H3C WA Series Скачать руководство пользователя страница 40

Страница: 40 / 105

7-1

The models listed in this document are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model.

For more information, see

Feature Matrix

The interface types and the number of interfaces vary by AP model.

WLAN IDS Configuration Commands

WLAN Rouge AP Configuration Commands

attack-detection enable

Syntax

attack-detection enable

{

all

flood

weak-iv

spoof

}

undo attack-detection enable

View

WLAN IDS view

Default Level

2: System level

Parameters

all

: Enables detection of all kinds of attacks.

flood

: Enables detection of flood attacks.

spoof

: Enables detection of spoof attacks.

weak-iv

: Enables weak-IV detection.

Description

Use the

attack-detection enable

command to enable the WIDS-IPS detection of various DoS attacks.

Use the

undo attack-detection enable

command to restore the default.

By default, no WIDS-IPS detection is enabled.

Examples

# Enable spoof attack detection.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] attack-detection enable spoof

Содержание WA Series

Страница 1: ...H3C WA Series WLAN Access Points WLAN Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 6W100 20100910...

Страница 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Страница 3: ...ion Description Boldface Bold text represents commands and keywords that you enter literally as shown italic Italic text represents arguments that you replace with actual values Square brackets enclos...

Страница 4: ...gies Compliance and safety manual Provides regulatory information and the safety instructions that must be followed during installation Quick start Guides you through initial installation and setup pr...

Страница 5: ...ocuments Provides hardware installation software upgrading getting started and software feature configuration and maintenance documentation Products Solutions Provides information about products and t...

Страница 6: ...dio interface view 4 8 shutdown WLAN BSS interface view 4 8 5 WLAN Security Configuration Commands 5 1 authentication method 5 1 cipher suite 5 2 gtk rekey client offline enable 5 2 gtk rekey enable 5...

Страница 7: ...8 WLAN QoS Configuration Commands 8 1 display wlan wmm 8 1 reset wlan wmm 8 6 wmm cac policy 8 7 wmm edca radio 8 8 wmm edca client ac vo and ac vi 8 9 wmm edca client ac be and ac bk 8 10 wmm enable...

Страница 8: ...14 max rx duration 10 14 preamble 10 15 radio type 10 16 reset wlan client 10 16 reset wlan statistics 10 17 rts threshold 10 17 service template WLAN radio interface view 10 18 service template disa...

Страница 9: ...ess points include the WA2200 series and WA2600 series Table 1 1 shows the applicable models and software versions Table 1 1 Applicable models and software versions Series Model Software version WA221...

Страница 10: ...Not supported Supported 802 11n radio mode Not supported Supported 802 11n bandwidth mode Not supported Supported WLAN Configuration Guide 802 11n rate configuration Not supported Supported Optical E...

Страница 11: ...that support the 802 11b g radio mode support this command Only APs that support the 802 11b g radio mode support this command radio type Keywords dot11an and dot11gn not supported Supported WLAN serv...

Страница 12: ...hing Command Reference The maximum number of unknown unicast packets allowed on an Ethernet interface per second unicast suppression ratio pps max pps pps max pps ranges from 1 to 148810 pps max pps r...

Страница 13: ...4 WLAN Interface Configuration Commands WLAN Interface Configuration Commands description Syntax description text undo description View WLAN BSS interface view WLAN Radio interface view WLAN mesh inte...

Страница 14: ...Use the description command to set the description of the current interface Use the undo description command to restore the default By default the description of an interface is interface name interf...

Страница 15: ...ose packets are sent by the interface with the VLAN tag removed Port priority Priority of the interface Maximum client number Maximum number of clients allowed to access the interface Clients 0 associ...

Страница 16: ...erface PVID 1 Port link type access Tagged VLAN ID none Untagged VLAN ID 1 For more details about the fields in the above output see Table 4 1 display interface wlan radio Syntax display interface wla...

Страница 17: ...channel If the channel is manually selected the field will be displayed in the format of channel configured channel Available channels depend on the country code and radio type power dBm 19 auto 4 Tra...

Страница 18: ...ultiple transmit retries Statistics on packets sent at the physical layer z The total number of packets and the total number of bytes z The total number of unicast packets and the total number of unic...

Страница 19: ...oes not exist the command creates the WLAN mesh interface first Use the undo interface wlan mesh command to delete the specified WLAN mesh interface Examples Create WLAN mesh interface 2 in system vie...

Страница 20: ...1 0 1 Sysname system view Sysname interface wlan radio 1 0 1 Sysname WLAN Radio1 0 1 shutdown shutdown WLAN BSS interface view Syntax shutdown undo shutdown View WLAN BSS interface view Default Level...

Страница 21: ...4 9 Sysname system view Sysname interface wlan bss 1 Sysname WLAN BSS1 shutdown...

Страница 22: ...level Parameters open system Enables open system authentication shared key Enables shared key authentication Description Use the authentication method command to select 802 11 authentication method t...

Страница 23: ...les the TKIP cipher suite TKIP is an encryption method based on RC4 and dynamic key management wep40 Enables the WEP 40 cipher suite WEP is an encryption method based on RC4 and shared key management...

Страница 24: ...some client is off line Examples Enable GTK refreshing when some client is off line Sysname system view Sysname wlan service template 1 crypto Sysname wlan st 1 gtk rekey client offline enable gtk rek...

Страница 25: ...nd to set the refreshing method to the default value By default the GTK refreshing method is time based and the interval is 86400 seconds z If option time based is selected then the GTK will be refres...

Страница 26: ...me 86400 security ie Syntax security ie rsn wpa undo security ie rsn wpa View WLAN service template view crypto type Default Level 2 System level Parameters rsn Enables the RSN Information element in...

Страница 27: ...ange the TKIP counter measure time to the default value By default the TKIP counter measure time is 0 seconds that is no counter measures are taken After countermeasures are enabled if more than two M...

Страница 28: ...length of the raw key is fixed cipher key Sets the wep key in cipher text and the key is displayed in cipher text The key argument is a case sensitive string of 24 to 88 characters simple key Sets th...

Страница 29: ...orresponding to the specified key index will be used for encrypting and decrypting the broadcast and multicast frames Examples Set the key index to 2 Sysname system view Sysname wlan service template...

Страница 30: ...to encrypt unicast frames is negotiated between client and server If the WEP default key is configured the WEP default key is used to encrypt multicast frames If not the device randomly generates a m...

Страница 31: ...utochannel set View WLAN RRM view Default Level 2 System level Parameters None Description Use the autochannel set avoid dot11h command to set the channel set to non 802 11h channels which means only...

Страница 32: ...48 54 Disabled NA 11g Protection Enabled 11h Configuration Spectrum Management Disabled Power Constraint dBm 0 Channel Set Non dot11h Table 6 1 display wlan rrm command output description Field Descri...

Страница 33: ...te Specifies a disabled rate mandatory rate Specifies a mandatory rate supported rate Specifies a supported rate rate value Specifies a radio rate from the following rates z 6 Mbps z 9 Mbps z 12 Mbps...

Страница 34: ...ates as follows z 1 Mbps z 2 Mbps z 5 5 Mbps z 11 Mbps Description Use the dot11b command to configure the rates for radio mode 802 11b Use the undo dot11b command to restore the default By default z...

Страница 35: ...Description Use the dot11g command to configure the rates for radio mode 802 11g Use the undo dot11g command to restore the default By default z Mandatory rates 1 2 5 5 11 z Supported rates 6 9 12 18...

Страница 36: ...the maximum MCS index for 802 11n mandatory rates which ranges from 0 to 76 Support for the command depends on the device model Description Use the dot11n mandatory maximum mcs command to specify the...

Страница 37: ...dex for 802 11n supported rates is 76 If you configure the maximum MCS and enable the client dot11n only command non 802 11n clients cannot associate with the AP If you configure the client dot11n onl...

Страница 38: ...nable View WLAN RRM view Default Level 2 System level Parameters None Description Use the spectrum management enable command to enable spectrum management for 11a radio When spectrum management is ena...

Страница 39: ...ult Level 2 System level Parameters None Description Use the wlan rrm command to enter RRM view This view is useful for managing resources of Radio Examples Enter RRM view Sysname system view Sysname...

Страница 40: ...yntax attack detection enable all flood weak iv spoof undo attack detection enable View WLAN IDS view Default Level 2 System level Parameters all Enables detection of all kinds of attacks flood Enable...

Страница 41: ...ation Frame sdf Spoofed Deauthentication Frame wiv Weak IV Detected AT Attack Type Ch Channel Number AR Average RSSI WIDS History Table MAC Address AT Ch AR Detected Time AP 0027 E699 CA71 asr 8 44 20...

Страница 42: ...equest Frame Flood Attack 0 0 Deauthentication Frame Flood Attack 0 0 Association Request Frame Flood Attack 1 1 Disassociation Request Frame Flood Attack 4 8 Reassociation Request Frame Flood Attack...

Страница 43: ...on request frame flood attacks detected Reassociation Request Frame Flood Attack Number of reassociation request frame flood attacks detected Action Frame Flood Attack Number of action frame flood att...

Страница 44: ...and the history table will be empty Examples Clear all history information of attacks Sysname reset wlan ids history reset wlan ids statistics Syntax reset wlan ids statistics View User view Default L...

Страница 45: ...he information of static blacklist Sysname display wlan blacklist static Total Number of Entries 3 Static Blacklist MAC Address 0014 6c8a 43ff 0016 6F9D 61F3 0019 5B79 F04A Table 7 3 display wlan blac...

Страница 46: ...list display wlan whitelist Syntax display wlan whitelist View Any view Default Level 2 System level Parameters None Description Use the display wlan whitelist command to displays the configured white...

Страница 47: ...e wlan ids Sysname wlan ids dynamic blacklist enable dynamic blacklist lifetime Syntax dynamic blacklist lifetime lifetime undo dynamic blacklist lifetime View WLAN IDS view Default Level 2 System lev...

Страница 48: ...c blacklist The maximum number of entries in the list is 128 Examples Remove a client with mac address aabb cccc dddd from the dynamic blacklist Sysname reset wlan dynamic blacklist mac address aabb c...

Страница 49: ...C address of the client which should be added or deleted from the whitelist all Specifies to delete all the entries from whitelist Description Use the whitelist mac address command to add a client wit...

Страница 50: ...radio Displays the Wi Fi Multimedia WMM information of a specified or all radios wlan radio radio number Displays the information of the clients attached to the specified WLAN Radio interface client...

Страница 51: ...CAC Unauthed Frame Policy Downgrade CAC Medium Time Limitation us 100000 CAC AC VO s Max Delay us 50000 CAC AC VI s Max Delay us 300000 SVP packet mapped AC number Disabled Radio s WMM Parameters AC B...

Страница 52: ...PLimit 0 0 94 47 CAC Disable Disable Disable Disable Table 8 1 display wlan wmm radio command output description Field Description Radio interface WLAN Radio interface Client EDCA update count The num...

Страница 53: ...m medium time allowed by the CAC policy in microseconds CAC AC VO s Max Delay us Maximum voice traffic delay allowed by the CAC policy in microseconds CAC AC VI s Max Delay us Maximum video traffic de...

Страница 54: ...not enabled Max SP length Maximum service period AC Access category State APSD attribute of an AC which can be T D or L T indicates that the AC is trigger enabled D indicates that the AC is delivery...

Страница 55: ...ber client all interface wlan radio radio number mac address mac address View User view Default Level 2 System level Parameters radio Clears the WMM statistics information of radios interface wlan rad...

Страница 56: ...ic and AC VI traffic to the valid time during the unit time This argument is in the range of 0 to 100 It is 65 by default The valid time refers to the time available for transmitting and receiving dat...

Страница 57: ...cies Normal ACK and No ACK txoplimit value TXOPLimit parameter of EDCA which ranges from 0 to 65535 in units of 32 microseconds The TXOP value of 0 indicates that only one MPDU can be transmitted ecwm...

Страница 58: ...dio interface view Default Level 2 System level Parameters ac vo Specifies AC VO voice traffic ac vi Specifies AC VI video traffic all Specifies all the EDCA parameters cac Enables CAC on the client A...

Страница 59: ...ority For example if you use the wmm edca client command to enable CAC for AC VI CAC is also enabled for AC VO However enabling CAC for AC VO does not enable CAC for AC VI Examples Set AIFSN to 3 for...

Страница 60: ...lt EDCA parameter settings for clients AC AIFSN ECWmin ECWmax TXOP Limit AC BK 7 4 10 0 AC BE 3 4 10 0 z For description on each EDCA parameter see WLAN QoS in the WLAN Configuration Guide z ECWmin mu...

Страница 61: ...MM function Sysname system view Sysname interface wlan radio 1 0 1 Sysname WLAN Radio1 0 1 undo wmm enable wmm svp map ac Syntax wmm svp map ac ac vo ac vi ac be ac bk undo wmm svp map ac View WLAN ra...

Страница 62: ...3 It is recommended that you map SVP packets to AC VO in normal cases Examples Map SVP packets to AC VO Sysname system view Sysname interface wlan radio 1 0 1 Sysname WLAN Radio1 0 1 wmm svp map ac ac...

Страница 63: ...lt Level 2 System level Parameters interface index Index of the WLAN mesh interface which ranges from 1 to 32 Description Use the bind wlan mesh command to bind the specified mesh interface to the mes...

Страница 64: ...ay wlan mesh link all Peer Link Information Nbr Mac BSSID Interface Link state Uptime hh mm ss 000f e274 3840 000f e276 3240 WLAN MESHLINK621 Active 0 5 16 000f e274 3841 000f e276 3240 WLAN MESHLINK6...

Страница 65: ...escription Field Description Mesh Profile Number Mesh profile number Mesh ID Mesh ID of the mesh profile Binding Interface Mesh interface bound to the mesh profile MKD Service Whether the mesh profile...

Страница 66: ...enticator Role Enable Max Links 5 Probe Request Interval ms 1000 Default Link Hold RSSI 15 Default Link saturation RSSI 150 Default Link rate mode fixed Default Table 9 3 display wlan mp policy comman...

Страница 67: ...n mp policy sys_mp Sysname wlan mp policy sys_mp link hold rssi 10 link initiation enable Syntax link initiation enable undo link initiation enable View MP policy view Default Level 2 System level Par...

Страница 68: ...nterval to 60 seconds Sysname system view Sysname wlan mesh profile 1 Sysname wlan mshp 1 link keep alive 60 link maximum number Syntax link maximum number max link number undo link maximum number Vie...

Страница 69: ...e cost of a WDS link is calculated with the fixed method Examples Calculate the cost of a WDS link according to the real time RSSI Sysname system view Sysname wlan mp policy sys_mp Sysname wlan mp pol...

Страница 70: ...ription Use the mesh id command to configure the mesh ID for the current mesh profile Use the undo mesh id command to remove the mesh ID By default no mesh ID is set for the mesh profile Same mesh ID...

Страница 71: ...Syntax mesh profile enable undo mesh profile enable View Mesh profile view Default Level 2 System level Parameters None Description Use the mesh profile enable command to enable the mesh profile Use t...

Страница 72: ...e dot11b Sysname WLAN Radio1 0 2 mesh peer mac address 01aa 0eaa aa00 mp policy Syntax mp policy policy name undo mp policy View WLAN radio interface view Default Level 2 System level Parameters polic...

Страница 73: ...undo probe request interval command to restore the system default By default the probe request interval is 1000 ms Examples Set the probe request interval to 500 ms for MP policy sys_mp Sysname system...

Страница 74: ...lete the specified MP policy By default the radio adopts the default MP policy default_mp_plcy z MP policy name should be unique to create a new one z MP policy cannot be created with name a al all an...

Страница 75: ...terface z If only mesh link radios are configured as uplinks and all the links are down WLAN services on other radios will be stopped z If no uplinks are configured WLAN service will be provided z A m...

Страница 76: ...terface view Default Level 2 System level Parameters None Description Use the a mpdu enable command to enable the A MPDU function for the radio Use the undo a mpdu enable command to disable the A MPDU...

Страница 77: ...ype of an 802 11n radio the default setting for this function of the new radio type will be restored Currently the AP can only receive A MSDU frames Examples Disable the A MSDU function for radio 1 0...

Страница 78: ...View WLAN radio interface view Default Level 2 System level Parameters interval Specifies the interval between sending beacon frames The value ranges from 32 to 8191 Time Units TUs One TU equals 1024...

Страница 79: ...band width 20 40 undo channel band width View WLAN radio interface view Default Level 2 System level Parameters 20 Specifies the 802 11n channel bandwidth as 20 MHz 40 Specifies the 802 11n channel ba...

Страница 80: ...802 11n clients to access and an 802 11g n radio permits both 802 11b g and 802 11n clients to access An 802 11n radio supports both 2 4 GHz and 5 GHz bands and thus can allow 802 11a b g stations to...

Страница 81: ...lan client interface wlan radio radio number mac address mac address service template service template number verbose View Any view Default Level 1 Monitor level Parameters wlan radio radio number Dis...

Страница 82: ...ted WMM information negotiation is carried out between an AP and a client that both support WMM Display the detail information of all the clients Sysname display wlan client verbose Total Number of Cl...

Страница 83: ...information negotiation is carried out between an AP and a client that both support WMM Listen Interval Beacon Interval Specifies how often the client wakes up to listen to beacon frames and is expre...

Страница 84: ...l 1 Monitor level Parameters service template number Specifies service template number The value ranges from 1 to 1024 Description Use the display wlan service template command to view the specified s...

Страница 85: ...ex The index of the default WEP key for encrypting and decrypting the broadcast and multicast frames WEP Key Mode WEP key mode z HEX Hexadecimal format WEP key z ASCII The WEP key is in the format of...

Страница 86: ...es Bytes 9 1230 Video Frames Bytes 0 0 Voice Frames Bytes 2 76 Received Frames Back Ground Frames Bytes 0 0 Best Effort Frames Bytes 18 2437 Video Frames Bytes 0 0 Voice Frames Bytes 7 468 Discarded F...

Страница 87: ...therwise statistics of received packets cannot be collected dtim Syntax dtim counter undo dtim View WLAN radio interface view Default Level 2 System level Parameters counter Number of beacons between...

Страница 88: ...packet size exceeds the specified fragment threshold value the packets are fragmented Examples Specify the maximum frame length as 2048 bytes Sysname system view Sysname interface wlan radio 1 0 1 Sys...

Страница 89: ...configure the maximum transmission power on the radio Use the undo max power command to restore the default By default the maximum radio power varies with country codes channels AP models radio types...

Страница 90: ...1 max rx duration 5000 preamble Syntax preamble long short View WLAN radio interface view Default Level 2 System level Parameters long Specifies to transmit only frames with long preamble short Specif...

Страница 91: ...ommand to specify the radio type to be used by a radio Support for this command depends on the device model The default value of the radio type depends on the device model You can customize the defaul...

Страница 92: ...reset wlan statistics command to reset the statistics of specified client or all clients Examples Reset the corresponding radio statistics of all clients Sysname reset wlan statistics client all rts t...

Страница 93: ...LAN radio interface view Default Level 2 System level Parameters service template number Service template number which ranges from 1 to 1024 wlan bss number WLAN BSS interface number which ranges from...

Страница 94: ...2 System level Parameters None Description Use the short gi enable command to enable the short GI function Use the undo short gi enable command to disable the short GI function By default the short GI...

Страница 95: ...mand to specify the maximum number of attempts to transmit a frame less than RTS threshold Use the undo short retry threshold command to restore the default By default the short retry threshold is 7 E...

Страница 96: ...s underlines and spaces Description Use the ssid command to set the SSID for the current service template Use the undo ssid command to remove the SSID By default the SSID of service template 1 is set...

Страница 97: ...t View System view Default Level 2 System level Parameters interval Specifies the time for which the link between AP and client power save or awake can be idle The value ranges from 60 to 86400 second...

Страница 98: ...r failure or crash and disconnect them from AP Examples Specify keep alive time as 60 seconds Sysname system view Sysname wlan client keep alive 60 wlan country code Syntax wlan country code code undo...

Страница 99: ...Norway NO Cyprus CY New Zealand NZ Czech Republic CZ Oman OM Germany DE Panama PA Denmark DK Peru PE Dominica DO Poland PL Algeria DZ Philippines PH Ecuador EC Pakistan PK Estonia EE Puerto Rico PR E...

Страница 100: ...ZW Description Use the wlan country code command to specify the country code Use the undo wlan country code command to restore the default By default the country code value is CN z The country code d...

Страница 101: ...e configuration view If the input service template exists then you can directly enter the configuration view Use the undo wlan service template command to delete the service template and clear related...

Страница 102: ...lt no uplink interface is configured If the status of all configured uplink interfaces is down WLAN service will not be provided If at least one of them is up WLAN service will be provided Any physica...

Страница 103: ...Description Use the l2fw wlan client isolation enable command to enable wireless user Layer 2 isolation Use the undo l2fw wlan client isolation enable command to disable wireless user Layer 2 isolatio...

Страница 104: ...link 9 1 display wlan mesh profile 9 2 display wlan mp policy 9 3 display wlan rrm 6 1 display wlan service template 10 9 display wlan statistics10 10 display wlan whitelist 7 7 display wlan wmm 8 1...

Страница 105: ...ew 10 18 short gi enable 10 19 short retry threshold 10 20 shutdown WLAN BSS interface view 4 8 shutdown WLAN Radio interface view 4 8 shutdown 10 20 spectrum management enable 6 8 ssid 10 21 static b...

Результаты поиска

Содержание WA Series

Отзывы:

Похожие инструкции для WA Series

Бренды по названию

Популярные бренды

H3C WA Series, Справочник по командам

Результаты поиска

Содержание WA Series

Отзывы:

Похожие инструкции для WA Series

Бренды по названию

Популярные бренды