No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
WLAN WDS Configuration Commands

WLAN WDS Configuration Commands

bridge

Function

The bridge enable command enables the wireless bridge function and sets the bridge working mode.

The bridge disable command disables the wireless bridge function.

By default, the wireless bridge function is disabled.

Format

bridge enable [ mode { root | middle | leaf } ]

bridge disable

Parameters

Parameter

Description

Value

enable

Enables the wireless bridge function on a radio.

-

disable

Disables the wireless bridge function on a radio.

-

mode

Specifies the bridge working mode.

-

root

Sets the working mode to root.

-

middle

Sets the working mode to middle.

-

leaf

Sets the working mode to leaf.

-

Views

Radio view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To connect an AP to an AC through a wireless virtual link, run the bridge enable command to set the bridge working mode on the AP depending on the AP's location on the WDS network.

After the bridge working mode is changed, reset the AP to make the configuration take effect.

Prerequisites

Before you enable the wireless bridge function, ensure that a radio profile has been bound to the AP radio and WLAN IDs 15 and 16 of the current service VAP are not in use.

Example

# Enable the wireless bridge function on ap1_radio0 and set the working mode to middle.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap 1 radio 0 
[Huawei-wlan-radio-1/0] bridge enable mode middle
Related Topics

bridge whitelist enable

Function

The bridge whitelist enable command enables the bridge whitelist function.

The undo bridge whitelist enable command disables the bridge whitelist function.

By default, the bridge whitelist function is disabled.

Format

bridge whitelist enable

undo bridge whitelist enable

Parameters

None

Views

Radio view

Default Level

2: Configuration level

Usage Guidelines

On a WDS network, an AP can only associate with the neighboring APs in the bridge whitelist. The bridge whitelist takes effect only after it is enabled.

You can run the bridge whitelist enable command to enable the bridge whitelist function.

Example

# Enable the bridge whitelist on radio 0 of AP1.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap 1 radio 0 
[Huawei-wlan-radio-1/0] bridge whitelist enable

bridge-name

Function

The bridge-name command sets a bridge profile identifier.

The undo bridge-name command deletes a bridge profile identifier.

By default, no bridge profile identifier is set.

Format

bridge-name name

undo bridge-name

Parameters

Parameter

Description

Value

name

Specifies the bridge profile identifier.

The value is a string of 1 to 32 case-sensitive characters. It does not contain question marks (?)or spaces, and cannot start or end with double quotation marks (" ").

Views

Bridge profile view

Default Level

2: Configuration level

Usage Guidelines

The bridge profile identifier is equivalent to the SSID of a service set. On a WLAN WDS network, the APs discover the wireless bridges on other APs based on the bridge profile identifiers.

You can run the bridge-name command in the bridge profile view to set the bridge profile identifier.

Example

# Create a bridge profile named ChinaNet and set its identifier to ChinaNet-1.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] bridge-profile name ChinaNet
[Huawei-wlan-bridge-prof-ChinaNet] bridge-name ChinaNet-1

bridge-profile

Function

The bridge-profile command creates a bridge profile or displays the bridge profile view.

The undo bridge-profile command deletes a bridge profile.

By default, no bridge profile is configured.

Format

bridge-profile { name profile-name | id profile-id } *

undo bridge-profile { name profile-name | id profile-id }

undo bridge-profile batch id { bridge-profile-id1 [ to bridge-profile-id2 ] } &<1-10>

NOTE:

When you create a bridge profile, name profile-name is mandatory and id profile-id is optional. If id profile-id is not specified, the bridge profile ID is automatically generated.

Parameters

Parameter

Description

Value

name profile-name

Specifies the bridge profile name.

The value is a string of 1 to 31 characters. It does not contain question marks (?) or spaces, and cannot start or end with double quotation marks (" ").

id profile-id

Specifies the bridge profile ID.

The value is an integer that ranges from 0 to 15.

bridge-profile-id1 [ to bridge-profile-id2 ]
Deletes specified bridge profiles in batches:
  • bridge-profile-id1 specifies the bridge profile start ID.
  • bridge-profile-id2 specifies the bridge profile end ID.
  • bridge-profile-id2 must be larger than bridge-profile-id1.
  • bridge-profile-id1 and bridge-profile-id2 determine a bridge profile ID range.
  • If to bridge-profile-id2 is not specified, only the specified bridge profile is deleted.

The value is an integer that ranges from 0 to 15.

Views

WLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The bridge profile is equivalent to the service set in traditional WLAN services. A bridge profile is bound to an AP radio to create bridge VAPs.

A bridge profile contains the mandatory parameters of wireless virtual links between APs. After a bridge profile is bound to a radio, the radio has all attributes of the bridge profile and automatically creates a bridge VAP. The radio uses different VAP parameters to set up and maintain wireless virtual links between APs.

Precautions

Before the bridge profile is bound to an AP radio, the bridge profile name and security profile must have been created.

Example

# Create a bridge profile named ChinaNet, set the bridge profile identifier to ChinaNet-1, and bind the security profile security01 to the bridge profile.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] bridge-profile name ChinaNet 
[Huawei-wlan-bridge-prof-ChinaNet] bridge-name ChinaNet-1
[Huawei-wlan-bridge-prof-ChinaNet] security-profile name security01 

bridge-profile (radio view)

Function

The bridge-profile command binds a bridge profile to an AP radio.

The undo bridge-profile command unbinds a bridge profile from an AP radio.

By default, no bridge profile is bound to a radio.

Format

bridge-profile { name profile-name | id profile-id }

undo bridge-profile

Parameters

Parameter

Description

Value

name profile-name

Specifies the name of the bridge profile to be bound to an AP radio.

The value is a string of 1 to 31 characters.

id profile-id

Specifies the identifier of the bridge profile to be bound to an AP radio.

The value is an integer that ranges from 0 to 15.

Views

Radio view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Binding an AP radio to a bridge profile can create bridge VAPs.

Prerequisites

Before a bridge profile is bound to an AP radio, ensure that the bridge profile identifier and security profile have been configured and the WLAN IDs 13 and 14 of the current VAP are not in use.

NOTE:

Only one bridge profile can be bound to an AP radio. Two bridge VAPs are created and allocated WLAN IDs 13 and 14.

Example

# Bind radio 0 of AP1 to the bridge profile ChinaNet.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap 1 radio 0
[Huawei-wlan-radio-1/0] bridge-profile name ChinaNet

bridge-whitelist

Function

The bridge-whitelist command configures a bridge whitelist.

The undo bridge-whitelist command deletes a bridge whitelist.

By default, no whitelist is configured.

Format

bridge-whitelist { name whitelist-name | id whitelist-id } *

undo bridge-whitelist { name whitelist-name | id whitelist-id | all }

Parameters

Parameter

Description

Value

name whitelist-name

Specifies the name of a bridge whitelist.

The value is a string of 1 to 31 case-insensitive characters. It does not contain question marks (?) or spaces, and cannot begin or end with double quotation marks (" ").

id whitelist-id

Specifies the ID of a bridge whitelist.

The value is an integer that ranges from 0 to 7.

all

Deletes all bridge whitelists.

-

Views

WLAN view

Default Level

2: Configuration level

Usage Guidelines

On a WDS network, if no bridge whitelist is configured for an AP, all neighboring APs can associate with the AP radio. After a bridge whitelist is configured on an AP radio, only the APs with the MAC addresses in the whitelist can associate with the AP radio. After being authenticated, the neighboring APs set up wireless virtual links with the AP radio.

You can run the bridge-whitelist command to configure a bridge whitelist for an AP.

Example

# Create a bridge whitelist named bw01.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] bridge-whitelist name bw01

bridge-whitelist (radio view)

Function

The bridge-whitelist command binds a bridge whitelist to a specified radio.

The undo bridge-whitelist command unbinds a bridge whitelist from a specified radio.

By default, no bridge whitelist is bound to a radio.

Format

bridge-whitelist { name whitelist-name | id whitelist-id }

undo bridge-whitelist

Parameters

Parameter

Description

Value

name whitelist-name

Specifies the name of the bridge whitelist to be bound to a radio.

The value is a string of 1 to 31 characters.

id whitelist-id

Specifies the ID of the bridge whitelist to be bound to a radio.

The value is an integer that ranges from 0 to 7.

Views

Radio view

Default Level

2: Configuration level

Usage Guidelines

After a bridge whitelist is bound to a radio, the radio uses all the parameters of the bridge whitelist. You can run the bridge-whitelist command to bind the bridge whitelist to the radio.

Example

# Bind the bridge whitelist bw01 to radio 0 of AP1.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap 1 radio 0
[Huawei-wlan-radio-1/0] bridge-whitelist name bw01

dhcp trust port (bridge profile view)

Function

The dhcp trust port command configures a DHCP trusted port in the WDS bridge profile.

The undo dhcp trust port command deletes a DHCP trusted port from the WDS bridge profile.

By default, no DHCP trusted port is configured in the WDS bridge profile.

Format

dhcp trust port

undo dhcp trust port

Parameters

None

Views

Bridge profile view

Default Level

2: Configuration level

Usage Guidelines

After DHCP trusted interface is enabled on an AP, the AP receives the DHCP OFFER, ACK, and NAK packets sent by the authorized DHCP server and forwards the packets to STAs so that the STAs can obtain valid IP addresses and go online.

Example

# Configure a DHCP trusted port on an AP bound to the bridge profile named test.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] bridge-profile name test
[Huawei-wlan-bridge-prof-test] dhcp trust port  

display bridge-profile

Function

The display bridge-profile command displays information about a bridge profile.

Format

display bridge-profile { all | name profile-name | id profile-id | bridge-name name }

Parameters

Parameter

Description

Value

all

Displays basic information about all bridge profiles, including names, IDs, identifiers, and number of bridge profiles.

-

name profile-name

Displays information about the bridge profile with a specified name.

The value is a string of 1 to 31 characters.

id profile-id

Displays information about the bridge profile with a specified ID.

The value is an integer that ranges from 0 to 15.

bridge-name name

Displays the names and IDs of the bridge profiles with a specified identifier and the number of bridge profiles.

The value is a string of 1 to 32 characters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display bridge-profile command displays information about bridge profiles, such as basic information about all bridge profiles, configurations of the specified bridge profile, and basic information about the bridge profile with the specified identifier.

Example

# Display basic information about all bridge profiles.

<Huawei> display bridge-profile all
  ----------------------------------------------------------------------------  
  ID      Name                            Bridge-Name                           
  0       lw                              123456_9300                           
  1       lw1                             123456_93001                          
  2       lw2                             123456_93002                          
  3       lw3                             123456_93001                          
  ----------------------------------------------------------------------------  
  Total: 4   
Table 12-68  Description of the display bridge-profile all command output

Item

Description

ID

Bridge profile ID.

You can run the bridge-profile command to set this parameter.

Name

Bridge profile name.

You can run the bridge-profile command to set this parameter.

Bridge-Name

Bridge profile identifier.

You can run the bridge-name command to set this parameter.

Total

Number of bridge profiles.

# Display information about bridge profile 1.

<Huawei> display bridge-profile id 1
  ----------------------------------------------------------------------------  
  Bridge-profile ID          : 1                                                
  Bridge-profile name        : lw1                                              
  Bridge-name                : 123456_93001                                     
  Security profile name      : sp1                                              
  Dhcp trust port            : enable                
                           
  Tagged vlan                : 10                                               
  ----------------------------------------------------------------------------  
Table 12-69  Description of the display bridge-profile command output

Item

Description

Bridge-profile ID

Bridge profile ID.

You can run the bridge-profile command to set this parameter.

Bridge-profile name

Bridge profile name.

You can run the bridge-profile command to set this parameter.

Bridge-name

Bridge profile identifier.

You can run the bridge-name command to set this parameter.

Security profile name

Name of the security profile bound to the bridge profile.

You can run the security-profile (bridge profile view) command to set this parameter.

Dhcp trust port

DHCP trusted interface enabled.

You can run the dhcp trust port (bridge profile view) command to set this parameter.

Tagged vlan

VLAN tag on the bridge profile.

You can run the vlan (bridge profile view) command to set this parameter.

# Display basic information about the bridge profile with identifier 123456_93001.

<Huawei> display bridge-profile bridge-name 123456_93001
 Bridge-profile List:                                                           
  ----------------------------------------------------------------------------  
  ID      Name                                                                  
  1       lw1                                                                   
  3       lw3                                                                   
  ----------------------------------------------------------------------------  
  Total: 2   
Table 12-70  Description of the display bridge-profile command output

Item

Description

ID

Bridge profile ID.

You can run the bridge-profile command to set this parameter.

Name

Bridge profile name.

You can run the bridge-profile command to set this parameter.

Total

Number of bridge profiles.

Related Topics

display bridge-whitelist

Function

The display bridge-whitelist command displays the configuration of a bridge whitelist.

Format

display bridge-whitelist { all | id whitelist-id | name whitelist-name }

Parameters

Parameter

Description

Value

all

Displays basic information about all bridge whitelists, including bridge whitelist IDs, names, and number of bridge whitelists.

-

id whitelist-id

Displays information about the bridge whitelist with a specified ID.

The value is an integer that ranges from 0 to 7.

name whitelist-name

Displays information about the bridge whitelist with a specified name.

The value is a string of 1 to 31 characters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display bridge-whitelist command to view information about all bridge whitelists or the specified bridge whitelist.

Example

# View basic information about all bridge whitelists.

<Huawei> display bridge-whitelist all
  ----------------------------------------------------                          
   ID     Name                                                                  
  ----------------------------------------------------                          
   0      bw01                                                                  
   1      bw02                                                                  
   2      bw03                                                                  
  ----------------------------------------------------                          
   Total: 3                                                                     
Table 12-71  Description of the display bridge-whitelist all command output

Item

Description

ID

Bridge whitelist ID.

Name

Bridge whitelist name.

# Display information about bridge whitelist 0.

<Huawei> display bridge-whitelist id 0
  Bridge-whitelist ID         : 0                                               
  Bridge-whitelist name       : bw01                                            
  Bridge-whitelist mac list information:                                        
  ------------------------------------------------------------------------------
  ID        MAC                                                                 
  ------------------------------------------------------------------------------
  0         0003-0003-0003                                                      
  1         0007-0007-0007                                                      
  2         0001-0001-0001                                                      
  ------------------------------------------------------------------------------
  Total: 3                                                                      

# Display information about the bridge whitelist bw01.

<Huawei> display bridge-whitelist name bw01
  Bridge-whitelist ID         : 0                                               
  Bridge-whitelist name       : bw01                                            
  Bridge-whitelist mac list information:                                        
  ------------------------------------------------------------------------------
  ID        MAC                                                                 
  ------------------------------------------------------------------------------
  0         0003-0003-0003                                                      
  1         0007-0007-0007                                                      
  2         0001-0001-0001                                                      
  ------------------------------------------------------------------------------
  Total: 3                                                                      
Table 12-72  Description of the display bridge-whitelist name command output

Item

Description

Bridge-whitelist ID

Bridge whitelist ID.

Bridge-whitelist name

Bridge whitelist name.

Bridge-whitelist mac list information

Bridge-whitelist MAC information.

ID

ID of the MAC address. The ID is generated automatically when the MAC address is specified.

MAC

MAC address of the neighboring APs that are allowed to access the local wireless bridge.

Total

Number of MAC addresses in bridge whitelist.

lineate-port mode

Function

The lineate-port mode command sets the working modes for an AP wired interface.

The undo lineate-port mode command restores the default working mode of an AP wired interface.

By default, an AP wired interface works in root mode.

NOTE:
The AP2010DN and AP2030DN does not support this command.

Format

lineate-port interface-type interface-num mode { root | endpoint }

undo lineate-port interface-type interface-num mode

Parameters

Parameter

Description

Value

interface-type interface-num

Specifies the AP wired interface. interface-type indicates the interface type, and interface-num indicates the interface number.

-

root

Sets the working mode of an AP wired interface to root, which can connect to an AC.

-

endpoint

Sets the working mode of an AP wired interface to endpoint, which can directly connect to a PC or switch.

-

Views

AP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the AP wired interface serves as an upstream interface, it connects to the AC. You can run this command to configure the interface to work in root mode. In root mode, the interface automatically joins the service VLAN and user VLAN (for example, VLAN assigned by the RADIUS server).

When the AP wired interface serves as a downstream interface, it connects to a wired terminal. You can run this command to configure the interface to work in endpoint mode. In endpoint mode, the interface does not join any VLAN.

Configuration Impact

User isolation cannot be configured on the AP wired interface in root mode. Only when the AP wired interface works in endpoint mode, user isolation can be configured on it.

Follow-up Procedure

After the command is configured, run the commit { all | ap ap-id } command to deliver the configuration to APs.

Example

# Configure wired interface GE 0 of AP 1 to work in endpoint mode.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap id 1
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 mode endpoint

lineate-port pvid vlan

Function

The lineate-port pvid vlan command sets the PVID for an AP wired interface.

The undo lineate-port pvid vlan command deletes the PVID of an AP wired interface.

By default, no PVID is configured for an AP wired interface.

Format

lineate-port interface-type interface-num pvid vlan vlan-id

undo lineate-port interface-type interface-num pvid vlan

Parameters

Parameter

Description

Value

interface-type interface-num

Specifies the AP wired interface. interface-type indicates the interface type, and interface-num indicates the interface number.

-

vlan-id

Specifies the PVID VLAN ID for a wired interface.

The value is an integer that ranges from 1 to 4094.

Views

AP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The APs on the WLAN WDS network only process tagged packets.

When receiving an untagged packet from a peer device, the AP wired interface adds a VLAN tag to the packet. After the PVID is configured on the wired interface, the interface adds the PVID to all the received untagged packets.

Follow-up Procedure

After the command is configured, run the commit { all | ap ap-id } command to deliver the configuration to APs.

Precautions

This command cannot be configured on member interfaces of the Eth-Trunk interface.

Example

# Set the PVID of AP 1's wired interface GE 0 to VLAN 1.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap id 1
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 pvid vlan 1

lineate-port user-isolate enable

Function

The lineate-port user-isolate enable command enables user isolation on an AP wired interface.

The undo lineate-port user-isolate enable command disables user isolation on an AP wired interface.

By default, user isolation is disabled on an AP wired interface.

Format

lineate-port interface-type interface-num user-isolate enable

undo lineate-port interface-type interface-num user-isolate enable

Parameters

Parameter

Description

Value

interface-type interface-num

Specifies the AP wired interface. interface-type indicates the interface type, and interface-num indicates the interface number.

-

Views

AP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The user isolation function prevents the users on the same wired interface from communicating with each other. All user traffic on the wired interface is forwarded by the gateway. Therefore, this function ensures communication security on wired interfaces and allows uniform charging for users.

Run this command to enable user isolation on the AP wired interface.

Prerequisites

An AP wired interface must work in endpoint mode before you enable user isolation on the AP wired interface.

Follow-up Procedure

After the command is configured, run the commit { all | ap ap-id } command to deliver the configuration to APs.

Precautions

This command cannot be configured on member interfaces of the Eth-Trunk interface.

Example

# Set wired interface GE 0 of AP 1 to work in endpoint mode and enable user isolation on the interface.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap id 1
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 mode endpoint
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 user-isolate enable
Related Topics

lineate-port vlan

Function

The lineate-port vlan command configures the VLAN to which an AP wired interface belongs.

The undo lineate-port vlan command deletes the VLAN to which an AP wired interface belongs.

By default, an AP wired interface does not belong to any VLAN.

Format

lineate-port interface-type interface-num vlan { tagged | untagged } { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo lineate-port interface-type interface-num vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

Parameters

Parameter

Description

Value

interface-type interface-num

Specifies the AP's wired interface. interface-type indicates the interface type, and interface-num indicates the interface number.

-

tagged

Adds a wired interface to a VLAN in tagged mode.

-

untagged

Adds a wired interface to a VLAN in untagged mode.

-

vlan-id1 [ to vlan-id2 ]

Specifies the ID of the VLAN to which the wired interface belongs.
  • vlan-id1 specifies the first VLAN ID.
  • to vlan-id2 specifies the last VLAN ID. vlan-id2 must be larger than vlan-id1. vlan-id1 and vlan-id2 specify a range of VLANs.

If to vlan-id2 is not specified, the wired interface is added to the VLAN specified by vlan-id1.

You can specify a maximum of 10 VLAN ranges at a time. The entered VLAN ranges cannot overlap.

  • The value of vlan-id1 is an integer that ranges from 1 to 4094.
  • The value of vlan-id2 is an integer that ranges from 1 to 4094.

all

Deletes the VLANs to which the AP wired interface belongs.

-

Views

AP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a wired interface connects to a PC or Layer 2 network, the interface is equivalent to a hybrid interface on a switch, and can forward the packets with multiple VLAN tags.

After the lineate-port vlan tagged command is executed to add the wired interface to one or more VLANs in tagged mode, the interface does not remove VLAN tags from the packets it forwarded.

After the lineate-port vlan untagged command is executed to add the wired interface to one or more VLANs in untagged mode, the interface removes VLAN tags from the packets it forwarded.

Configuration Impact

If the lineate-port vlan command is executed on an AP wired interface multiple times, the interface is added to multiple VLANs.

Example

# Add wired interface GE 0 of AP 1 to VLANs 3, 4, 5, and 10 in tagged mode, and add the wired interface to VLANs 12, 13, 14, and 20 in untagged mode.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] ap id 1
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 mode endpoint
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 vlan tagged 3 to 5 10
[Huawei-wlan-ap-1] lineate-port gigabitethernet 0 vlan untagged 12 to 14 20

peer ap mac

Function

The peer ap mac command adds MAC addresses of neighboring APs that can access the local wireless bridge to the bridge whitelist.

The undo peer ap mac command deletes MAC addresses of neighboring APs from the bridge whitelist.

Format

peer ap mac mac-address

undo peer ap mac mac-address

Parameters

Parameter

Description

Value

mac-address

Specifies the MAC address added to the bridge whitelist.

The value is in H-H-H format. An H is a 4-digit hexadecimal number.

Views

Bridge whitelist view

Default Level

2: Configuration level

Usage Guidelines

After the bridge whitelist is created, you can run the peer ap mac command to adds MAC addresses of the neighboring APs to a bridge whitelist. Only the APs with MAC addresses in the whitelist are allowed to access the local wireless bridge.

NOTE:

If the whitelist is used, only neighboring APs with MAC addresses in the whitelist can connect to the bridge. On WDS networks, the whitelist can be configured only on root APs or middle APs.

A maximum of 6 MAC addresses can be added to each bridge whitelist.

Example

# Create a bridge whitelist profile named bw01 and add MAC addresses 0003-0003-0003, 0007-0007-0007, and 0001-0001-0001 to the whitelist.

<Huawei> system-view
[Huawei] wlan 
[Huawei-wlan-view] bridge-whitelist name bw01
[Huawei-wlan-br-whitelist-bw01] peer ap mac 0003-0003-0003
[Huawei-wlan-br-whitelist-bw01] peer ap mac 0007-0007-0007
[Huawei-wlan-br-whitelist-bw01] peer ap mac 0001-0001-0001

security-profile (bridge profile view)

Function

The security-profile command binds a security profile to a bridge profile.

The undo security-profile command unbinds a security profile from a bridge profile.

By default, no security profile is bound to a bridge profile.

Format

security-profile { name profile-name | id profile-id }

undo security-profile

Parameters

Parameter

Description

Value

name profile-name

Specifies the name of a security profile bound to a bridge profile.

The security profile name must exist.

id profile-id

Specifies the ID of a security profile bound to a bridge profile.

The security profile ID must exist.

Views

Bridge profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A bridge profile can be bound to an AP radio only after a security profile is bound to the bridge profile. In the bridge profile view, you can run the security-profile command to bind a security profile to the bridge profile.

Precautions

The wireless bridge supports only WPA2-PSK authentication policy and CCMP encryption; therefore, before you bind the security profile to the bridge profile, ensure that WPA2-PSK and CCMP are used.

After a security profile is bound to a bridge profile, the authentication policy and encryption mode cannot be changed, but the authentication key can be changed.

Example

# Create a bridge profile named ChinaNet, set the bridge profile identifier to ChinaNet-1, and bind the security profile security01 to the bridge profile.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] bridge-profile name ChinaNet
[Huawei-wlan-bridge-prof-ChinaNet] bridge-name ChinaNet-1
[Huawei-wlan-bridge-prof-ChinaNet] security-profile name security01 

vlan (bridge profile view)

Function

The vlan tagged command adds one or more VLANs to a bridge profile in tagged mode.

The command deletes one or more VLANs from a bridge profile.

By default, no VLAN is added to a bridge profile.

NOTE:
Currently, VLANs can only be added to a bridge profile in tagged mode.

Format

vlan tagged { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo vlan tagged { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }

Parameters

Parameter

Description

Value

vlan-id1 [ to vlan-id2 ]

Specifies the tagged VLAN ID.
  • vlan-id1 specifies the first VLAN ID.
  • to vlan-id2 specifies the last VLAN ID. vlan-id2 must be larger than vlan-id1. vlan-id1 and vlan-id2 specify a range of VLANs.

If to vlan-id2 is not specified, only tagged VLANs specified by vlan-id1 are added to the bridge profile.

You can specify a maximum of 10 VLAN ranges at a time. The entered VLAN ranges cannot overlap.

  • The value of vlan-id1 is an integer that ranges from 1 to 4094.
  • The value of vlan-id2 is an integer that ranges from 1 to 4094.

all

Deletes all tagged VLANs from the bridge profile.

-

Views

Bridge profile view

Default Level

2: Configuration level

Usage Guidelines

Adding VLANs to a bridge profile is equivalent to adding a hybrid interface to VLANs.

After VLANs are added to the bridge profile that bound to the wireless bridge, the VLANs have all attributes of the bridge profile. The wireless bridge then forwards only the packets with these VLAN parameters from STAs and peer APs.

You can run the vlan tagged command to add one or more VLANs to a bridge profile in tagged mode so that the VLANs are added to the wireless bridge matching the bridge profile.

Example

# Create a bridge profile named ChinaNet and add VLANs 3, 4, 5, 6, 10, and 12 to the bridge profile in tagged mode.

<Huawei> system-view
[Huawei] wlan ac
[Huawei-wlan-view] bridge-profile name ChinaNet 
[Huawei-wlan-bridge-prof-ChinaNet] vlan tagged 3 to 6 10 12
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 50421

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next