter measures are taken After countermeasures are enabled if more than two M...

Page 28: ...length of the raw key is fixed cipher key Sets the wep key in cipher text and the key is displayed in cipher text The key argument is a case sensitive string of 24 to 88 characters simple key Sets th...

Page 29: ...orresponding to the specified key index will be used for encrypting and decrypting the broadcast and multicast frames Examples Set the key index to 2 Sysname system view Sysname wlan service template...

Page 30: ...to encrypt unicast frames is negotiated between client and server If the WEP default key is configured the WEP default key is used to encrypt multicast frames If not the device randomly generates a m...

Page 31: ...utochannel set View WLAN RRM view Default Level 2 System level Parameters None Description Use the autochannel set avoid dot11h command to set the channel set to non 802 11h channels which means only...

Page 32: ...48 54 Disabled NA 11g Protection Enabled 11h Configuration Spectrum Management Disabled Power Constraint dBm 0 Channel Set Non dot11h Table 6 1 display wlan rrm command output description Field Descri...

Page 33: ...te Specifies a disabled rate mandatory rate Specifies a mandatory rate supported rate Specifies a supported rate rate value Specifies a radio rate from the following rates z 6 Mbps z 9 Mbps z 12 Mbps...

Page 34: ...ates as follows z 1 Mbps z 2 Mbps z 5 5 Mbps z 11 Mbps Description Use the dot11b command to configure the rates for radio mode 802 11b Use the undo dot11b command to restore the default By default z...

Page 35: ...Description Use the dot11g command to configure the rates for radio mode 802 11g Use the undo dot11g command to restore the default By default z Mandatory rates 1 2 5 5 11 z Supported rates 6 9 12 18...

Page 36: ...the maximum MCS index for 802 11n mandatory rates which ranges from 0 to 76 Support for the command depends on the device model Description Use the dot11n mandatory maximum mcs command to specify the...

Page 37: ...dex for 802 11n supported rates is 76 If you configure the maximum MCS and enable the client dot11n only command non 802 11n clients cannot associate with the AP If you configure the client dot11n onl...

Page 38: ...nable View WLAN RRM view Default Level 2 System level Parameters None Description Use the spectrum management enable command to enable spectrum management for 11a radio When spectrum management is ena...

Page 39: ...ult Level 2 System level Parameters None Description Use the wlan rrm command to enter RRM view This view is useful for managing resources of Radio Examples Enter RRM view Sysname system view Sysname...

Page 40: ...yntax attack detection enable all flood weak iv spoof undo attack detection enable View WLAN IDS view Default Level 2 System level Parameters all Enables detection of all kinds of attacks flood Enable...

Page 41: ...ation Frame sdf Spoofed Deauthentication Frame wiv Weak IV Detected AT Attack Type Ch Channel Number AR Average RSSI WIDS History Table MAC Address AT Ch AR Detected Time AP 0027 E699 CA71 asr 8 44 20...

Page 42: ...equest Frame Flood Attack 0 0 Deauthentication Frame Flood Attack 0 0 Association Request Frame Flood Attack 1 1 Disassociation Request Frame Flood Attack 4 8 Reassociation Request Frame Flood Attack...

Page 43: ...on request frame flood attacks detected Reassociation Request Frame Flood Attack Number of reassociation request frame flood attacks detected Action Frame Flood Attack Number of action frame flood att...

Page 44: ...and the history table will be empty Examples Clear all history information of attacks Sysname reset wlan ids history reset wlan ids statistics Syntax reset wlan ids statistics View User view Default L...

Page 45: ...he information of static blacklist Sysname display wlan blacklist static Total Number of Entries 3 Static Blacklist MAC Address 0014 6c8a 43ff 0016 6F9D 61F3 0019 5B79 F04A Table 7 3 display wlan blac...

Page 46: ...list display wlan whitelist Syntax display wlan whitelist View Any view Default Level 2 System level Parameters None Description Use the display wlan whitelist command to displays the configured white...

Page 47: ...e wlan ids Sysname wlan ids dynamic blacklist enable dynamic blacklist lifetime Syntax dynamic blacklist lifetime lifetime undo dynamic blacklist lifetime View WLAN IDS view Default Level 2 System lev...

Page 48: ...c blacklist The maximum number of entries in the list is 128 Examples Remove a client with mac address aabb cccc dddd from the dynamic blacklist Sysname reset wlan dynamic blacklist mac address aabb c...

Page 49: ...C address of the client which should be added or deleted from the whitelist all Specifies to delete all the entries from whitelist Description Use the whitelist mac address command to add a client wit...

Page 50: ...radio Displays the Wi Fi Multimedia WMM information of a specified or all radios wlan radio radio number Displays the information of the clients attached to the specified WLAN Radio interface client...

Page 51: ...CAC Unauthed Frame Policy Downgrade CAC Medium Time Limitation us 100000 CAC AC VO s Max Delay us 50000 CAC AC VI s Max Delay us 300000 SVP packet mapped AC number Disabled Radio s WMM Parameters AC B...

Page 52: ...PLimit 0 0 94 47 CAC Disable Disable Disable Disable Table 8 1 display wlan wmm radio command output description Field Description Radio interface WLAN Radio interface Client EDCA update count The num...

Page 53: ...m medium time allowed by the CAC policy in microseconds CAC AC VO s Max Delay us Maximum voice traffic delay allowed by the CAC policy in microseconds CAC AC VI s Max Delay us Maximum video traffic de...

Page 54: ...not enabled Max SP length Maximum service period AC Access category State APSD attribute of an AC which can be T D or L T indicates that the AC is trigger enabled D indicates that the AC is delivery...

Page 55: ...ber client all interface wlan radio radio number mac address mac address View User view Default Level 2 System level Parameters radio Clears the WMM statistics information of radios interface wlan rad...

Page 56: ...ic and AC VI traffic to the valid time during the unit time This argument is in the range of 0 to 100 It is 65 by default The valid time refers to the time available for transmitting and receiving dat...

Page 57: ...cies Normal ACK and No ACK txoplimit value TXOPLimit parameter of EDCA which ranges from 0 to 65535 in units of 32 microseconds The TXOP value of 0 indicates that only one MPDU can be transmitted ecwm...

Page 58: ...dio interface view Default Level 2 System level Parameters ac vo Specifies AC VO voice traffic ac vi Specifies AC VI video traffic all Specifies all the EDCA parameters cac Enables CAC on the client A...

Page 59: ...ority For example if you use the wmm edca client command to enable CAC for AC VI CAC is also enabled for AC VO However enabling CAC for AC VO does not enable CAC for AC VI Examples Set AIFSN to 3 for...

Page 60: ...lt EDCA parameter settings for clients AC AIFSN ECWmin ECWmax TXOP Limit AC BK 7 4 10 0 AC BE 3 4 10 0 z For description on each EDCA parameter see WLAN QoS in the WLAN Configuration Guide z ECWmin mu...

Page 61: ...MM function Sysname system view Sysname interface wlan radio 1 0 1 Sysname WLAN Radio1 0 1 undo wmm enable wmm svp map ac Syntax wmm svp map ac ac vo ac vi ac be ac bk undo wmm svp map ac View WLAN ra...

Page 62: ...3 It is recommended that you map SVP packets to AC VO in normal cases Examples Map SVP packets to AC VO Sysname system view Sysname interface wlan radio 1 0 1 Sysname WLAN Radio1 0 1 wmm svp map ac ac...

Page 63: ...lt Level 2 System level Parameters interface index Index of the WLAN mesh interface which ranges from 1 to 32 Description Use the bind wlan mesh command to bind the specified mesh interface to the mes...

Page 64: ...ay wlan mesh link all Peer Link Information Nbr Mac BSSID Interface Link state Uptime hh mm ss 000f e274 3840 000f e276 3240 WLAN MESHLINK621 Active 0 5 16 000f e274 3841 000f e276 3240 WLAN MESHLINK6...

Page 65: ...escription Field Description Mesh Profile Number Mesh profile number Mesh ID Mesh ID of the mesh profile Binding Interface Mesh interface bound to the mesh profile MKD Service Whether the mesh profile...

Page 66: ...enticator Role Enable Max Links 5 Probe Request Interval ms 1000 Default Link Hold RSSI 15 Default Link saturation RSSI 150 Default Link rate mode fixed Default Table 9 3 display wlan mp policy comman...

Page 67: ...n mp policy sys_mp Sysname wlan mp policy sys_mp link hold rssi 10 link initiation enable Syntax link initiation enable undo link initiation enable View MP policy view Default Level 2 System level Par...

Page 68: ...nterval to 60 seconds Sysname system view Sysname wlan mesh profile 1 Sysname wlan mshp 1 link keep alive 60 link maximum number Syntax link maximum number max link number undo link maximum number Vie...

Page 69: ...e cost of a WDS link is calculated with the fixed method Examples Calculate the cost of a WDS link according to the real time RSSI Sysname system view Sysname wlan mp policy sys_mp Sysname wlan mp pol...

Page 70: ...ription Use the mesh id command to configure the mesh ID for the current mesh profile Use the undo mesh id command to remove the mesh ID By default no mesh ID is set for the mesh profile Same mesh ID...

Page 71: ...Syntax mesh profile enable undo mesh profile enable View Mesh profile view Default Level 2 System level Parameters None Description Use the mesh profile enable command to enable the mesh profile Use t...

Page 72: ...e dot11b Sysname WLAN Radio1 0 2 mesh peer mac address 01aa 0eaa aa00 mp policy Syntax mp policy policy name undo mp policy View WLAN radio interface view Default Level 2 System level Parameters polic...

Page 73: ...undo probe request interval command to restore the system default By default the probe request interval is 1000 ms Examples Set the probe request interval to 500 ms for MP policy sys_mp Sysname system...

Page 74: ...lete the specified MP policy By default the radio adopts the default MP policy default_mp_plcy z MP policy name should be unique to create a new one z MP policy cannot be created with name a al all an...

Page 75: ...terface z If only mesh link radios are configured as uplinks and all the links are down WLAN services on other radios will be stopped z If no uplinks are configured WLAN service will be provided z A m...

Page 76: ...terface view Default Level 2 System level Parameters None Description Use the a mpdu enable command to enable the A MPDU function for the radio Use the undo a mpdu enable command to disable the A MPDU...

Page 77: ...ype of an 802 11n radio the default setting for this function of the new radio type will be restored Currently the AP can only receive A MSDU frames Examples Disable the A MSDU function for radio 1 0...

Page 78: ...View WLAN radio interface view Default Level 2 System level Parameters interval Specifies the interval between sending beacon frames The value ranges from 32 to 8191 Time Units TUs One TU equals 1024...

Page 79: ...band width 20 40 undo channel band width View WLAN radio interface view Default Level 2 System level Parameters 20 Specifies the 802 11n channel bandwidth as 20 MHz 40 Specifies the 802 11n channel ba...

Page 80: ...802 11n clients to access and an 802 11g n radio permits both 802 11b g and 802 11n clients to access An 802 11n radio supports both 2 4 GHz and 5 GHz bands and thus can allow 802 11a b g stations to...

Page 81: ...lan client interface wlan radio radio number mac address mac address service template service template number verbose View Any view Default Level 1 Monitor level Parameters wlan radio radio number Dis...

Page 82: ...ted WMM information negotiation is carried out between an AP and a client that both support WMM Display the detail information of all the clients Sysname display wlan client verbose Total Number of Cl...

Page 83: ...information negotiation is carried out between an AP and a client that both support WMM Listen Interval Beacon Interval Specifies how often the client wakes up to listen to beacon frames and is expre...

Page 84: ...l 1 Monitor level Parameters service template number Specifies service template number The value ranges from 1 to 1024 Description Use the display wlan service template command to view the specified s...

Page 85: ...ex The index of the default WEP key for encrypting and decrypting the broadcast and multicast frames WEP Key Mode WEP key mode z HEX Hexadecimal format WEP key z ASCII The WEP key is in the format of...

Page 86: ...es Bytes 9 1230 Video Frames Bytes 0 0 Voice Frames Bytes 2 76 Received Frames Back Ground Frames Bytes 0 0 Best Effort Frames Bytes 18 2437 Video Frames Bytes 0 0 Voice Frames Bytes 7 468 Discarded F...

Page 87: ...therwise statistics of received packets cannot be collected dtim Syntax dtim counter undo dtim View WLAN radio interface view Default Level 2 System level Parameters counter Number of beacons between...

Page 88: ...packet size exceeds the specified fragment threshold value the packets are fragmented Examples Specify the maximum frame length as 2048 bytes Sysname system view Sysname interface wlan radio 1 0 1 Sys...

Page 89: ...configure the maximum transmission power on the radio Use the undo max power command to restore the default By default the maximum radio power varies with country codes channels AP models radio types...

Page 90: ...1 max rx duration 5000 preamble Syntax preamble long short View WLAN radio interface view Default Level 2 System level Parameters long Specifies to transmit only frames with long preamble short Specif...

Page 91: ...ommand to specify the radio type to be used by a radio Support for this command depends on the device model The default value of the radio type depends on the device model You can customize the defaul...

Page 92: ...reset wlan statistics command to reset the statistics of specified client or all clients Examples Reset the corresponding radio statistics of all clients Sysname reset wlan statistics client all rts t...

Page 93: ...LAN radio interface view Default Level 2 System level Parameters service template number Service template number which ranges from 1 to 1024 wlan bss number WLAN BSS interface number which ranges from...

Page 94: ...2 System level Parameters None Description Use the short gi enable command to enable the short GI function Use the undo short gi enable command to disable the short GI function By default the short GI...

Page 95: ...mand to specify the maximum number of attempts to transmit a frame less than RTS threshold Use the undo short retry threshold command to restore the default By default the short retry threshold is 7 E...

Page 96: ...s underlines and spaces Description Use the ssid command to set the SSID for the current service template Use the undo ssid command to remove the SSID By default the SSID of service template 1 is set...

Page 97: ...t View System view Default Level 2 System level Parameters interval Specifies the time for which the link between AP and client power save or awake can be idle The value ranges from 60 to 86400 second...

Page 98: ...r failure or crash and disconnect them from AP Examples Specify keep alive time as 60 seconds Sysname system view Sysname wlan client keep alive 60 wlan country code Syntax wlan country code code undo...

Page 99: ...Norway NO Cyprus CY New Zealand NZ Czech Republic CZ Oman OM Germany DE Panama PA Denmark DK Peru PE Dominica DO Poland PL Algeria DZ Philippines PH Ecuador EC Pakistan PK Estonia EE Puerto Rico PR E...

Page 100: ...ZW Description Use the wlan country code command to specify the country code Use the undo wlan country code command to restore the default By default the country code value is CN z The country code d...

Page 101: ...e configuration view If the input service template exists then you can directly enter the configuration view Use the undo wlan service template command to delete the service template and clear related...

Page 102: ...lt no uplink interface is configured If the status of all configured uplink interfaces is down WLAN service will not be provided If at least one of them is up WLAN service will be provided Any physica...

Page 103: ...Description Use the l2fw wlan client isolation enable command to enable wireless user Layer 2 isolation Use the undo l2fw wlan client isolation enable command to disable wireless user Layer 2 isolatio...

Page 104: ...link 9 1 display wlan mesh profile 9 2 display wlan mp policy 9 3 display wlan rrm 6 1 display wlan service template 10 9 display wlan statistics10 10 display wlan whitelist 7 7 display wlan wmm 8 1...

Page 105: ...ew 10 18 short gi enable 10 19 short retry threshold 10 20 shutdown WLAN BSS interface view 4 8 shutdown WLAN Radio interface view 4 8 shutdown 10 20 spectrum management enable 6 8 ssid 10 21 static b...

Search results

Summary of Contents for WA Series

Reviews:

Related manuals for WA Series

Brands by name

Popular brands

H3C WA Series, Command Reference Manual

Search results

Summary of Contents for WA Series

Reviews:

Related manuals for WA Series

Brands by name

Popular brands