Fat AP and Cloud AP V200R010C00 Command Reference

About This Document
How to Use Command Lines
- Entering Command Views
- Setting Command Levels
- Editing Command Lines
- Using Command Line Online Help
- Interpreting Command Line Error Messages
- Using the undo Command Line
- Displaying History Commands
- Using Command Line Shortcut Keys
Basic Configurations Commands
- CLI Overview Commands
- First Login Commands
- UI Configuration Commands
- User Login Configuration Commands
- File Management Commands
- Configuring System Startup Commands
- Upgrade Commands
- HTTP Server Commands
Cloud-based Management Configuration Commands
- cloud-mng controller
- cloud-mng register-center disable
- display cloud-mng info
- display cloud-mng execute-cli-list
- display cloud-mng register-center status
- management-vlan (WAN view)
- interface wan0
- ip address (WAN view)
- dns-server (WAN view)
- dhcp-client enable
- pppoe-client (Cloud AP)
- temporary-management psk (Cloud Central AP)
- temporary-management psk (Cloud AP)
Device Management Commands
- Device Status Checking Commands
- Hardware Configuration Commands
- Energy-saving Configuration Commands
- Fault Management Commands
- Information Center Configuration Commands
- NTP Configuration Commands
- PoE Configuration Commands
Interface Management Commands
- Basic Interface Configuration Commands
- Ethernet Interface Configuration Commands
- Logical Interface Configuration Commands
Network Interconnection Configurations Commands
- MAC Address Table Configuration Commands
- Ethernet Link Aggregation Commands
- VLAN Configuration Commands
- STP/RSTP/MSTP Configuration Commands
- IPv4 Configuration Commands
  - ip address
- ARP Configuration Commands
- DHCP Configuration Commands
- DNS Configuration Commands
- NAT Configuration Commands
- IP Performance Configuration Commands
- IP Routing Basic Configuration Commands
- Static Route Configuration Commands
- IGMP Snooping Configuration Commands
- Layer 2 Multicast CAC Configuration Commands
WAN Commands
- PPPoE Commands
WLAN Service Configuration Commands(Common AP)
- active-dull-client enable
- advertise-ap-name enable
- agile-antenna-polarization
- antenna-gain
- association-timeout
- auto-off service
- beacon-2g-rate
- beacon-5g-rate
- beacon-interval
- beamforming enable
- channel
- channel-switch announcement disable
- channel-switch mode
- copy-from
- country-code
- deny-broadcast-probe enable
- dhcp option82 insert enable
- dhcp option82 format (vap profile view)
- display ap
- display ap configurable channel
- display interface wlan-radio
- display radio
- display radio-2g-profile
- display radio-5g-profile
- display references radio-2g-profile
- display references radio-5g-profile
- display references ssid-profile
- display references vap-profile
- display resource occupancy message
- display ssid-profile
- display station
- display station online-fail-record
- display station offline-record
- display station online-track
- display station statistics
- display vap
- display vap create-fail-record
- display vap-profile
- display vap-service-backup auth-server-down
- display wlan config-errors
- dot11a basic-rate
- dot11a supported-rate
- dot11bg basic-rate
- dot11bg supported-rate
- dtim-interval
- eirp
- fragmentation-threshold
- frequency
- guard-interval-mode
- ht a-mpdu disable
- ht a-mpdu max-length-exponent
- interface wlan-radio
- legacy-station disable
- max-sta-number (SSID profile view)
- multicast-rate
- mu-mimo disable
- mu-mimo optimize enable
- probe-response-retry
- qbss-load enable
- radio disable
- radio-2g-profile (WLAN view)
- radio-5g-profile (WLAN view)
- radio-type (2G radio profile view)
- radio-type (5G radio profile view)
- reach-max-sta
- report-sta-assoc enable
- reset channel switch-record
- reset station offline-record
- reset station online-fail-record
- reset station statistics
- rf-ping
- rts-cts-mode
- rts-cts-threshold
- service-mode disable
- service-vlan (VAP profile view)
- short-preamble disable
- single-txchain enable
- snmp-agent trap enable feature-name wlan
- ssid
- ssid-hide enable
- ssid-profile (WLAN view)
- ssid-profile (VAP profile view)
- sta-network-detect disable
- type (VAP profile view)
- u-apsd enable
- utmost-power
- vap-profile (WLAN view)
- vap-profile (radio interface view)
- vap-service-backup auth-server-down
- vht a-mpdu max-length-exponent
- vht a-msdu enable
- vht a-msdu max-frame-num
- vht mcs-map
- wlan
AP Management Configuration Commands
- access-user syslog-restrain enable
- access-user syslog-restrain period
- channel-load-mode indoor
- display ap around-ssid-list
- display ap led
- display ap neighbor
- display ap neighbor (Cloud AP)
- display ap optical-info
- display ap power-workmode
- display ap run-info
- display ap traffic statistics wireless
- display ap uncontrol all
- display channel switch-record
- display channel switch-record (Cloud AP)
- high-temperature threshold
- led blink-time
- led off
- low-temperature threshold
- mtu (Cloud AP)
- sta-ipv6-service enable
- usb enable
WLAN Radio Resource Management Configuration Commands
- amc-policy
- air-scan-profile
- air-scan-profile (radio profile view)
- band-steer balance gap-threshold
- band-steer balance start-threshold
- band-steer client-band-expire
- band-steer deny-threshold
- band-steer disable
- band-steer snr-threshold
- calibrate auto-channel-select disable
- calibrate auto-txpower-select disable
- calibrate enable { auto | manual | schedule time }
- calibrate error-rate-check
- calibrate error-rate-threshold
- calibrate tpc threshold
- calibrate flexible-radio
- calibrate flexible-radio manual-recognize
- calibrate max-tx-power
- calibrate min-tx-power
- calibrate manual startup
- calibrate noise-floor-threshold
- calibrate policy
- calibrate sensitivity
- cca-threshold
- dca-channel bandwidth
- dca-channel channel-set
- dfs recover-delay
- dfs smart-selection disable
- display air-scan-profile
- display flexible-radio status
- display flexible-radio switch-record
- display references air-scan-profile
- display references rrm-profile
- display rrm-profile
- display sta-load-balance fairness
- display station neighbor
- display station neighbor all
- display station steer-history
- display station steer-info
- display station steer-statistics
- display station unsteerable
- display wlan calibrate channel-set
- display wlan calibrate statistics
- dynamic-edca enable
- dynamic-edca threshold
- high-density amc-optimize enable
- interference adjacent-channel threshold
- interference co-channel threshold
- interference detect-enable
- interference station threshold
- power auto-adjust enable
- reset ap traffic statistics wireless
- reset station steer-history
- reset station steer-statistics
- reset flexible-radio switch-record
- reset wlan calibrate statistics
- rrm-profile (WLAN view)
- rrm-profile (radio profile view)
- scan-channel-set
- scan-disable
- scan-enhancement
- scan-interval
- scan-period
- smart-antenna { enable | disable }
- smart-antenna throughput-triggered-training
- smart-antenna training-interval
- smart-antenna training-mpdu-number
- smart-antenna valid-per-scope
- smart-roam advanced-scan disable
- smart-roam disable
- smart-roam quick-kickoff back-off-time
- smart-roam quick-kickoff-snr check-interval
- smart-roam quick-kickoff-snr p-n criteria
- smart-roam quick-kickoff-threshold
- smart-roam quick-kickoff-threshold { check-snr | check-rate }
- smart-roam quick-kickoff-threshold disable
- smart-roam roam-threshold { check-snr | check-rate }
- smart-roam roam-threshold { snr | rate }
- smart-roam snr-margin
- smart-roam unable-roam-client expire-time
- sta-load-balance dynamic btm-fail-times
- sta-load-balance dynamic deauth-fail-times
- sta-load-balance dynamic deny-threshold
- sta-load-balance dynamic disable
- sta-load-balance dynamic sta-number gap-threshold
- sta-load-balance dynamic sta-number start-threshold
- sta-load-balance dynamic channel-utilization gap-threshold
- sta-load-balance dynamic channel-utilization start-threshold
- sta-load-balance dynamic probe-report interval
- sta-load-balance dynamic rssi-diff-gap
- sta-load-balance dynamic rssi-threshold
- sta-load-balance dynamic steer-restrict auth-threshold
- sta-load-balance dynamic steer-restrict probe-threshold
- sta-load-balance dynamic steer-restrict restrict-time
- sta-load-balance mode
- uac channel-utilization threshold
- uac enable
- uac client-number threshold
- uac client-snr threshold
- uac reach-access-threshold
WLAN Roaming Commands (Common AP)
- display station roam-statistics
- display station roam-track
WLAN Location Configuration Commands (Common AP)
- ble
- ble low-power-threshold
- ble monitoring-list
- broadcaster enable
- broadcasting-content
- broadcasting-interval
- display ble-profile
- display location-profile
- display references ble-profile
- display wlan ble global configuration
- display wlan ble monitoring-list
- display wlan ble site-info
- location-profile
- location-profile (WLAN view)
- private mu protocol-version
- private mu-enable
- private report-frequency
- private server
- report-mode
- report-to-server
- reset wlan ble site-info
- sniffer enable
- tx-power (BLE profile view)
WLAN Security Configuration Commands(Common AP)
- anti-attack flood blacklist enable
- anti-attack flood disable
- anti-attack flood sta-rate-threshold
- arp anti-attack check user-bind enable
- brute-force-detect interval
- brute-force-detect quiet-time
- brute-force-detect threshold
- contain
- contain-mode
- device report-interval
- dhcp trust port
- display ap radio-environment
- display references security-profile
- display references sta-blacklist-profile
- display references sta-whitelist-profile
- display security-profile
- display sta-blacklist-profile
- display sta-whitelist-profile
- display wlan ids attack-detected
- display wlan ids attack-detected statistics
- display wlan ids attack-history
- display wlan ids contain
- display wlan ids device-detected
- display wlan ids device-detected statistics
- display wlan dynamic-blacklist
- display wlan ids rogue-history
- display wlan ids spoof-ssid fuzzy-match
- display wlan wapi certificate
- dynamic-blacklist aging-time
- dynamic-blacklist enable
- flood-detect interval
- flood-detect quiet-time
- flood-detect threshold
- ip source check user-bind enable
- learn-client-address dhcp-strict
- learn-client-address disable (VAP profile view)
- oui
- permit-ap
- pmf
- reset wlan ids attack-detected
- reset wlan ids attack-detected statistics
- reset wlan ids attack-history
- reset wlan ids device-detected
- reset wlan dynamic-blacklist
- reset wlan ids rogue-history
- security dot1x
- security psk
- security wapi
- security wep
- security-profile (wlan view)
- security-profile (VAP profile view)
- spoof-detect quiet-time
- spoof-ssid
- sta-access-mode
- sta-blacklist-profile
- sta-mac
- sta-whitelist-profile
- wapi asu
- wapi bk
- wapi cert-retrans-count
- wapi import certificate
- wapi import private-key
- wapi key-update
- wapi msk
- wapi sa-timeout
- wapi usk
- weak-iv-detect quiet-time
- wep default-key
- wep key
- wids
- wids attack detect enable
- wids contain enable
- wids device detect enable
- wids manual-contain
- work-mode
- wpa ptk-update enable
- wpa ptk-update ptk-update-interval
Vehicle-Ground Fast Link Handover Configuration Commands
- antenna-output
- client-mode enable
- dhcp trust port (Mesh profile view)
- display mesh vap
- display mesh-handover-profile
- display mesh-handover-trace
- display mesh-neighbor-rssi
- display mesh-profile
- display mesh-proxy-equip
- display mesh-whitelist-profile
- display references mesh-handover-profile
- display references mesh-profile
- display references mesh-whitelist-profile
- display wlan mesh link
- display wlan mesh switch-record all
- link-aging-time
- link-hold-period
- link-probe-interval
- link-report-interval
- link-rssi-threshold
- location-based-algorithm enable
- max-link-number
- max-rssi-threshold
- mesh-handover-profile
- mesh-handover-profile (Mesh profile view)
- mesh-id
- mesh-profile
- mesh-profile (WLAN radio interface view)
- mesh-proxy onboard-equip
- mesh-proxy trackside-equip
- mesh-whitelist-profile
- mesh-whitelist-profile (radio view)
- min-rssi-threshold
- peer-ap mac (Mesh whitelist profile view)
- priority-map dscp (Mesh profile view)
- priority-map trust (Mesh profile view)
- p-n criteria
- rssi-margin
- security-profile (Mesh profile view)
- switch-probe-interval
- urgent-handover low-rate
- urgent-handover punishment
Hotspot2.0 Configuration Commands (Common AP)
- cellular-network-profile
- cellular-network-profile (Hotspot2.0 profile view)
- connection-capability-profile
- connection-capability-profile (Hotspot2.0 profile view)
- connection-capability
- display cellular-network-profile
- display connection-capability-profile
- display hotspot2-profile
- display nai-realm-profile
- display operating-class-profile
- display operator-domain-profile
- display operator-name-profile
- display references cellular-network-profile
- display references connection-capability-profile
- display references hotspot2-profile
- display references nai-realm-profile
- display references operating-class-profile
- display references operator-domain-profile
- display references operator-name-profile
- display references roaming-consortium-profile
- display references venue-name-profile
- display roaming-consortium-profile
- display venue-name-profile
- domain-name
- hessid
- hotspot2-profile
- hotspot2-profile (VAP profile view)
- ipv4-address-avail
- nai-realm-profile
- nai-realm-profile (Hotspot2.0 profile view)
- nai-realm
- network-authen-type
- network-type
- operating-class-indication
- operating-class-profile
- operating-class-profile (Hotspot2.0 profile view)
- operator-domain-profile
- operator-domain-profile (Hotspot2.0 profile view)
- operator-friendly-name
- operator-name-profile
- operator-name-profile (Hotspot2.0 profile view)
- p2p-cross-connect disable
- plmn-id
- roaming-consortium-oi
- roaming-consortium-profile
- roaming-consortium-profile (Hotspot2.0 profile view)
- venue-name-profile
- venue-name-profile (Hotspot2.0 profile view)
- venue-name
- venue-type
WLAN Traffic Optimization Commands(Common AP)
- broadcast-suppression auto-detect
- display wlan igmp-snooping vap-cac
- igmp-snooping max-bandwidth (traffic profile view)
- igmp-snooping max-user (traffic profile view)
- igmp-snooping enable (traffic profile view)
- multicast-suppression auto-detect
- service-guarantee
- traffic-optimize arp-proxy enable
- traffic-optimize bcmc deny all
- traffic-optimize bcmc unicast-send
- traffic-optimize bcmc unicast-send mismatch-action drop
- traffic-optimize broadcast-suppression
- traffic-optimize multicast-suppression
- traffic-optimize multicast-unicast enable
- traffic-optimize multicast-unicast dynamic-adaptive disable
- traffic-optimize sta-bridge-forward disable
- traffic-optimize tcp adjust-mss
- traffic-optimize unicast-suppression
- unicast-suppression auto-detect
WLAN Service Configuration Commands (Central AP)
- active-dull-client enable
- advertise-ap-name enable
- antenna-gain
- ap auth-mode
- ap blacklist
- ap data-collection enable
- ap data-collection interval
- ap modify
- ap whitelist
- ap-confirm
- ap-id
- ap-mac
- association-timeout
- auto-off service
- beacon-2g-rate
- beacon-5g-rate
- beacon-interval
- beamforming enable
- capwap control-link-priority
- capwap dtls control-link encrypt
- capwap dtls psk
- capwap dtls psk-mandatory-match enable
- capwap echo
- capwap message-integrity psk
- capwap message-integrity check disable
- capwap sensitive-info psk
- capwap source interface
- capwap source ip-address
- channel
- channel-switch announcement disable
- channel-switch mode
- copy-from
- country-code
- coverage distance
- deny-broadcast-probe enable
- dhcp option82 insert enable
- dhcp option82 format (vap profile view)
- display ap
- display ap blacklist
- display ap config-info
- display ap configurable channel
- display ap global configuration
- display ap offline-record
- display ap online-fail-record
- display ap sta-signal strength
- display ap statistics
- display ap unauthorized record
- display ap whitelist
- display ap-group
- display capwap configuration
- display radio
- display radio-2g-profile
- display radio-5g-profile
- display references radio-2g-profile
- display references radio-5g-profile
- display references regulatory-domain-profile
- display references ssid-profile
- display references vap-profile
- display regulatory-domain-profile
- display ssid-profile
- display station
- display station online-fail-record
- display station offline-record
- display station online-track
- display station statistics
- display vap
- display vap create-fail-record
- display vap-service-backup auth-server-down
- display wlan config-errors
- dot11a basic-rate
- dot11a supported-rate
- dot11bg basic-rate
- dot11bg supported-rate
- dtim-interval
- eirp
- fragmentation-threshold
- guard-interval-mode
- ht a-mpdu disable
- ht a-mpdu max-length-exponent
- legacy-station disable
- max-sta-number (SSID profile view)
- multicast-rate
- mu-mimo disable
- mu-mimo optimize enable
- probe-response-retry
- qbss-load enable
- radio
- radio disable
- radio-2g-profile (WLAN view)
- radio-2g-profile
- radio-5g-profile (WLAN view)
- radio-5g-profile
- radio-type (2G radio profile view)
- radio-type (5G radio profile view)
- reach-max-sta
- regulatory-domain-profile (WLAN view)
- regulatory-domain-profile
- report-sta-assoc enable
- reset ap offline-record
- reset ap online-fail-record
- reset ap unauthorized record
- reset channel switch-record
- reset station offline-record
- reset station online-fail-record
- reset station statistics
- reset vap create-fail-record all
- rf-ping
- rts-cts-mode
- rts-cts-threshold
- service-mode disable
- service-vlan (VAP profile view)
- short-preamble disable
- single-txchain enable
- snmp-agent trap enable feature-name wlan
- ssid
- ssid-hide enable
- ssid-profile (WLAN view)
- ssid-profile (VAP profile view)
- sta-network-detect disable
- type (VAP profile view)
- u-apsd enable
- undo ap
- utmost-power
- vap-profile (WLAN view)
- vap-profile
- vap-service-backup auth-server-down
- vht a-mpdu max-length-exponent
- vht a-msdu enable
- vht a-msdu max-frame-num
- vht mcs-map
- wlan
RU Management Configuration Commands (Central AP)
- access-user syslog-restrain enable
- access-user syslog-restrain period
- ac-list (AP view)
- ac-list (AP provisioning view)
- address-mode (AP view)
- address-mode (AP provisioning view)
- alarm-restriction disable
- alarm-restriction period
- ap lldp enable
- ap manufacturer-config
- ap update ftp-server
- ap update ftp-server max-connect-number
- ap update load
- ap update mode
- ap update multi-load
- ap update multi-reset
- ap update reset
- ap update sftp-server
- ap update sftp-server max-connect-number
- ap update update-filename
- ap update schedule-task
- ap username
- ap-group
- ap-group (AP provisioning view)
- ap-group (AP view)
- ap-name
- ap-name (AP provisioning view)
- ap-name (AP view)
- ap password policy
- ap-patch update load
- ap-patch update multi-load
- ap-patch update update-filename
- ap-regroup
- ap-rename
- ap-reset
- ap-system-profile (WLAN view)
- ap-system-profile (AP group view and AP view)
- broadcast-suppression auto-detect (AP system profile view)
- channel-load-mode indoor
- clear configuration this
- commit (AP provisioning view)
- console disable
- coordinate
- cpu-usage threshold
- crc-alarm enable
- description (AP wired port profile view)
- dai enable (AP wired port profile view)
- dhcp client option12
- display ap around-ssid-list
- display ap asyn-message err-info
- display ap config-fail-record
- display ap coordinate
- display ap elabel
- display ap lldp neighbor
- display ap led
- display ap neighbor
- display ap neighbor (Cloud Central AP)
- display ap optical-info
- display ap performance statistics
- display ap provision
- display ap port
- display ap power-workmode
- display ap run-info
- display ap service-config acl
- display ap traffic statistics wireless
- display ap uncontrol all
- display ap update configuration
- display ap update schedule-task
- display ap update status
- display ap username
- display ap version
- display ap wired-port
- display ap-system-profile
- display ap-type
- display channel switch-record
- display channel switch-record (Cloud Central AP)
- display distribute-ap
- display mac-address ap-all
- display mac-address { ap-id | ap-name }
- display management-vlan
- display port-link-profile
- display provision-ap parameter-list
- display references ap-system-profile
- display references port-link-profile
- display references wired-port-profile
- display resource occupancy message
- display vap-profile
- display wired-port-profile
- eapol-response dest-address transform-condition
- eapol-response dest-address transform-to
- eapol-start dest-address transform-condition
- eapol-start dest-address transform-to
- eth-trunk (AP wired port profile view)
- high-temperature threshold
- ipsg enable (AP wired port profile view)
- ip-address (AP view)
- ip-address (AP provisioning view)
- igmp-snooping enable (AP wired port profile view)
- learn-client-address (AP wired port profile view)
- led blink-time
- led off
- lldp admin-status
- lldp dot3-tlv power (AP wired port link profile view)
- lldp enable
- lldp message-transmission delay (AP system profile view)
- lldp message-transmission hold-multiplier (AP system profile view)
- lldp message-transmission interval (AP system profile view)
- lldp report enable
- lldp report-interval
- lldp restart-delay
- lldp tlv-enable (AP wired port link profile view)
- lldp tlv-enable legacy-tlv four-pair-power (AP wired port link profile view)
- log-record-level
- log-server
- low-temperature threshold
- management-vlan
- memory-usage threshold
- mode (AP wired port profile view)
- mtu (Cloud Central AP)
- mtu
- multicast-suppression auto-detect (AP system profile view)
- password alert before-expire (AP password policy view)
- password alert original (AP password policy view)
- password expire (AP password policy view)
- password history record number (AP password policy view)
- poe af-inrush enable (AP system profile view)
- poe disable (AP wired port link profile view)
- poe force-power (AP wired port link profile view)
- poe high-inrush enable (AP system profile view)
- poe legacy enable (AP wired port link profile view)
- poe max-power (AP system profile view)
- poe power-reserved (AP system profile view)
- poe power-threshold (AP system profile view)
- poe power-off time-range (AP wired port link profile view)
- poe priority (AP wired port link profile view)
- port-link-profile (WLAN view)
- port-link-profile (AP wired port profile view)
- provision-ap
- report-disassoc-request disable
- report-sta-info enable
- reset mac-address
- reset statistics
- sample-time
- sftp server disable
- shutdown (AP wired port link profile view)
- ssh client first-time enable (AP system profile view)
- sta-ipv6-service enable
- stelnet server disable
- stp auto-shutdown enable (AP wired port profile view)
- stp auto-shutdown recovery-time (AP wired port profile view)
- stp enable (AP wired port profile view)
- telnet enable
- traffic-filter (AP wired port profile view)
- traffic-remark (AP wired port profile view)
- traffic-optimize (AP wired port profile view)
- traffic-optimize broadcast-suppression disable (AP system profile view)
- traffic-optimize broadcast-suppression rate-threshold (AP system profile view)
- traffic-optimize tcp adjust-mss
- unicast-suppression auto-detect (AP system profile view)
- user-interface vty acl
- user-interface vty idle-timeout
- user-interface vty screen-length
- user-isolate (AP wired port profile view)
- usb enable (AP system profile view)
- vlan pvid (AP wired port profile view)
- vlan (AP wired port profile view)
- wired-port-profile (WLAN view)
- wired-port-profile (AP group view and view)
WLAN Radio Resource Management Configuration Commands (Central AP)
- amc-policy
- air-scan-profile
- air-scan-profile (radio profile view)
- band-steer balance gap-threshold
- band-steer balance start-threshold
- band-steer client-band-expire
- band-steer deny-threshold
- band-steer disable
- band-steer snr-threshold
- btm-fail-times
- calibrate auto-channel-select disable
- calibrate auto-txpower-select disable
- calibrate enable { auto | manual | schedule time }
- calibrate error-rate-check
- calibrate error-rate-threshold
- calibrate tpc threshold
- calibrate flexible-radio
- calibrate flexible-radio disable
- calibrate flexible-radio manual-recognize
- calibrate max-tx-power
- calibrate min-tx-power
- calibrate manual startup
- calibrate noise-floor-threshold
- calibrate policy
- calibrate sensitivity
- calibrate virtual-group-size
- cca-threshold
- channel-utilization gap-threshold
- channel-utilization start-threshold
- dca-channel bandwidth
- dca-channel channel-set
- deauth-fail-times
- deny-threshold
- dfs recover-delay
- dfs smart-selection disable
- display air-scan-profile
- display flexible-radio status
- display flexible-radio switch-record
- display references air-scan-profile
- display references rrm-profile
- display rrm-profile
- display station neighbor
- display station neighbor all
- display station steer-history
- display station steer-info
- display station steer-statistics
- display station unsteerable
- display sta-load-balance fairness
- display sta-load-balance static-group
- display wlan calibrate channel-set
- display wlan calibrate statistics
- dynamic-edca enable
- dynamic-edca threshold
- high-density amc-optimize enable
- interference adjacent-channel threshold
- interference co-channel threshold
- interference detect-enable
- interference station threshold
- member (static load balancing group view)
- mode (static load balancing group view)
- power auto-adjust enable
- reset ap traffic statistics wireless
- reset station steer-statistics
- reset wlan calibrate statistics
- rrm-profile (WLAN view)
- rrm-profile (radio profile view)
- rssi-diff-gap
- rssi-threshold
- scan-channel-set
- scan-disable
- scan-interval
- scan-period
- smart-antenna { enable | disable }
- smart-antenna throughput-triggered-training
- smart-antenna training-interval
- smart-antenna training-mpdu-number
- smart-antenna valid-per-scope
- smart-roam advanced-scan disable
- smart-roam disable
- smart-roam quick-kickoff back-off-time
- smart-roam quick-kickoff-snr check-interval
- smart-roam quick-kickoff-snr p-n criteria
- smart-roam quick-kickoff-threshold
- smart-roam quick-kickoff-threshold { check-snr | check-rate }
- smart-roam quick-kickoff-threshold disable
- smart-roam roam-threshold { check-snr | check-rate }
- smart-roam roam-threshold { snr | rate }
- smart-roam snr-margin
- smart-roam unable-roam-client expire-time
- sta-load-balance dynamic btm-fail-times
- sta-load-balance dynamic channel-utilization gap-threshold
- sta-load-balance dynamic channel-utilization start-threshold
- sta-load-balance dynamic deauth-fail-times
- sta-load-balance dynamic deny-threshold
- sta-load-balance dynamic disable
- sta-load-balance dynamic sta-number gap-threshold
- sta-load-balance dynamic probe-report interval
- sta-load-balance dynamic rssi-diff-gap
- sta-load-balance dynamic rssi-threshold
- sta-load-balance dynamic sta-number start-threshold
- sta-load-balance dynamic steer-restrict auth-threshold
- sta-load-balance dynamic steer-restrict probe-threshold
- sta-load-balance dynamic steer-restrict restrict-time
- sta-load-balance mode
- sta-load-balance static-group
- sta-number gap-threshold
- sta-number start-threshold
- steer-restrict auth-threshold
- steer-restrict probe-threshold
- steer-restrict restrict-time
- uac channel-utilization threshold
- uac enable
- uac client-number threshold
- uac client-snr threshold
- uac reach-access-threshold
WLAN Roaming Commands (Central AP)
- beacon disable
- cts delay
- cts disable
- display station roam-statistics
- display station roam-track
- dot11r enable
- sfn-roam enable
- sfn-roam report-interval
- sfn-roam roam-check better-times
- sfn-roam roam-check check-interval
- sfn-roam roam-check gap-rssi
- sfn-roam roam-check high-threshold
- sfn-roam roam-check low-threshold
- sfn-roam roam-check rssi-accumulate
- sfn-roam roam-check sta-holding times
WLAN Location Configuration Commands(Central AP)
- display ble-profile
- display location-profile
- display wlan ble site-info
- location-profile
- location-profile (WLAN view)
- private mu-enable
- private mu protocol-version
- private report-frequency
- private server
- report-to-server
- sniffer enable
WLAN Security Configuration Commands (Central AP)
- anti-attack flood blacklist enable
- anti-attack flood disable
- anti-attack flood sta-rate-threshold
- arp anti-attack check user-bind enable
- brute-force-detect interval
- brute-force-detect quiet-time
- brute-force-detect threshold
- contain
- contain-mode
- device report-interval
- device synchronization-interval
- dhcp trust port
- display ap radio-environment
- display references wids-whitelist-profile
- display references wids-profile
- display references wids-spoof-profile
- display wids-whitelist-profile
- display wids-profile
- display wids-spoof-profile
- display references security-profile
- display references sta-blacklist-profile
- display references sta-whitelist-profile
- display security-profile
- display sta-blacklist-profile
- display station dynamic-blacklist
- display sta-whitelist-profile
- display wlan ids attack-detected
- display wlan ids attack-detected statistics
- display wlan ids attack-history
- display wlan ids contain
- display wlan ids device-detected
- display wlan ids device-detected statistics
- display wlan dynamic-blacklist
- display wlan ids rogue-history
- display wlan ids spoof-ssid fuzzy-match
- display wlan wapi certificate
- dynamic-blacklist aging-time
- dynamic-blacklist enable
- flood-detect interval
- flood-detect quiet-time
- flood-detect threshold
- ip source check user-bind enable
- learn-client-address dhcp-strict
- learn-client-address disable (VAP profile view)
- oui
- permit-ap
- pmf
- reset wlan ids attack-detected
- reset wlan ids attack-detected statistics
- reset wlan ids attack-history
- reset wlan ids device-detected
- reset wlan dynamic-blacklist
- reset wlan ids rogue-history
- security dot1x
- security psk
- security wapi
- security wep
- security-profile (wlan view)
- security-profile (VAP profile view)
- spoof-detect quiet-time
- spoof-ssid
- sta-access-mode
- sta-blacklist-profile
- sta-mac
- sta-whitelist-profile
- wapi asu
- wapi bk
- wapi cert-retrans-count
- wapi import certificate
- wapi import private-key
- wapi key-update
- wapi msk
- wapi sa-timeout
- wapi usk
- weak-iv-detect quiet-time
- wep default-key
- wep key
- wids attack detect enable
- wids contain enable
- wids device detect enable
- wids manual-contain
- wids-whitelist-profile (WLAN view)
- wids-whitelist-profile (WIDS profile view)
- wids-profile (WLAN view)
- wids-profile (AP group view and AP view)
- wids-spoof-profile (WLAN view)
- wids-spoof-profile (WIDS profile view)
- work-mode
- wpa ptk-update enable
- wpa ptk-update ptk-update-interval
Hotspot2.0 Configuration Commands (Central AP)
- cellular-network-profile
- cellular-network-profile (Hotspot2.0 profile view)
- connection-capability-profile
- connection-capability-profile (Hotspot2.0 profile view)
- connection-capability
- display cellular-network-profile
- display connection-capability-profile
- display hotspot2-profile
- display nai-realm-profile
- display operating-class-profile
- display operator-domain-profile
- display operator-name-profile
- display references cellular-network-profile
- display references connection-capability-profile
- display references hotspot2-profile
- display references nai-realm-profile
- display references operating-class-profile
- display references operator-domain-profile
- display references operator-name-profile
- display references roaming-consortium-profile
- display references venue-name-profile
- display roaming-consortium-profile
- display venue-name-profile
- domain-name
- hessid
- hotspot2-profile
- hotspot2-profile (VAP profile view)
- ipv4-address-avail
- nai-realm-profile
- nai-realm-profile (Hotspot2.0 profile view)
- nai-realm
- network-authen-type
- network-type
- operating-class-indication
- operating-class-profile
- operating-class-profile (Hotspot2.0 profile view)
- operator-domain-profile
- operator-domain-profile (Hotspot2.0 profile view)
- operator-friendly-name
- operator-name-profile
- operator-name-profile (Hotspot2.0 profile view)
- p2p-cross-connect disable
- plmn-id
- roaming-consortium-oi
- roaming-consortium-profile
- roaming-consortium-profile (Hotspot2.0 profile view)
- venue-name-profile
- venue-name-profile (Hotspot2.0 profile view)
- venue-name
- venue-type
WLAN Traffic Optimization Commands (Central AP)
- broadcast-suppression auto-detect
- display wlan igmp-snooping vap-cac
- igmp-snooping max-bandwidth (traffic profile view)
- igmp-snooping max-user (traffic profile view)
- igmp-snooping enable (traffic profile view)
- multicast-suppression auto-detect
- traffic-optimize arp-proxy enable
- traffic-optimize bcmc deny all
- traffic-optimize bcmc unicast-send
- traffic-optimize bcmc unicast-send mismatch-action drop
- traffic-optimize broadcast-suppression
- traffic-optimize multicast-suppression
- traffic-optimize multicast-unicast enable
- traffic-optimize multicast-unicast dynamic-adaptive disable
- traffic-optimize sta-bridge-forward disable
- traffic-optimize tcp adjust-mss
- traffic-optimize unicast-suppression
- unicast-suppression auto-detect
Reliability Commands
- BFD Configuration Commands
- VRRP Configuration Commands
Security Commands
- AAA Configuration Commands
  - aaa
  - aaa-author session-timeout invalid-value enable
  - aaa abnormal-offline-record
  - aaa offline-record
  - aaa online-fail-record
  - aaa-authen-bypass
  - aaa-author-bypass
  - aaa-author-cmd-bypass
  - aaa-quiet administrator except-list
  - accounting interim-fail
  - accounting realtime
  - accounting start-fail
  - accounting-mode
  - accounting-scheme (AAA domain view)
  - accounting-scheme (authentication profile view)
  - accounting-scheme (AAA view)
  - admin-user privilege level
  - authentication-mode (authentication scheme view)
  - authentication-scheme (AAA domain view)
  - authentication-scheme (authentication profile view)
  - authentication-scheme (AAA view)
  - authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable
  - authentication roam-accounting update-session-mode
  - authorization-cmd
  - authorization-info check-fail policy
  - authorization-mode
  - authorization-modify mode
  - authorization-scheme (AAA domain view)
  - authorization-scheme (authentication profile view)
  - authorization-scheme (AAA view)
  - cmd recording-scheme
  - cut access-user
  - display aaa
  - display aaa configuration
  - display aaa statistics access-type-authenreq
  - display aaa statistics offline-reason
  - display aaa-quiet administrator except-list
  - display access-user (All views)
  - display accounting-scheme
  - display authentication-scheme
  - display authorization-scheme
  - display domain
  - display local-access-code
  - display local-user
  - display local-user expire-time
  - display local-aaa-user password policy
  - display recording-scheme
  - display remote-user authen-fail
  - display service-scheme
  - dns (service scheme view)
  - domain (AAA view)
  - domain (system view)
  - domain-location
  - domain-name-delimiter
  - domainname-parse-direction
  - idle-cut (service scheme view)
  - local-aaa-user wrong-password
  - local-access-code
  - local-aaa-user password policy access-user
  - local-aaa-user password policy administrator
  - local-user (AAA view)
  - local-user change-password
  - local-user expire-date
  - local-user password
  - local-user service-type
  - local-user time-range
  - outbound recording-scheme
  - password alert before-expire
  - password alert original
  - password expire
  - password history record number
  - permit-domain
  - recording-mode hwtacacs
  - recording-scheme
  - redirect-acl
  - remote-aaa-user authen-fail
  - remote-user authen-fail unblock
  - reset aaa
  - reset aaa statistics access-type-authenreq
  - reset aaa statistics offline-reason
  - reset access-user statistics
  - reset local-user password history record
  - security-name enable
  - security-name-delimiter
  - service-scheme (aaa domain view)
  - service-scheme (AAA view)
  - state (AAA domain view)
  - statistic enable (AAA domain view)
  - statistic enable (authentication profile view)
  - system recording-scheme
  - user-group (AAA domain view)
  - user-password complexity-check
- RADIUS Configuration Commands
  - called-station-id mac-format
  - called-station-id wlan-user-format
  - calling-station-id mac-format
  - display radius-attribute
  - display radius-attribute check
  - display radius-attribute disable
  - display radius-attribute translate
  - display radius-server accounting-stop-packet
  - display radius-server authorization configuration
  - display radius-server configuration
  - display radius-server dead-interval dead-count detect-cycle
  - display radius-server item
  - display radius-server max-unresponsive-interval
  - display radius-server session-manage configuration
  - display snmp-agent trap feature-name radius all
  - radius-attribute check
  - radius-attribute disable
  - radius-attribute nas-ip
  - radius-attribute nas-ip (system view)
  - radius-attribute service-type with-authenonly-reauthen
  - radius-attribute set
  - radius-attribute translate
  - radius-server (aaa domain view)
  - radius-server (authentication profile view)
  - radius-server accounting
  - radius-server accounting-stop-packet resend
  - radius-server algorithm
  - radius-server attribute message-authenticator access-request
  - radius-server attribute translate
  - radius-server authentication
  - radius-server authorization
  - radius-server authorization attribute-decode-sameastemplate
  - radius-server authorization attribute-encode-sameastemplate
  - radius-server authorization calling-station-id decode-mac-format
  - radius-server authorization match-type
  - radius-server dead-detect-condition by-server-ip
  - radius-server dead-interval dead-count detect-cycle
  - radius-server detect-server interval
  - radius-server detect-server timeout
  - radius-server detect-server up-server interval
  - radius-server format-attribute
  - radius-server hw-ap-info-format include-ap-ip
  - radius-server hw-dhcp-option-format
  - radius-server max-unresponsive-interval
  - radius-server nas-identifier-format
  - radius-server nas-port-format
  - radius-server nas-port-id-format
  - radius-server retransmit timeout dead-time
  - radius-server session-manage
  - radius-server shared-key (RADIUS server template view)
  - radius-server shared-key (system view)
  - radius-server source ip-address
  - radius-server support chargeable-user-identity
  - radius-server template
  - radius-server testuser
  - radius-server traffic-unit
  - radius-server user-name domain-included
  - reset radius-server accounting-stop-packet
  - snmp-agent trap enable feature-name radius
  - test-aaa
- HWTACACS Configuration Commands
  - display hwtacacs-server accounting-stop-packet
  - display hwtacacs-server template
  - display hwtacacs-server template verbose
  - hwtacacs enable
  - hwtacacs-server
  - hwtacacs-server (authentication profile view)
  - hwtacacs-server accounting
  - hwtacacs-server accounting-stop-packet resend
  - hwtacacs-server authentication
  - hwtacacs-server authorization
  - hwtacacs-server shared-key
  - hwtacacs-server source-ip
  - hwtacacs-server source-ip (system view)
  - hwtacacs-server template
  - hwtacacs-server timer quiet
  - hwtacacs-server timer response-timeout
  - hwtacacs-server traffic-unit
  - hwtacacs-server user-name domain-included
  - hwtacacs-user change-password hwtacacs-server
  - reset hwtacacs-server accounting-stop-packet
  - reset hwtacacs-server statistics
- LDAP Configuration Commands
  - display ldap-server configuration
  - display ldap-server template
  - ldap-server authentication
  - ldap-server authentication base-dn
  - ldap-server authentication manager
  - ldap-server authentication manager-anonymous enable
  - ldap-server authentication manager-password
  - ldap-server authentication manager-with-base-dn enable
  - ldap-server authorization bind-user enable
  - ldap-server group-filter
  - ldap-server server-type
  - ldap-server ssl version
  - ldap-server template
  - ldap-server user-filter
  - ldap-server (aaa domain view)
  - ldap-server (authentication profile view)
- AD Configuration Commands
  - ad-server authentication
  - ad-server authentication base-dn
  - ad-server authentication host-name
  - ad-server authentication ldap-port
  - ad-server authentication manager
  - ad-server authentication manager-anonymous enable
  - ad-server authentication manager-with-base-dn enable
  - ad-server authorization bind-user enable
  - ad-server group-filter
  - ad-server template
  - ad-server user-filter
  - ad-server (aaa domain view)
  - ad-server (authentication profile view)
  - display ad-server template
- NAC Configuration Commands
  - access-domain
  - acl-id (user group view)
  - authentication event action authorize
  - authentication event authen-server-up action re-authen
  - authentication event client-no-response action authorize
  - authentication event portal-server-down action authorize
  - authentication event portal-server-up action re-authen
  - authentication ip-address in-accounting-start
  - authentication ip-conflict-check enable
  - authentication roam pre-authen mac-authen enable
  - authentication single-access
  - authentication speed-limit auto
  - authentication user-alarm percentage
  - authentication-profile (VAP profile view)
  - authentication-profile (system view)
  - authentication portal-ip-trigger
  - authentication termination-action reauthenticate
  - authorize
  - display access-user
  - display authentication-profile configuration
  - display authentication user-alarm configuration
  - display dot1x
  - display dot1x-access-profile configuration
  - display dot1x quiet-user
  - display free-rule-template configuration
  - display mac-access-profile configuration
  - display mac-authen
  - display mac-authen quiet-user
  - display portal
  - display portal free-rule
  - display portal local-server connect
  - display portal local-server
  - display portal local-server page-information
  - display portal local-server wechat-authen user (Central AP)
  - display portal user-logout
  - display portal-access-profile configuration
  - display portal quiet-user
  - display portal url-encode configuration
  - display server-detect state
  - display url-template
  - display user-group
  - display web-auth-server configuration
  - display webmng configuration
  - dot1x abnormal-track cache-record-num
  - dot1x authentication-method
  - dot1x eap-notify-packet
  - dot1x quiet-period
  - dot1x quiet-times
  - dot1x reauthenticate mac-address
  - dot1x reauthenticate
  - dot1x retry
  - dot1x timer
  - dot1x timer tx-period
  - dot1x timer quiet-period
  - dot1x-access-profile (authentication profile view)
  - dot1x-access-profile (system view)
  - free-rule
  - free-rule-template (authentication profile view)
  - free-rule-template (system view)
  - http get-method enable
  - http-method post
  - mac-access-profile (authentication profile view)
  - mac-access-profile (system view)
  - mac-authen authentication-method
  - mac-authen quiet-times
  - mac-authen reauthenticate mac-address
  - mac-authen reauthenticate
  - mac-authen timer quiet-period
  - mac-authen timer reauthenticate-period
  - mac-authen username
  - parameter
  - polling-time (Central AP)
  - port (Portal server profile view)
  - portal captive-adaptive enable
  - portal captive-bypass enable
  - portal https-redirect enable (Cloud AP)
  - portal http-proxy-redirect enable
  - portal local-server access-code
  - portal local-server ad-image load
  - portal local-server anonymous
  - portal local-server authentication-method
  - portal local-server background-color
  - portal local-server background-image load
  - portal local-server enable
  - portal local-server ip
  - portal local-server keep-alive
  - portal local-server load
  - portal local-server logo load
  - portal local-server max-user
  - portal local-server
  - portal local-server page-text load
  - portal local-server policy-text load
  - portal local-server pre-auth-suppression (Central AP)
  - portal local-server redirect-url enable
  - portal local-server timer pre-auth time (Central AP)
  - portal local-server timer session-timeout
  - portal local-server url
  - portal local-server syslog-limit enable
  - portal local-server syslog-limit period
  - portal local-server default-language
  - portal local-server wechat (Central AP)
  - portal local-server wechat-authen (Central AP)
  - portal logout different-server enable
  - portal logout resend timeout
  - portal max-user
  - portal quiet-period
  - portal quiet-times
  - portal redirect-http-port
  - portal redirect-302 enable
  - portal timer quiet-period
  - portal url-encode enable
  - portal user-alarm percentage
  - portal user-roam-out reply enable
  - portal-access-profile (authentication profile view)
  - portal-access-profile (system view)
  - portal web-authen-server
  - public-account (Central AP)
  - force-push
  - protocol
  - priority
  - remote-access-user manage
  - reset dot1x statistics
  - reset mac-authen statistics
  - server-detect
  - server-ip (Portal server profile view)
  - shared-key (Portal server profile view)
  - shop-id (Central AP)
  - source-interface (Portal server template view)
  - source-ip (Portal server profile view)
  - url (URL template view)
  - url (Portal server profile view)
  - url-parameter mac-address format
  - url-parameter
  - url-parameter set
  - url-template name
  - url-template (Portal server profile view)
  - user-group
  - user-isolated
  - user-sync
  - user-vlan
  - web-auth-server listening-port
  - web-auth-server (Portal access profile view)
  - web-auth-server reply-message
  - web-auth-server (system view)
  - web-auth-server source-ip
  - web-auth-server version
  - web-description
  - web-redirection disable (Portal server profile view)
  - wechat-server-ip (Central AP)
- ACL Configuration Commands
  - acl name
  - acl (system view)
  - description
  - display acl
  - display acl resource
  - display time-range
  - passthrough-domain
  - rule (advanced ACL view)
  - rule (basic ACL view)
  - rule (layer 2 ACL view)
  - rule (user ACL view)
  - rule description
  - step
  - time-range
- Local Attack Defense Configuration Commands
  - application-apperceive
  - auto-defend enable
  - auto-defend action
  - auto-defend alarm enable
  - auto-defend alarm threshold
  - auto-defend protocol
  - auto-defend threshold
  - auto-defend trace-type
  - cpu-defend application-apperceive enable
  - cpu-defend-policy
  - cpu-defend policy
  - deny
  - description (attack defense policy view)
  - display auto-defend attack-source
  - display auto-defend configuration
  - display cpu-defend configuration
  - display cpu-defend policy
  - display cpu-defend statistics
  - packet-type
  - packet-type priority
  - rate-limit all-packets
  - reset auto-defend attack-source
  - reset cpu-defend statistics
- Attack Defense Configuration Commands
  - anti-attack abnormal enable
  - anti-attack enable
  - anti-attack fragment enable
  - anti-attack fragment car
  - anti-attack icmp-flood enable
  - anti-attack icmp-flood car
  - anti-attack tcp-syn enable
  - anti-attack tcp-syn car
  - anti-attack udp-flood enable
  - display anti-attack statistics
  - reset anti-attack statistics
- Traffic Suppression and Storm Control Configuration Commands
  - broadcast-suppression (interface view)
  - display flow-suppression interface
  - icmp rate-limit
  - icmp rate-limit enable
  - multicast-suppression (interface view)
  - unicast-suppression (interface view)
- ARP Security Configuration Commands
  - arp anti-attack entry-check enable
  - arp anti-attack log-trap-timer
  - arp anti-attack packet-check sender-mac
  - arp anti-attack rate-limit
  - arp anti-attack rate-limit alarm enable
  - arp anti-attack rate-limit alarm threshold
  - arp anti-attack rate-limit enable
  - arp gratuitous-arp send enable
  - arp gratuitous-arp send interval
  - arp learning strict (interface view)
  - arp learning strict (system view)
  - arp speed-limit source-mac
  - arp speed-limit source-ip
  - arp validate
  - arp-fake expire-time
  - arp-limit
  - arp-miss anti-attack rate-limit
  - arp-miss anti-attack rate-limit alarm enable
  - arp-miss anti-attack rate-limit alarm threshold
  - arp-miss anti-attack rate-limit enable
  - arp-miss speed-limit source-ip
  - display arp anti-attack configuration
  - display arp learning strict
  - display arp packet statistics
  - display arp-limit
  - reset arp anti-attack statistics rate-limit
  - reset arp packet statistics
- DHCP Snooping Configuration Commands
  - arp dhcp-snooping-detect enable
  - dhcp option82 enable
  - dhcp option82 encapsulation
  - dhcp option82 format
  - dhcp option82 subscriber-id format
  - dhcp option82 vendor-specific format
  - dhcp server detect
  - dhcp snooping alarm dhcp-rate enable
  - dhcp snooping alarm dhcp-rate threshold
  - dhcp snooping alarm enable
  - dhcp snooping alarm threshold
  - dhcp snooping check dhcp-giaddr enable
  - dhcp snooping check dhcp-rate
  - dhcp snooping check dhcp-rate enable
  - dhcp snooping check dhcp-chaddr enable
  - dhcp snooping check dhcp-request enable
  - dhcp snooping disable
  - dhcp snooping enable
  - dhcp snooping enable no-user-binding
  - dhcp snooping max-user-number
  - dhcp snooping user-alarm percentage
  - dhcp snooping user-bind autosave
  - dhcp snooping user-transfer enable
  - display dhcp option82 configuration
  - display dhcp snooping
  - display dhcp snooping configuration
  - display dhcp snooping statistics
  - display dhcp snooping user-bind
  - reset dhcp snooping statistics
  - reset dhcp snooping user-bind
- IP Source Guard Configuration Commands
  - display dhcp static user-bind
  - user-bind static
- PKI Configuration Commands
  - auto-enroll
  - ca id
  - cdp-url
  - certificate-check
  - common-name
  - country (PKI entity view)
  - crl auto-update enable
  - crl cache
  - crl http
  - crl scep
  - crl update-period
  - display pki ca-capability
  - display pki cert-req
  - display pki certificate
  - display pki certificate built-in-ca
  - display pki certificate enroll-status
  - display pki certificate filename
  - display pki credential-storage-path
  - display pki crl
  - display pki entity
  - display pki ocsp cache detail
  - display pki ocsp cache statistics
  - display pki ocsp server down-information
  - display pki realm
  - display pki rsa built-in-ca public
  - display pki rsa local-key-pair
  - email
  - enrollment self-signed
  - enrollment-request signature message-digest-method
  - enrollment-url
  - entity
  - fingerprint
  - fqdn
  - ip-address
  - key-usage
  - locality
  - ocsp nonce enable
  - ocsp signature enable
  - ocsp url
  - ocsp-url from-ca
  - organization-unit
  - organization
  - password (PKI realm view)
  - pki built-in-ca match-rsa-key
  - pki create-certificate
  - pki delete-certificate
  - pki delete-certificate built-in-ca
  - pki delete-crl
  - pki enroll-certificate
  - pki entity
  - pki export-certificate
  - pki export-certificate default
  - pki export built-in-ca rsa-key-pair
  - pki export rsa-key-pair
  - pki file-format
  - pki generate built-in-ca certificate
  - pki get-certificate
  - pki get-crl
  - pki http
  - pki import-certificate
  - pki import-certificate built-in-ca
  - pki import-crl
  - pki import built-in-ca rsa-key-pair
  - pki import rsa-key-pair
  - pki match-rsa-key
  - pki ocsp response cache enable
  - pki ocsp response cache number
  - pki ocsp response cache refresh interval
  - pki realm (system view)
  - pki rsa built-in-ca
  - pki rsa local-key-pair create
  - pki rsa local-key-pair destroy
  - pki set-certificate expire-prewarning
  - pki validate ocsp-server-certificate enable
  - pki validate-certificate
  - reset pki ocsp response cache
  - reset pki ocsp server down-information
  - rsa local-key-pair
  - source
  - state (PKI entity view)
- SSL Configuration Commands
  - ciphersuite
  - display ssl connection statistics
  - display ssl policy
  - pki-realm
  - prefer-ciphersuite
  - reset ssl connection statistics
  - server-verify enable
  - session
  - ssl policy
  - ssl renegotiation-rate
  - version (Client SSL policy view)
  - version (server SSL policy view)
- HTTPS Configuration Commands
  - http secure-server enable
  - http secure-server ssl-policy
  - http secure-server port
- URL Filtering Configuration Commands (Common AP)
  - blacklist
  - default-action
  - defence-profile (system view)
  - defence-profile (user group view)
  - defence-profile (VAP profile view)
  - display defence-profile
  - display references defence-profile
  - display url-filter statistics (Common AP)
  - display url-filter-profile
  - profile type url-filter
  - profile type url-filter (attack defense profile view)
  - reset url-filter statistics
  - whitelist
- URL Filtering Configuration Commands(Central AP)
  - add { blacklist | whitelist } (URL filtering profile view)
  - add referer-host
  - default action (URL filtering profile view)
  - defence engine enable
  - defence engine log timeout
  - defence-profile (interface view)
  - defence-profile (system view)
  - defence-profile (user group view)
  - defence-profile (VAP profile view)
  - display references defence-profile
  - display defence-profile
  - description (URL filtering profile view)
  - display profile type url-filter
  - display url-filter statistics
  - profile type url-filter copy
  - profile type url-filter (attack defense profile view)
  - profile type url-filter name
  - referer-filter whitelist-all enable
  - rename (URL filtering profile view)
  - reset url-filter statistics
  - url-filter anti-bypass enable
  - url-filter high-performance mode enable
  - url-filter https-filter consistency-check enable
- IAE Advanced Configuration Commands (Central AP)
  - display engine information
  - display engine session statistics
  - display engine session table
  - display engine statistics
  - display fragment-reassemble configuration
  - display fragment-reassemble session table
  - display fragment-reassemble statistics
  - display profile
  - display stream-reassemble configuration
  - decoding uri-cache
  - engine configuration commit
  - engine enhanced-detection
  - engine http status-code
  - engine log enable
  - engine pass-through enable
  - fragment-reassemble enable
  - fragment-reassemble overflow-mode
  - fragment-reassemble user-configure
  - reset engine session statistics
  - reset engine session table
  - reset engine statistics
  - reset fragment-reassemble statistics
  - stream-reassemble enable
  - stream-reassemble enhanced-mode
  - stream-reassemble overflow-mode
  - stream-reassemble overlap-mode
  - stream-reassemble session-cache
  - stream-reassemble session-timeout
  - stream-reassemble tcp-option check
  - stream-reassemble timestamp check
  - stream-reassemble user-configure defense-check
- Updating Signature Databases Configuration Commands (Central AP)
  - display update configuration
  - display update host source
  - display update information all-sdb
  - display update status
  - display version (engine or signature database)
  - update abort
  - update apply
  - update confirm
  - update download-server aging-time
  - update force apply
  - update force local
  - update force online
  - update force restore sdb-default
  - update force rollback
  - update host source
  - update local
  - update online
  - update online-mode
  - update proxy
  - update proxy enable
  - update restore sdb-default
  - update rollback
  - update schedule
  - update schedule enable
  - update schedule retry-download interval
  - update schedule retry-load interval
  - update server
- Intrusion Prevention Configuration Commands (Central AP)
  - action (IPS signature filter view)
  - action (user-defined IPS signature view)
  - application (IPS signature filter view)
  - assoc-check enable
  - category (IPS signature filter view)
  - check (user-defined signature rule view)
  - cnc domain-filter enable
  - cnc domain-filter exception domain-name
  - collect-attack-evidence enable (intrusion prevention profile view)
  - condition (user-defined signature rule view)
  - condition associated (user-defined signature rule view)
  - condition move (user-defined signature rule view)
  - context-awareness enable
  - description (intrusion prevention profile view)
  - description (user-defined IPS signature view)
  - destination-ip (user-defined signature rule view)
  - destination-port (user-defined signature rule view)
  - display cnc domain-filter domain statistics
  - display cnc domain-filter exception
  - display cnc domain-filter statistics
  - display cnc information
  - display context-awareness information statistics
  - display context-awareness statistics
  - display ips signature-id rule
  - display ips signature-state
  - display ips statistics
  - display ips signature-action
  - display ips-signature
  - display ips-signature cve-id
  - display ips-signature statistics
  - display ips-signature vendor-id
  - display profile type ips
  - dns domain check
  - dns domain length check
  - dns malformed-packet check
  - dns request-type check
  - dns session request-times check
  - exception ips-signature-id
  - http multi-host check
  - http ssh-over-http check
  - http x-forwarded-for check
  - http x-forwarded-for whitelist
  - http x-online-host blacklist
  - http x-online-host check
  - ips associated pre-defined
  - ips collect-attack-evidence max-session-number
  - ips log based-on-session
  - ips log extend enable
  - ips log merge enable
  - ips signature-action
  - ips signature-id
  - ips signature-state
  - name (user-defined IPS signature view)
  - os (IPS signature filter view)
  - profile type ips (attack defense profile view)
  - profile type ips copy
  - profile type ips name
  - protocol (IPS signature filter view)
  - protocol (user-defined IPS signature view)
  - rename (intrusion prevention profile view)
  - rename (IPS signature filter view)
  - rename (user-defined signature rule view)
  - reset cnc domain-filter statistics
  - reset context-awareness information statistics
  - reset context-awareness statistics
  - reset ips statistics
  - reset ips-signature statistics
  - rule name (user-defined IPS signature view)
  - scope (user-defined signature rule view)
  - severity (IPS signature filter view)
  - severity (user-defined IPS signature view)
  - signature-set move
  - signature-set name
  - source-ip (user-defined signature rule view)
  - source-port (user-defined signature rule view)
  - target (IPS signature filter view)
  - target (user-defined IPS signature view)
- Antivirus Configuration Commands (Central AP)
  - av extract hash enable
  - av log merge enable
  - collect-attack-evidence enable (antivirus profile view)
  - description (antivirus profile view)
  - display av statistics
  - display av-signature
  - display profile type av
  - exception application
  - exception av-signature-id
  - ftp-detect
  - http-detect
  - imap-detect
  - nfs-detect
  - pop3-detect
  - profile type av copy
  - profile type av (attack defense profile view)
  - profile type av name
  - rename (antivirus profile view)
  - reset av statistics
  - smb-detect
  - smtp-detect
- Global IAE Configuration Commands (Central AP)
  - display file-frame information
  - display file-frame statistics
  - file-frame breakpoint-resume-blocking protocol
  - file-frame decompress depth
  - file-frame decompress depth action
  - file-frame decompress size
  - file-frame decompress size action
  - reset file-frame statistics
QoS Commands
- Traffic Policing Commands
- ACL-based Simplified Traffic Policy Commands
- Commands for Configuring Global Rate Limiting for Broadcast and Multicast Packets
- WLAN QoS Configuration Commands(Common AP)
- WLAN QoS Configuration Commands (Central AP)
- SAC Configuration Commands (Common AP)
- SAC Configuration Commands (Central AP)
Network Management and Monitoring Commands
- SNMP Configuration Commands
- Mirroring Configuration Commands
- Ping and Tracert Configuration Commands
  - ping
  - tracert
- LLDP Configuration Commands
- Packet Capture Configuration Command
  - capture-packet
- Service Diagnosis Configuration Commands
- Managing WLAN Access Site Information Commands
- WMI Commands

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

radius-server authorization

Function

The radius-server authorization command configures the RADIUS authorization server.

The undo radius-server authorization command deletes the configured RADIUS authorization server.

By default, no RADIUS authorization server is configured.

Format

radius-server authorization ip-address { server-group group-name shared-key cipher key-string | shared-key cipher key-string [ server-group group-name ] } [ protect enable ]

undo radius-server authorization { all | ip-address }

Parameters

Parameter	Description	Value
ip-address	Specifies the IP address of a RADIUS authorization server.	The value is a unicast address in dotted decimal notation.
server-group group-name	Specifies the name of a RADIUS group corresponding to a RADIUS server template.	The value is a string of 1 to 32 characters, including letters (case-sensitive), numerals (0 to 9), punctuation mark (.), dash (-), and underline (_). The value cannot be - or --.
shared-key cipher key-string	Specifies the shared key of a RADIUS server.	The value is a case-sensitive character string without spaces or question marks (?). The key-string may be a plain text consisting of 1 to 128 characters or a string of 48, 68, 88, 108, 128, 148, 168, or 188 characters in cipher text.
protect enable	Enables the security hardening function.	-
all	Deletes all RADIUS authorization servers.	-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

An independent RADIUS authorization server can be used to authorize online users. RADIUS provides two authorization methods: Change of Authorization (CoA) and Disconnect Message (DM).

CoA: After a user is successfully authenticated, you can modify the rights of the online user through the RADIUS authorization server. For example, a VLAN ID can be delivered to access users of a certain department through CoA packets, so that they belong to the same VLAN no matter which interfaces they connect to.
DM: The administrator can forcibly disconnect a user through the RADIUS authorization server.

After the parameters such as IP address and shared key are configured for the RADIUS authorization server, the device can receive authorization requests from the server and grant rights to users according to the authorization information. After authorization is complete, the device returns authorization response packets carrying the results to the server.

After the security hardening function is enabled by specifying the protect enable parameter, the following occurs:

When a CoA or DM request packet carries the Message-Authenticator attribute, the device checks the Message-Authenticator attribute. If the check fails, the device discards the request packet and does not respond the packet. If the check succeeds, the device sends a CoA or DM response packet (ACK or NAK) that carries the Message-Authenticator attribute.
When a CoA or DM request packet does not carry the Message-Authenticator attribute, the device does not check the attribute and sends a CoA or DM response packet (ACK or NAK) that does not carry the Message-Authenticator attribute.

When a CoA or DM request packet carries the Message-Authenticator attribute, if the radius-attribute disable message-authenticator receive command is configured, the device does not check the attribute and sends a response packet that does not carry the Message-Authenticator attribute; if the radius-attribute disable message-authenticator send command is configured, the device sends a response packet that does not carry the Message-Authenticator attribute even if the attribute check succeeds.

Precautions

To improve security, it is recommended that the password contains at least three types of lower-case letters, upper-case letters, numerals, and special characters, and contains at least 16 characters.

Example

# Specify a RADIUS authorization server.

<Huawei> system-view
[Huawei] radius-server authorization 10.1.1.116 shared-key cipher Huawei@2012

radius-server template

Translation

简体中文

Download

Updated: 2019-11-21

Document ID: EDOC1100064352

Downloads: 122

Average rating:

This Document Applies to these Products

Related Version

Reminder

Fat AP and Cloud AP V200R010C00 Command Reference

radius-server authorization

Function

Format

Parameters

Views

Default Level

Usage Guidelines

Example

About Huawei

How to Buy

Partner

Resources

Others

Enterprise App

Reminder

Enterprise

Corporate

Consumer

Carrier

Africa

Latin America

Middle East

Asia Pacific

North America

Europe

Fat AP and Cloud AP V200R010C00 Command Reference

radius-server authorization

Function

Format

Parameters

Views

Default Level

Usage Guidelines

Example

About Huawei

How to Buy

Partner

Resources

Others

Enterprise App