Fat AP and Cloud AP V200R019C00 Command Reference PDF

Fat AP and Cloud AP
V200R019C00
Command Reference
Issue 08
Date 2021-11-15
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://e.huawei.com
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. i

Fat AP and Cloud AP
Command Reference Contents
Contents
1 About This Document.............................................................................................................1

2 How to Use Command Lines.................................................................................................4
2.1 Entering Command Views.................................................................................................................................................... 4
2.2 Setting Command Levels...................................................................................................................................................... 6
2.3 Editing Command Lines........................................................................................................................................................ 7
2.4 Using Command Line Online Help....................................................................................................................................9
2.5 Interpreting Command Line Error Messages...............................................................................................................11
2.6 Using the undo Command Line....................................................................................................................................... 11
2.7 Displaying History Commands......................................................................................................................................... 12
2.8 Using Command Line Shortcut Keys.............................................................................................................................. 13
3 Basic Configurations Commands....................................................................................... 16

3.1 CLI Overview Commands................................................................................................................................................... 16
3.1.1 cls............................................................................................................................................................................................ 16
3.1.2 command-privilege level.................................................................................................................................................17
3.1.3 diagnose............................................................................................................................................................................... 19
3.1.4 display history-command............................................................................................................................................... 20
3.1.5 display language................................................................................................................................................................ 21
3.1.6 display this........................................................................................................................................................................... 22
3.1.7 header................................................................................................................................................................................... 23
3.1.8 display hotkey..................................................................................................................................................................... 26
3.1.9 hotkey.................................................................................................................................................................................... 27
3.1.10 quit....................................................................................................................................................................................... 29
3.1.11 return................................................................................................................................................................................... 30
3.1.12 system-view...................................................................................................................................................................... 31
3.2 First Login Commands........................................................................................................................................................ 32
3.2.1 clock datetime.................................................................................................................................................................... 32
3.2.2 clock daylight-saving-time............................................................................................................................................. 33
3.2.3 clock timezone....................................................................................................................................................................36
3.2.4 display clock........................................................................................................................................................................ 38
3.2.5 sysname................................................................................................................................................................................ 44
3.2.6 ip domain-name................................................................................................................................................................ 45
3.3 UI Configuration Commands............................................................................................................................................ 46
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. ii

Fat AP and Cloud AP
3.3.1 acl (user interface view)................................................................................................................................................. 46

3.3.2 authentication-mode (user interface view)............................................................................................................. 48
3.3.3 auto-execute command.................................................................................................................................................. 49
3.3.4 databits................................................................................................................................................................................. 50
3.3.5 display mib-index interface............................................................................................................................................ 51
3.3.6 display user-interface....................................................................................................................................................... 53
3.3.7 display user-interface maximum-vty.......................................................................................................................... 55
3.3.8 display users........................................................................................................................................................................ 56
3.3.9 display vty lines.................................................................................................................................................................. 58
3.3.10 display vty mode............................................................................................................................................................. 58
3.3.11 free user-interface........................................................................................................................................................... 59
3.3.12 history-command max-size......................................................................................................................................... 60
3.3.13 idle-timeout...................................................................................................................................................................... 61
3.3.14 mmi-mode enable.......................................................................................................................................................... 62
3.3.15 parity................................................................................................................................................................................... 63
3.3.16 protocol inbound............................................................................................................................................................. 64
3.3.17 screen-length.................................................................................................................................................................... 65
3.3.18 screen-width..................................................................................................................................................................... 66
3.3.19 set authentication password....................................................................................................................................... 67
3.3.20 shell...................................................................................................................................................................................... 69
3.3.21 speed (user interface view)......................................................................................................................................... 70
3.3.22 stopbits............................................................................................................................................................................... 71
3.3.23 user privilege.................................................................................................................................................................... 72
3.3.24 user-interface.................................................................................................................................................................... 75
3.3.25 user-interface current.................................................................................................................................................... 77
3.3.26 user-interface maximum-vty....................................................................................................................................... 78
3.4 User Login Configuration Commands........................................................................................................................... 79
3.4.1 config lock............................................................................................................................................................................ 79
3.4.2 config unlock interval...................................................................................................................................................... 80
3.4.3 console ble-mode (system view)................................................................................................................................. 81
3.4.4 display config lock............................................................................................................................................................. 82
3.4.5 display console ble-mode............................................................................................................................................... 84
3.4.6 display rsa local-key-pair public................................................................................................................................... 85
3.4.7 display rsa peer-public-key............................................................................................................................................. 87
3.4.8 display ssh server............................................................................................................................................................... 88
3.4.9 display ssh user-information..........................................................................................................................................91
3.4.10 display telnet server status.......................................................................................................................................... 92
3.4.11 display telnet-client........................................................................................................................................................ 93
3.4.12 display ecc local-key-pair public................................................................................................................................ 94
3.4.13 display ecc peer-public-key.......................................................................................................................................... 96
3.4.14 display wlan ble-link-info............................................................................................................................................. 97
3.4.15 ecc local-key-pair create............................................................................................................................................... 98
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. iii

Fat AP and Cloud AP
3.4.16 ecc local-key-pair destroy.......................................................................................................................................... 100

3.4.17 ecc peer-public-key.......................................................................................................................................................101
3.4.18 lock.................................................................................................................................................................................... 103
3.4.19 matched upper-view.................................................................................................................................................... 104
3.4.20 peer-public-key end..................................................................................................................................................... 105
3.4.21 public-key-code begin................................................................................................................................................. 106
3.4.22 public-key-code end.....................................................................................................................................................108
3.4.23 rsa local-key-pair create............................................................................................................................................. 109
3.4.24 rsa local-key-pair destroy.......................................................................................................................................... 110
3.4.25 rsa peer-public-key....................................................................................................................................................... 111
3.4.26 ssh client assign............................................................................................................................................................ 113
3.4.27 ssh client first-time enable........................................................................................................................................ 114
3.4.28 ssh client key-exchange.............................................................................................................................................. 115
3.4.29 ssh client secure-algorithms hmac......................................................................................................................... 117
3.4.30 ssh client secure-algorithms cipher........................................................................................................................ 118
3.4.31 ssh server authentication-retries............................................................................................................................. 119
3.4.32 ssh server key-exchange.............................................................................................................................................120
3.4.33 ssh server permit interface........................................................................................................................................ 121
3.4.34 ssh server port............................................................................................................................................................... 122
3.4.35 ssh server rekey-interval.............................................................................................................................................123
3.4.36 ssh server secure-algorithms hmac........................................................................................................................ 124
3.4.37 ssh server secure-algorithms cipher....................................................................................................................... 125
3.4.38 ssh server timeout........................................................................................................................................................ 126
3.4.39 ssh user assign............................................................................................................................................................... 127
3.4.40 ssh user authentication-type.................................................................................................................................... 129
3.4.41 stelnet............................................................................................................................................................................... 132
3.4.42 stelnet ap (Central AP)............................................................................................................................................... 134
3.4.43 stelnet server enable................................................................................................................................................... 135
3.4.44 telnet................................................................................................................................................................................. 136
3.4.45 telnet client-source...................................................................................................................................................... 137
3.4.46 telnet server permit interface...................................................................................................................................138
3.4.47 telnet server port.......................................................................................................................................................... 140
3.4.48 telnet server enable..................................................................................................................................................... 141
3.5 File Management Commands........................................................................................................................................ 142
3.5.1 ascii...................................................................................................................................................................................... 142
3.5.2 binary.................................................................................................................................................................................. 143
3.5.3 bye........................................................................................................................................................................................ 143
3.5.4 cd (FTP client view)........................................................................................................................................................ 144
3.5.5 cd (SFTP client view)..................................................................................................................................................... 145
3.5.6 cd (user view)................................................................................................................................................................... 146
3.5.7 cdup (SFTP client view)................................................................................................................................................ 148
3.5.8 cdup (FTP client view)................................................................................................................................................... 149
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. iv

Fat AP and Cloud AP
3.5.9 close..................................................................................................................................................................................... 150

3.5.10 copy................................................................................................................................................................................... 151
3.5.11 debugging....................................................................................................................................................................... 154
3.5.12 delete (user view)......................................................................................................................................................... 154
3.5.13 dir (user view)................................................................................................................................................................156
3.5.14 delete (FTP client view).............................................................................................................................................. 159
3.5.15 dir/ls (FTP client view)................................................................................................................................................ 160
3.5.16 dir/ls (SFTP client view)..............................................................................................................................................163
3.5.17 disconnect....................................................................................................................................................................... 164
3.5.18 display ftp-server.......................................................................................................................................................... 165
3.5.19 display ftp-users............................................................................................................................................................ 166
3.5.20 display ftp-client........................................................................................................................................................... 168
3.5.21 display sftp-client......................................................................................................................................................... 169
3.5.22 display tftp-client.......................................................................................................................................................... 170
3.5.23 execute............................................................................................................................................................................. 171
3.5.24 file prompt...................................................................................................................................................................... 172
3.5.25 format............................................................................................................................................................................... 173
3.5.26 ftp....................................................................................................................................................................................... 175
3.5.27 ftp acl................................................................................................................................................................................ 176
3.5.28 ftp client-source............................................................................................................................................................ 177
3.5.29 ftp server enable........................................................................................................................................................... 179
3.5.30 ftp server permit interface.........................................................................................................................................180
3.5.31 ftp server port................................................................................................................................................................ 181
3.5.32 ftp server-source........................................................................................................................................................... 183
3.5.33 ftp timeout...................................................................................................................................................................... 184
3.5.34 get (FTP client view)................................................................................................................................................... 185
3.5.35 get (SFTP client view)................................................................................................................................................. 186
3.5.36 help (SFTP client view)............................................................................................................................................... 187
3.5.37 mkdir (FTP client view).............................................................................................................................................. 188
3.5.38 mkdir (SFTP client view)............................................................................................................................................ 189
3.5.39 mkdir (User view)......................................................................................................................................................... 190
3.5.40 lcd....................................................................................................................................................................................... 192
3.5.41 more.................................................................................................................................................................................. 193
3.5.42 mount............................................................................................................................................................................... 195
3.5.43 move................................................................................................................................................................................. 196
3.5.44 open.................................................................................................................................................................................. 198
3.5.45 passive.............................................................................................................................................................................. 200
3.5.46 put (FTP client view)................................................................................................................................................... 201
3.5.47 put (SFTP client view)................................................................................................................................................. 202
3.5.48 pwd (FTP client view)................................................................................................................................................. 204
3.5.49 pwd (SFTP client view)............................................................................................................................................... 204
3.5.50 pwd (user view)............................................................................................................................................................ 205
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. v

Fat AP and Cloud AP
3.5.51 quit (FTP client view).................................................................................................................................................. 206

3.5.52 quit (SFTP client view)................................................................................................................................................ 207
3.5.53 remotehelp...................................................................................................................................................................... 208
3.5.54 remove (SFTP client view)......................................................................................................................................... 209
3.5.55 rename (SFTP client view)........................................................................................................................................ 210
3.5.56 rename (user view)...................................................................................................................................................... 211
3.5.57 reset recycle-bin............................................................................................................................................................ 213
3.5.58 rmdir (FTP client view)............................................................................................................................................... 215
3.5.59 rmdir (SFTP client view)............................................................................................................................................. 216
3.5.60 rmdir (user view).......................................................................................................................................................... 217
3.5.61 set default ftp-directory............................................................................................................................................. 218
3.5.62 sftp..................................................................................................................................................................................... 219
3.5.63 sftp ap (Central AP)..................................................................................................................................................... 222
3.5.64 sftp client-source...........................................................................................................................................................223
3.5.65 sftp server enable......................................................................................................................................................... 225
3.5.66 tftp..................................................................................................................................................................................... 225
3.5.67 tftp client-source........................................................................................................................................................... 227
3.5.68 tftp-server acl................................................................................................................................................................. 229
3.5.69 umount............................................................................................................................................................................. 230
3.5.70 undelete........................................................................................................................................................................... 231
3.5.71 unzip..................................................................................................................................................................................232
3.5.72 user.................................................................................................................................................................................... 234
3.5.73 verbose............................................................................................................................................................................. 235
3.5.74 zip....................................................................................................................................................................................... 236
3.6 Configuring System Startup Commands.................................................................................................................... 238
3.6.1 autosave interval............................................................................................................................................................. 238
3.6.2 autosave time................................................................................................................................................................... 241
3.6.3 compare configuration.................................................................................................................................................. 244
3.6.4 display autosave configuration.................................................................................................................................. 245
3.6.5 display current-configuration..................................................................................................................................... 247
3.6.6 display reset-reason....................................................................................................................................................... 248
3.6.7 display saved-configuration........................................................................................................................................ 256
3.6.8 display schedule reboot................................................................................................................................................ 257
3.6.9 display startup.................................................................................................................................................................. 258
3.6.10 reset saved-configuration.......................................................................................................................................... 259
3.6.11 reboot............................................................................................................................................................................... 261
3.6.12 reset factory-configuration........................................................................................................................................262
3.6.13 startup patch.................................................................................................................................................................. 263
3.6.14 reset patch-configure.................................................................................................................................................. 264
3.6.15 save.................................................................................................................................................................................... 265
3.6.16 schedule reboot............................................................................................................................................................. 267
3.6.17 startup saved-configuration......................................................................................................................................268
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. vi

Fat AP and Cloud AP
3.6.18 startup system-software............................................................................................................................................ 270

3.7 Upgrade Commands.......................................................................................................................................................... 270
3.7.1 ap-mode-switch............................................................................................................................................................... 271
3.7.2 ap-mode-switch check.................................................................................................................................................. 272
3.7.3 ap-mode-switch ftp........................................................................................................................................................ 273
3.7.4 ap-mode-switch prepare.............................................................................................................................................. 275
3.7.5 ap-mode-switch sftp...................................................................................................................................................... 276
3.7.6 display paf......................................................................................................................................................................... 279
3.7.7 display patch-information............................................................................................................................................ 281
3.7.8 patch delete all................................................................................................................................................................ 282
3.7.9 patch load.......................................................................................................................................................................... 283
3.7.10 pki-load houp-certificate........................................................................................................................................... 284
3.7.11 upgrade version check................................................................................................................................................ 285
3.7.12 upgrade version ftp...................................................................................................................................................... 286
3.7.13 upgrade version sftp.................................................................................................................................................... 288
3.8 HTTP Server Commands.................................................................................................................................................. 290
3.8.1 display http server.......................................................................................................................................................... 290
3.8.2 display http user.............................................................................................................................................................. 292
3.8.3 http acl................................................................................................................................................................................ 293
3.8.4 http get............................................................................................................................................................................... 294
3.8.5 http server enable........................................................................................................................................................... 296
3.8.6 http server load............................................................................................................................................................... 297
3.8.7 http server permit interface........................................................................................................................................ 298
3.8.8 http server port................................................................................................................................................................ 299
3.8.9 http timeout...................................................................................................................................................................... 300
4 Cloud-based Management Configuration Commands...............................................302

4.1 cloud-mng controller........................................................................................................................................................ 303
4.2 cloud-mng register-center disable................................................................................................................................304
4.3 display alarm active-to-cloud........................................................................................................................................ 305
4.4 display alarm active-to-cloud sync-record................................................................................................................. 307
4.5 display cloud-mng info..................................................................................................................................................... 308
4.6 display cloud-mng execute-cli-list................................................................................................................................ 310
4.7 display cloud-mng register-center status...................................................................................................................311
4.8 display offline roll-back-config...................................................................................................................................... 312
4.9 display offline self-healing-reset configuration....................................................................................................... 313
4.10 management-vlan (WAN view).................................................................................................................................. 314
4.11 offline roll-back interval................................................................................................................................................ 315
4.12 offline roll-back-certificate disable............................................................................................................................ 317
4.13 offline save-online-config interval............................................................................................................................. 318
4.14 offline self-healing-reset disable................................................................................................................................ 319
4.15 offline self-healing-reset timeout.............................................................................................................................. 320
4.16 interface wan0.................................................................................................................................................................. 321
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. vii

Fat AP and Cloud AP
4.17 ip-address (WAN view).................................................................................................................................................. 322

4.18 dns-server (WAN view).................................................................................................................................................. 323
4.19 dhcp-client enable........................................................................................................................................................... 324
4.20 pppoe-client (Cloud AP)................................................................................................................................................ 325
4.21 temporary-management psk (Cloud Central AP).................................................................................................326
4.22 temporary-management psk (Cloud AP)................................................................................................................ 327
5 Device Management Commands.....................................................................................329

5.1 Device Status Checking Commands............................................................................................................................. 329
5.1.1 display cpu-usage........................................................................................................................................................... 329
5.1.2 display cpu-usage configuration................................................................................................................................330
5.1.3 display cpu-usage history............................................................................................................................................. 331
5.1.4 display diagnostic-information................................................................................................................................... 333
5.1.5 display elabel.................................................................................................................................................................... 336
5.1.6 display esn......................................................................................................................................................................... 338
5.1.7 display sn........................................................................................................................................................................... 339
5.1.8 display fan......................................................................................................................................................................... 341
5.1.9 display health................................................................................................................................................................... 343
5.1.10 display memory-usage................................................................................................................................................345
5.1.11 display memory-usage threshold............................................................................................................................ 346
5.1.12 display power................................................................................................................................................................. 347
5.1.13 display temperature..................................................................................................................................................... 349
5.1.14 display transceiver........................................................................................................................................................ 350
5.1.15 display transceiver diagnosis interface..................................................................................................................353
5.1.16 display version............................................................................................................................................................... 355
5.1.17 reset cpu-usage record............................................................................................................................................... 357
5.2 Hardware Configuration Commands........................................................................................................................... 358
5.2.1 backup elabel................................................................................................................................................................... 358
5.2.2 set cpu-usage threshold................................................................................................................................................359
5.2.3 set disk-usage threshold............................................................................................................................................... 361
5.2.4 set memory-usage threshold...................................................................................................................................... 362
5.3 Energy-saving Configuration Commands.................................................................................................................. 363
5.3.1 als enable........................................................................................................................................................................... 363
5.3.2 als restart........................................................................................................................................................................... 364
5.3.3 als restart mode manual.............................................................................................................................................. 365
5.3.4 als restart pulse-interval............................................................................................................................................... 366
5.3.5 als restart pulse-width...................................................................................................................................................367
5.3.6 display als configuration.............................................................................................................................................. 368
5.4 Fault Management Commands..................................................................................................................................... 369
5.4.1 alarm correlation-suppress enable........................................................................................................................... 369
5.4.2 alarm-name severity...................................................................................................................................................... 371
5.4.3 alarm (system view)...................................................................................................................................................... 373
5.4.4 clear alarm active........................................................................................................................................................... 374
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. viii

Fat AP and Cloud AP
5.4.5 clear event all................................................................................................................................................................... 374

5.4.6 correlation-analyze enable.......................................................................................................................................... 375
5.4.7 display alarm active....................................................................................................................................................... 376
5.4.8 display alarm history..................................................................................................................................................... 378
5.4.9 display alarm information............................................................................................................................................380
5.4.10 display event.................................................................................................................................................................. 381
5.4.11 display event information.......................................................................................................................................... 383
5.4.12 delay-suppression enable...........................................................................................................................................384
5.4.13 event................................................................................................................................................................................. 385
5.4.14 mask interface............................................................................................................................................................... 385
5.4.15 suppression alarm-name............................................................................................................................................386
5.4.16 suppression event-name............................................................................................................................................ 388
5.5 Information Center Configuration Commands........................................................................................................ 389
5.5.1 display binlog-buffer...................................................................................................................................................... 389
5.5.2 display binlog-buffer summary.................................................................................................................................. 391
5.5.3 display channel................................................................................................................................................................ 392
5.5.4 display debugging........................................................................................................................................................... 395
5.5.5 display info-center.......................................................................................................................................................... 396
5.5.6 display info-center filter-id.......................................................................................................................................... 399
5.5.7 display info-center logfile path.................................................................................................................................. 401
5.5.8 display info-center rate-limit record.........................................................................................................................402
5.5.9 display info-center rate-limit threshold.................................................................................................................. 403
5.5.10 display info-center statistics..................................................................................................................................... 404
5.5.11 display log....................................................................................................................................................................... 405
5.5.12 display log failure......................................................................................................................................................... 408
5.5.13 display logbuffer........................................................................................................................................................... 409
5.5.14 display logfile................................................................................................................................................................. 414
5.5.15 display trapbuffer......................................................................................................................................................... 416
5.5.16 info-center channel...................................................................................................................................................... 419
5.5.17 info-center channel name......................................................................................................................................... 421
5.5.18 info-center enable........................................................................................................................................................ 422
5.5.19 info-center filter-id....................................................................................................................................................... 423
5.5.20 info-center logbuffer................................................................................................................................................... 425
5.5.21 info-center logbuffer size...........................................................................................................................................426
5.5.22 info-center logfile path...............................................................................................................................................427
5.5.23 info-center logfile size................................................................................................................................................ 428
5.5.24 info-center loghost....................................................................................................................................................... 429
5.5.25 info-center loghost source.........................................................................................................................................432
5.5.26 info-center loghost source-port............................................................................................................................... 433
5.5.27 info-center max-logfile-number.............................................................................................................................. 434
5.5.28 info-center rate-limit except..................................................................................................................................... 435
5.5.29 info-center rate-limit global-threshold................................................................................................................. 437
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. ix

Fat AP and Cloud AP
5.5.30 info-center rate-limit monitor-period.................................................................................................................... 438

5.5.31 info-center rate-limit threshold............................................................................................................................... 439
5.5.32 info-center source channel........................................................................................................................................ 441
5.5.33 info-center statistic-suppress enable..................................................................................................................... 446
5.5.34 info-center timestamp................................................................................................................................................ 447
5.5.35 info-center trapbuffer................................................................................................................................................. 449
5.5.36 info-center trapbuffer size.........................................................................................................................................450
5.5.37 reset info-center statistics..........................................................................................................................................451
5.5.38 reset logbuffer............................................................................................................................................................... 452
5.5.39 reset trapbuffer............................................................................................................................................................. 453
5.5.40 save logfile...................................................................................................................................................................... 453
5.5.41 terminal debugging..................................................................................................................................................... 454
5.5.42 terminal logging........................................................................................................................................................... 455
5.5.43 terminal monitor.......................................................................................................................................................... 456
5.5.44 terminal trapping.......................................................................................................................................................... 457
5.6 NTP Configuration Commands...................................................................................................................................... 458
5.6.1 display ntp-service sessions......................................................................................................................................... 458
5.6.2 display ntp-service status............................................................................................................................................. 464
5.6.3 display ntp-service trace............................................................................................................................................... 465
5.6.4 ntp-service access........................................................................................................................................................... 466
5.6.5 ntp-service access limited............................................................................................................................................ 469
5.6.6 ntp-service authentication enable............................................................................................................................ 470
5.6.7 ntp-service authentication-keyid............................................................................................................................... 471
5.6.8 ntp-service broadcast-client........................................................................................................................................ 473
5.6.9 ntp-service broadcast-server....................................................................................................................................... 474
5.6.10 ntp-service discard....................................................................................................................................................... 475
5.6.11 ntp-service enable........................................................................................................................................................ 477
5.6.12 ntp-service in-interface disable................................................................................................................................477
5.6.13 ntp-service kod-enable............................................................................................................................................... 478
5.6.14 ntp-service max-dynamic-sessions......................................................................................................................... 479
5.6.15 ntp-service reliable authentication-keyid............................................................................................................. 480
5.6.16 ntp-service server disable.......................................................................................................................................... 481
5.6.17 ntp-service source-interface......................................................................................................................................482
5.6.18 ntp-service unicast-peer............................................................................................................................................. 483
5.6.19 ntp-service unicast-server.......................................................................................................................................... 485
5.7 PoE Configuration Commands....................................................................................................................................... 487
5.7.1 display current power-workmode............................................................................................................................. 487
5.7.2 display poe device........................................................................................................................................................... 488
5.7.3 display poe information................................................................................................................................................ 489
5.7.4 display poe power........................................................................................................................................................... 491
5.7.5 display poe power-state................................................................................................................................................494
5.7.6 display poe-power.......................................................................................................................................................... 500
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. x

Fat AP and Cloud AP
5.7.7 poe af-inrush enable...................................................................................................................................................... 502

5.7.8 poe enable......................................................................................................................................................................... 503
5.7.9 poe force-power.............................................................................................................................................................. 504
5.7.10 poe high-inrush enable...............................................................................................................................................505
5.7.11 poe { power-off | power-on } interface.................................................................................................................506
5.7.12 poe legacy enable.........................................................................................................................................................507
5.7.13 poe max-power............................................................................................................................................................. 508
5.7.14 poe power-management............................................................................................................................................510
5.7.15 poe power-off time-range......................................................................................................................................... 511
5.7.16 poe power-reserved..................................................................................................................................................... 513
5.7.17 poe power-threshold................................................................................................................................................... 514
5.7.18 poe priority..................................................................................................................................................................... 515
6 Interface Management Commands................................................................................ 517

6.1 Basic Interface Configuration Commands................................................................................................................. 517
6.1.1 bandwidth (interface view)......................................................................................................................................... 517
6.1.2 description (interface view).........................................................................................................................................518
6.1.3 display default-parameter interface......................................................................................................................... 519
6.1.4 display interface.............................................................................................................................................................. 521
6.1.5 display interface brief.................................................................................................................................................... 527
6.1.6 display interface description....................................................................................................................................... 529
6.1.7 display interface counters............................................................................................................................................ 531
6.1.8 display ip interface......................................................................................................................................................... 533
6.1.9 display ip interface description...................................................................................................................................536
6.1.10 display this interface....................................................................................................................................................541
6.1.11 interface........................................................................................................................................................................... 545
6.1.12 reset counters if-mib interface.................................................................................................................................546
6.1.13 reset counters interface.............................................................................................................................................. 547
6.1.14 restart (interface view)............................................................................................................................................... 548
6.1.15 set flow-stat interval (interface view)................................................................................................................... 549
6.1.16 shutdown (interface view)........................................................................................................................................ 550
6.1.17 shutdown interval......................................................................................................................................................... 551
6.2 Ethernet Interface Configuration Commands.......................................................................................................... 552
6.2.1 am isolate.......................................................................................................................................................................... 553
6.2.2 auto duplex....................................................................................................................................................................... 554
6.2.3 auto speed......................................................................................................................................................................... 556
6.2.4 cable-snr-test.................................................................................................................................................................... 557
6.2.5 display interface ethernet brief.................................................................................................................................. 558
6.2.6 display port-isolate group............................................................................................................................................ 561
6.2.7 duplex.................................................................................................................................................................................. 562
6.2.8 log-threshold.................................................................................................................................................................... 564
6.2.9 loopback............................................................................................................................................................................. 565
6.2.10 negotiation auto........................................................................................................................................................... 567
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xi

Fat AP and Cloud AP
6.2.11 port-down holdoff-timer............................................................................................................................................568

6.2.12 port-isolate enable....................................................................................................................................................... 569
6.2.13 port-isolate mode......................................................................................................................................................... 570
6.2.14 speed................................................................................................................................................................................. 571
6.2.15 trap-threshold................................................................................................................................................................ 573
6.2.16 virtual-cable-test...........................................................................................................................................................575
6.3 Logical Interface Configuration Commands............................................................................................................. 577
6.3.1 display interface loopback........................................................................................................................................... 577
6.3.2 display interface null......................................................................................................................................................579
6.3.3 interface loopback.......................................................................................................................................................... 582
6.3.4 interface null.....................................................................................................................................................................583
6.3.5 management-interface................................................................................................................................................. 583
7 Network Interconnection Configurations Commands............................................... 585

7.1 MAC Address Table Configuration Commands........................................................................................................ 585
7.1.1 display bridge mac-address......................................................................................................................................... 585
7.1.2 display mac-address....................................................................................................................................................... 586
7.1.3 display mac-address aging-time................................................................................................................................ 589
7.1.4 display mac-address blackhole................................................................................................................................... 590
7.1.5 display mac-address dynamic..................................................................................................................................... 592
7.1.6 display mac-address static........................................................................................................................................... 594
7.1.7 display mac-address summary................................................................................................................................... 596
7.1.8 display mac-address total-number........................................................................................................................... 597
7.1.9 display mac-limit............................................................................................................................................................. 599
7.1.10 mac-address....................................................................................................................................................................601
7.1.11 mac-address aging-time.............................................................................................................................................604
7.1.12 mac-address learning disable................................................................................................................................... 605
7.1.13 mac-learning priority................................................................................................................................................... 608
7.1.14 mac-learning priority allow-flapping..................................................................................................................... 609
7.1.15 mac-limit..........................................................................................................................................................................610
7.1.16 port bridge enable........................................................................................................................................................ 613
7.2 Ethernet Link Aggregation Commands.......................................................................................................................614
7.2.1 display eth-trunk............................................................................................................................................................. 614
7.2.2 display interface eth-trunk.......................................................................................................................................... 616
7.2.3 display trunk index-map............................................................................................................................................... 620
7.2.4 display trunk resource................................................................................................................................................... 621
7.2.5 display trunkmembership eth-trunk.........................................................................................................................622
7.2.6 eth-trunk............................................................................................................................................................................ 623
7.2.7 interface eth-trunk......................................................................................................................................................... 625
7.2.8 least active-linknumber................................................................................................................................................ 626
7.2.9 load-balance..................................................................................................................................................................... 627
7.2.10 mode................................................................................................................................................................................. 630
7.2.11 trunk-member trap...................................................................................................................................................... 631
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xii

Fat AP and Cloud AP
7.3 VLAN Configuration Commands................................................................................................................................... 632

7.3.1 damping time................................................................................................................................................................... 632
7.3.2 description (VLAN view)............................................................................................................................................... 633
7.3.3 description (VLANIF interface view).........................................................................................................................634
7.3.4 display interface vlanif.................................................................................................................................................. 636
7.3.5 display port vlan.............................................................................................................................................................. 638
7.3.6 display vlan....................................................................................................................................................................... 639
7.3.7 interface vlanif................................................................................................................................................................. 643
7.3.8 ip pool (VLAN view)....................................................................................................................................................... 645
7.3.9 management-vlan.......................................................................................................................................................... 646
7.3.10 mtu (VLANIF interface view).................................................................................................................................... 647
7.3.11 name (VLAN view)....................................................................................................................................................... 649
7.3.12 port.................................................................................................................................................................................... 650
7.3.13 port default vlan........................................................................................................................................................... 652
7.3.14 port hybrid pvid vlan................................................................................................................................................... 654
7.3.15 port hybrid tagged vlan..............................................................................................................................................655
7.3.16 port hybrid untagged vlan.........................................................................................................................................657
7.3.17 port link-type..................................................................................................................................................................658
7.3.18 port trunk allow-pass vlan........................................................................................................................................ 659
7.3.19 port trunk pvid vlan..................................................................................................................................................... 661
7.3.20 reset vlan statistics....................................................................................................................................................... 662
7.3.21 shutdown (VLANIF interface view)........................................................................................................................ 663
7.3.22 vlan.................................................................................................................................................................................... 664
7.3.23 vlan vlan-name..............................................................................................................................................................666
7.4 STP/RSTP/MSTP Configuration Commands.............................................................................................................. 667
7.4.1 active region-configuration......................................................................................................................................... 667
7.4.2 check region-configuration..........................................................................................................................................668
7.4.3 display stp.......................................................................................................................................................................... 669
7.4.4 display stp abnormal-interface.................................................................................................................................. 676
7.4.5 display stp active............................................................................................................................................................. 677
7.4.6 display stp bridge............................................................................................................................................................ 681
7.4.7 display stp error packet.................................................................................................................................................683
7.4.8 display stp global............................................................................................................................................................ 683
7.4.9 display stp region-configuration................................................................................................................................ 686
7.4.10 display stp tc-bpdu statistics..................................................................................................................................... 688
7.4.11 display stp topology-change.....................................................................................................................................689
7.4.12 display stp vlan.............................................................................................................................................................. 691
7.4.13 instance............................................................................................................................................................................ 692
7.4.14 max bandwidth-affected-linknumber................................................................................................................... 693
7.4.15 region-name................................................................................................................................................................... 694
7.4.16 reset stp error packet statistics................................................................................................................................ 695
7.4.17 reset stp statistics......................................................................................................................................................... 696
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xiii

Fat AP and Cloud AP
7.4.18 revision-level.................................................................................................................................................................. 697

7.4.19 stp bpdu-filter................................................................................................................................................................ 698
7.4.20 stp bpdu-filter default................................................................................................................................................. 700
7.4.21 stp bpdu-protection..................................................................................................................................................... 701
7.4.22 stp bridge-diameter..................................................................................................................................................... 702
7.4.23 stp compliance............................................................................................................................................................... 703
7.4.24 stp config-digest-snoop.............................................................................................................................................. 704
7.4.25 stp converge................................................................................................................................................................... 705
7.4.26 stp cost............................................................................................................................................................................. 707
7.4.27 stp edged-port............................................................................................................................................................... 709
7.4.28 stp edged-port default................................................................................................................................................ 710
7.4.29 stp enable........................................................................................................................................................................ 711
7.4.30 stp loop-protection.......................................................................................................................................................713
7.4.31 stp max-hops..................................................................................................................................................................714
7.4.32 stp mcheck...................................................................................................................................................................... 715
7.4.33 stp mode (system view)............................................................................................................................................. 717
7.4.34 stp no-agreement-check............................................................................................................................................ 718
7.4.35 stp pathcost-standard................................................................................................................................................. 720
7.4.36 stp point-to-point......................................................................................................................................................... 722
7.4.37 stp port priority............................................................................................................................................................. 723
7.4.38 stp priority....................................................................................................................................................................... 725
7.4.39 stp region-configuration............................................................................................................................................ 726
7.4.40 stp root............................................................................................................................................................................. 728
7.4.41 stp root-protection....................................................................................................................................................... 729
7.4.42 stp tc-protection............................................................................................................................................................ 731
7.4.43 stp tc-protection interval............................................................................................................................................732
7.4.44 stp tc-protection threshold........................................................................................................................................ 733
7.4.45 stp timer forward-delay............................................................................................................................................. 734
7.4.46 stp timer hello............................................................................................................................................................... 736
7.4.47 stp timer max-age........................................................................................................................................................ 737
7.4.48 stp timer-factor............................................................................................................................................................. 738
7.4.49 stp transmit-limit (interface view)......................................................................................................................... 740
7.4.50 stp transmit-limit (system view)............................................................................................................................. 741
7.4.51 vlan-mapping modulo................................................................................................................................................ 742
7.5 IPv4 Configuration Commands...................................................................................................................................... 744
7.5.1 ip address........................................................................................................................................................................... 744
7.6 ARP Configuration Commands...................................................................................................................................... 745
7.6.1 arp detect-mode unicast.............................................................................................................................................. 745
7.6.2 arp detect-times.............................................................................................................................................................. 746
7.6.3 arp expire-time................................................................................................................................................................ 747
7.6.4 arp fixup............................................................................................................................................................................. 748
7.6.5 arp ip-conflict-detect enable.......................................................................................................................................750
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xiv

Fat AP and Cloud AP
7.6.6 arp scan.............................................................................................................................................................................. 751

7.6.7 arp static............................................................................................................................................................................ 752
7.6.8 arp topology-change disable...................................................................................................................................... 754
7.6.9 arp-proxy enable............................................................................................................................................................. 755
7.6.10 arp-proxy inner-sub-vlan-proxy enable.................................................................................................................756
7.6.11 arp-proxy inter-sub-vlan-proxy enable..................................................................................................................757
7.6.12 arp send-packet.............................................................................................................................................................758
7.6.13 arp-suppress enable..................................................................................................................................................... 759
7.6.14 display arp....................................................................................................................................................................... 760
7.6.15 display arp dynamic..................................................................................................................................................... 762
7.6.16 display arp error packet............................................................................................................................................. 764
7.6.17 display arp interface.................................................................................................................................................... 765
7.6.18 display arp ip-conflict track.......................................................................................................................................768
7.6.19 display arp network..................................................................................................................................................... 769
7.6.20 display arp packet statistics...................................................................................................................................... 771
7.6.21 display arp static........................................................................................................................................................... 773
7.6.22 display arp statistics.....................................................................................................................................................775
7.6.23 display arp track............................................................................................................................................................ 776
7.6.24 display snmp-agent trap feature-name arp all.................................................................................................. 777
7.6.25 l2-topology detect enable......................................................................................................................................... 779
7.6.26 reset arp........................................................................................................................................................................... 780
7.6.27 reset arp packet statistics.......................................................................................................................................... 781
7.6.28 snmp-agent trap enable feature-name arp........................................................................................................ 782
7.7 DHCP Configuration Commands...................................................................................................................................783
7.7.1 alarm ip-used percentage............................................................................................................................................ 783
7.7.2 bootfile................................................................................................................................................................................784
7.7.3 conflict auto-recycle interval.......................................................................................................................................786
7.7.4 dhcp anti-attack check duplicate option................................................................................................................ 787
7.7.5 dhcp client class-id (interface view)......................................................................................................................... 788
7.7.6 dhcp client class-id (system view)............................................................................................................................ 789
7.7.7 dhcp client client-id........................................................................................................................................................ 790
7.7.8 dhcp client expected-lease...........................................................................................................................................791
7.7.9 dhcp client gateway-detect......................................................................................................................................... 792
7.7.10 dhcp client default-route preference .................................................................................................................... 793
7.7.11 dhcp client hostname.................................................................................................................................................. 795
7.7.12 dhcp client renew......................................................................................................................................................... 796
7.7.13 dhcp client request option-list exclude................................................................................................................. 797
7.7.14 dhcp client request option-list................................................................................................................................. 798
7.7.15 dhcp enable.................................................................................................................................................................... 799
7.7.16 dhcp option template..................................................................................................................................................800
7.7.17 dhcp relay gateway-switch enable......................................................................................................................... 801
7.7.18 dhcp relay information enable................................................................................................................................. 802
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xv

Fat AP and Cloud AP
7.7.19 dhcp relay information strategy.............................................................................................................................. 804

7.7.20 dhcp relay release......................................................................................................................................................... 805
7.7.21 dhcp relay request server-match enable.............................................................................................................. 807
7.7.22 dhcp relay reply forward all enable....................................................................................................................... 808
7.7.23 dhcp relay server-ip......................................................................................................................................................809
7.7.24 dhcp relay server-select.............................................................................................................................................. 811
7.7.25 dhcp relay trust option82.......................................................................................................................................... 813
7.7.26 dhcp set ttl...................................................................................................................................................................... 814
7.7.27 dhcp select global.........................................................................................................................................................815
7.7.28 dhcp select interface....................................................................................................................................................816
7.7.29 dhcp server alarm ip-used percentage..................................................................................................................817
7.7.30 dhcp select relay........................................................................................................................................................... 819
7.7.31 dhcp server bootfile..................................................................................................................................................... 820
7.7.32 dhcp server bootp......................................................................................................................................................... 822
7.7.33 dhcp server bootp automatic................................................................................................................................... 823
7.7.34 dhcp server conflict auto-recycle interval............................................................................................................ 824
7.7.35 dhcp server database.................................................................................................................................................. 825
7.7.36 dhcp server dns-list...................................................................................................................................................... 827
7.7.37 dhcp server domain-name (interface view)........................................................................................................ 828
7.7.38 dhcp server excluded-ip-address............................................................................................................................. 830
7.7.39 dhcp server gateway-list............................................................................................................................................ 832
7.7.40 dhcp server force insert option................................................................................................................................ 833
7.7.41 dhcp server force response........................................................................................................................................ 835
7.7.42 dhcp server group......................................................................................................................................................... 836
7.7.43 dhcp server ip-range.................................................................................................................................................... 837
7.7.44 dhcp server lease.......................................................................................................................................................... 838
7.7.45 dhcp server logging..................................................................................................................................................... 840
7.7.46 dhcp server mask.......................................................................................................................................................... 842
7.7.47 dhcp server nbns-list................................................................................................................................................... 844
7.7.48 dhcp server netbios-type............................................................................................................................................845
7.7.49 dhcp server next-server.............................................................................................................................................. 847
7.7.50 dhcp server option....................................................................................................................................................... 848
7.7.51 dhcp server option121................................................................................................................................................ 852
7.7.52 dhcp server option184................................................................................................................................................ 853
7.7.53 dhcp server ping............................................................................................................................................................854
7.7.54 dhcp server sip-server................................................................................................................................................. 856
7.7.55 dhcp server sname....................................................................................................................................................... 857
7.7.56 dhcp server static-bind................................................................................................................................................859
7.7.57 dhcp server trust option82........................................................................................................................................ 861
7.7.58 dhcp speed-limit auto................................................................................................................................................. 861
7.7.59 dhcp-server..................................................................................................................................................................... 863
7.7.60 display dhcp client........................................................................................................................................................ 864
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xvi

Fat AP and Cloud AP
7.7.61 display dhcp client statistics..................................................................................................................................... 866

7.7.62 display dhcp configuration........................................................................................................................................ 868
7.7.63 display dhcp option template...................................................................................................................................870
7.7.64 display dhcp relay......................................................................................................................................................... 873
7.7.65 display dhcp relay statistics.......................................................................................................................................876
7.7.66 display dhcp relay user-table.................................................................................................................................... 879
7.7.67 display dhcp server database................................................................................................................................... 880
7.7.68 display dhcp server configuration........................................................................................................................... 882
7.7.69 display dhcp server group.......................................................................................................................................... 884
7.7.70 display dhcp server statistics.................................................................................................................................... 885
7.7.71 display dhcp statistics..................................................................................................................................................887
7.7.72 display ip pool................................................................................................................................................................ 892
7.7.73 display snmp-agent trap feature-name dhcp all............................................................................................... 899
7.7.74 dns-list.............................................................................................................................................................................. 902
7.7.75 domain-name................................................................................................................................................................ 904
7.7.76 excluded-ip-address..................................................................................................................................................... 905
7.7.77 force insert option........................................................................................................................................................ 907
7.7.78 gateway (DHCP server group view)....................................................................................................................... 909
7.7.79 gateway-list.................................................................................................................................................................... 910
7.7.80 ip pool (system view).................................................................................................................................................. 911
7.7.81 ip relay address cycle...................................................................................................................................................912
7.7.82 ip address bootp-alloc.................................................................................................................................................913
7.7.83 ip address dhcp-alloc...................................................................................................................................................915
7.7.84 lease.................................................................................................................................................................................. 916
7.7.85 lock (IP address pool view)....................................................................................................................................... 918
7.7.86 logging (IP address pool view)................................................................................................................................ 918
7.7.87 nbns-list........................................................................................................................................................................... 920
7.7.88 netbios-type.................................................................................................................................................................... 922
7.7.89 network (IP address pool view)............................................................................................................................... 923
7.7.90 next-server...................................................................................................................................................................... 925
7.7.91 option................................................................................................................................................................................926
7.7.92 option121........................................................................................................................................................................ 930
7.7.93 option184........................................................................................................................................................................ 931
7.7.94 reset dhcp client statistics..........................................................................................................................................932
7.7.95 reset dhcp relay statistics........................................................................................................................................... 933
7.7.96 reset dhcp server statistics........................................................................................................................................ 934
7.7.97 dhcp relay detect enable............................................................................................................................................ 935
7.7.98 reset dhcp statistics...................................................................................................................................................... 936
7.7.99 reset ip pool.................................................................................................................................................................... 937
7.7.100 section (IP address pool view)............................................................................................................................... 939
7.7.101 sip-server (IP address pool view).......................................................................................................................... 940
7.7.102 sname............................................................................................................................................................................. 941
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xvii

Fat AP and Cloud AP
7.7.103 snmp-agent trap enable feature-name dhcp................................................................................................... 942

7.7.104 static-bind..................................................................................................................................................................... 946
7.8 DNS Configuration Commands..................................................................................................................................... 948
7.8.1 display dns configuration............................................................................................................................................. 949
7.8.2 display dns domain.........................................................................................................................................................950
7.8.3 display dns dynamic-host............................................................................................................................................. 952
7.8.4 display dns forward table............................................................................................................................................. 954
7.8.5 display dns server............................................................................................................................................................ 956
7.8.6 display dns statistics.......................................................................................................................................................957
7.8.7 display dns zone.............................................................................................................................................................. 959
7.8.8 display ip host.................................................................................................................................................................. 960
7.8.9 dns domain........................................................................................................................................................................961
7.8.10 dns forward retry-number......................................................................................................................................... 963
7.8.11 dns forward retry-timeout......................................................................................................................................... 964
7.8.12 dns proxy enable........................................................................................................................................................... 965
7.8.13 dns resolve...................................................................................................................................................................... 966
7.8.14 dns server........................................................................................................................................................................ 967
7.8.15 dns server source-ip..................................................................................................................................................... 968
7.8.16 dns-server-select-algorithm...................................................................................................................................... 969
7.8.17 dns zone........................................................................................................................................................................... 971
7.8.18 ip host............................................................................................................................................................................... 972
7.8.19 reset dns dynamic-host...............................................................................................................................................973
7.8.20 reset dns forward table.............................................................................................................................................. 974
7.8.21 reset dns statistics........................................................................................................................................................ 975
7.8.22 rr a..................................................................................................................................................................................... 976
7.8.23 rr aaaa.............................................................................................................................................................................. 977
7.8.24 ttl........................................................................................................................................................................................ 978
7.9 NAT Configuration Commands..................................................................................................................................... 979
7.9.1 display app-inspect table statistics........................................................................................................................... 979
7.9.2 display app-inspect session table.............................................................................................................................. 981
7.9.3 display nat address-group............................................................................................................................................ 983
7.9.4 display nat alg.................................................................................................................................................................. 985
7.9.5 display nat dns-map...................................................................................................................................................... 986
7.9.6 display nat filter-mode..................................................................................................................................................987
7.9.7 display nat log configuration...................................................................................................................................... 988
7.9.8 display nat mapping table........................................................................................................................................... 989
7.9.9 display nat mapping-mode......................................................................................................................................... 991
7.9.10 display nat outbound.................................................................................................................................................. 992
7.9.11 display nat server..........................................................................................................................................................993
7.9.12 display nat session....................................................................................................................................................... 995
7.9.13 display nat session aging-time................................................................................................................................ 997
7.9.14 display nat static........................................................................................................................................................... 999
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xviii

Fat AP and Cloud AP
7.9.15 display nat static interface enable....................................................................................................................... 1000

7.9.16 display port-mapping................................................................................................................................................1001
7.9.17 nat address-group...................................................................................................................................................... 1003
7.9.18 nat alg............................................................................................................................................................................ 1004
7.9.19 nat dns-map.................................................................................................................................................................1005
7.9.20 nat filter-mode............................................................................................................................................................ 1007
7.9.21 nat log binary-log host............................................................................................................................................ 1008
7.9.22 nat log session enable.............................................................................................................................................. 1010
7.9.23 nat log session log-interval.................................................................................................................................... 1010
7.9.24 nat mapping-mode....................................................................................................................................................1011
7.9.25 nat outbound............................................................................................................................................................... 1013
7.9.26 nat outbound (Easy-IP)............................................................................................................................................ 1014
7.9.27 nat server...................................................................................................................................................................... 1015
7.9.28 nat session aging-time............................................................................................................................................. 1018
7.9.29 nat static enable......................................................................................................................................................... 1020
7.9.30 nat static (interface view)....................................................................................................................................... 1021
7.9.31 nat static (system view)...........................................................................................................................................1025
7.9.32 port-mapping...............................................................................................................................................................1028
7.9.33 reset app-inspect table statistics...........................................................................................................................1030
7.9.34 reset nat session......................................................................................................................................................... 1031
7.9.35 reset session all........................................................................................................................................................... 1032
7.10 IP Performance Configuration Commands........................................................................................................... 1033
7.10.1 clear ip df...................................................................................................................................................................... 1033
7.10.2 discard ra....................................................................................................................................................................... 1034
7.10.3 discard rr....................................................................................................................................................................... 1034
7.10.4 discard srr......................................................................................................................................................................1035
7.10.5 discard ts....................................................................................................................................................................... 1036
7.10.6 display icmp statistics............................................................................................................................................... 1037
7.10.7 display ip interface.....................................................................................................................................................1039
7.10.8 display ip socket......................................................................................................................................................... 1042
7.10.9 display ip socket register-port................................................................................................................................ 1047
7.10.10 display ip statistics...................................................................................................................................................1048
7.10.11 display network status........................................................................................................................................... 1051
7.10.12 display rawip statistics........................................................................................................................................... 1052
7.10.13 display snmp-agent trap feature-name tcp all............................................................................................. 1054
7.10.14 display tcp statistics................................................................................................................................................ 1055
7.10.15 display tcp status..................................................................................................................................................... 1058
7.10.16 display udp statistics............................................................................................................................................... 1061
7.10.17 icmp blackhole unreachable send......................................................................................................................1063
7.10.18 icmp host-unreachable send (interface view)............................................................................................... 1064
7.10.19 icmp port-unreachable send................................................................................................................................ 1065
7.10.20 icmp receive............................................................................................................................................................... 1065
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xix

Fat AP and Cloud AP
7.10.21 icmp redirect send................................................................................................................................................... 1067

7.10.22 icmp ttl-exceeded drop.......................................................................................................................................... 1068
7.10.23 icmp ttl-exceeded send.......................................................................................................................................... 1069
7.10.24 icmp unreachable drop.......................................................................................................................................... 1070
7.10.25 icmp with-options drop......................................................................................................................................... 1071
7.10.26 icmp-reply fast.......................................................................................................................................................... 1071
7.10.27 ip forward-broadcast.............................................................................................................................................. 1072
7.10.28 ip soft-forward enhancement disable...............................................................................................................1073
7.10.29 ip verify source-address......................................................................................................................................... 1074
7.10.30 reset ip socket monitor.......................................................................................................................................... 1075
7.10.31 load-balance (system view)................................................................................................................................. 1076
7.10.32 reset ip socket pktsort............................................................................................................................................ 1077
7.10.33 reset ip statistics....................................................................................................................................................... 1078
7.10.34 reset rawip statistics............................................................................................................................................... 1079
7.10.35 reset tcp statistics.................................................................................................................................................... 1080
7.10.36 reset udp statistics................................................................................................................................................... 1080
7.10.37 snmp-agent trap enable feature-name tcp.................................................................................................... 1081
7.10.38 tcp adjust-mss........................................................................................................................................................... 1082
7.10.39 tcp max-mss.............................................................................................................................................................. 1083
7.10.40 tcp min-mss............................................................................................................................................................... 1084
7.10.41 tcp timer fin-timeout.............................................................................................................................................. 1086
7.10.42 tcp timer syn-timeout............................................................................................................................................ 1087
7.10.43 tcp window.................................................................................................................................................................1088
7.11 IP Routing Basic Configuration Commands......................................................................................................... 1088
7.11.1 display fib...................................................................................................................................................................... 1089
7.11.2 display fib interface................................................................................................................................................... 1094
7.11.3 display fib ip-prefix.................................................................................................................................................... 1095
7.11.4 display fib longer........................................................................................................................................................ 1097
7.11.5 display fib next-hop................................................................................................................................................... 1099
7.11.6 display fib statistics................................................................................................................................................... 1101
7.11.7 display ip routing-table............................................................................................................................................ 1102
7.11.8 display ip routing-table protocol.......................................................................................................................... 1109
7.11.9 display ip routing-table statistics..........................................................................................................................1111
7.11.10 display ip routing-table time-range.................................................................................................................. 1112
7.11.11 display rm interface................................................................................................................................................ 1117
7.11.12 display route resource............................................................................................................................................ 1119
7.11.13 reset ip routing-table statistics protocol.......................................................................................................... 1120
7.12 Static Route Configuration Commands................................................................................................................. 1121
7.12.1 ip route-static.............................................................................................................................................................. 1121
7.12.2 ip route-static default-preference.........................................................................................................................1124
7.12.3 ip route-static selection-rule relay-depth.......................................................................................................... 1124
7.13 IGMP Snooping Configuration Commands...........................................................................................................1125
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xx

Fat AP and Cloud AP
7.13.1 display igmp-snooping configuration................................................................................................................. 1125

7.13.2 display l2-multicast forwarding-table................................................................................................................. 1127
7.13.3 igmp-snooping enable (system view)................................................................................................................. 1128
7.13.4 igmp-snooping enable (VLAN view)................................................................................................................... 1129
8 WAN Commands............................................................................................................... 1131

8.1 PPPoE Commands............................................................................................................................................................ 1131
8.1.1 dialer queue-length..................................................................................................................................................... 1131
8.1.2 dialer retry limit............................................................................................................................................................ 1132
8.1.3 dialer timer idle............................................................................................................................................................. 1134
8.1.4 dialer-rule........................................................................................................................................................................ 1135
8.1.5 display interface dialer................................................................................................................................................1136
8.1.6 display pppoe-client session..................................................................................................................................... 1139
8.1.7 display pppoe fail-reason...........................................................................................................................................1141
8.1.8 interface dialer...............................................................................................................................................................1143
8.1.9 ip address ppp-negotiate........................................................................................................................................... 1144
8.1.10 ppp chap password.................................................................................................................................................... 1145
8.1.11 ppp chap user.............................................................................................................................................................. 1147
8.1.12 ppp keepalive retry-times........................................................................................................................................1148
8.1.13 ppp pap local-user..................................................................................................................................................... 1149
8.1.14 ppp timer negotiate.................................................................................................................................................. 1151
8.1.15 pppoe-client dial-bundle-number........................................................................................................................ 1152
8.1.16 reset pppoe-client...................................................................................................................................................... 1154
8.1.17 timer hold..................................................................................................................................................................... 1155
9 WLAN Service Configuration Commands (Common AP)........................................1157

9.1 active-dull-client enable................................................................................................................................................ 1160
9.2 advertise-ap-name enable............................................................................................................................................ 1161
9.3 agile-antenna-polarization........................................................................................................................................... 1162
9.4 antenna-gain..................................................................................................................................................................... 1163
9.5 association-timeout......................................................................................................................................................... 1164
9.6 auto-off service................................................................................................................................................................. 1165
9.7 beacon-2g-rate................................................................................................................................................................. 1167
9.8 beacon-5g-rate................................................................................................................................................................. 1169
9.9 beacon-interval................................................................................................................................................................. 1170
9.10 beamforming enable.................................................................................................................................................... 1172
9.11 channel.............................................................................................................................................................................. 1175
9.12 channel-switch announcement disable................................................................................................................. 1177
9.13 channel-switch mode................................................................................................................................................... 1178
9.14 copy-from......................................................................................................................................................................... 1179
9.15 country-code................................................................................................................................................................... 1181
9.16 deny-broadcast-probe enable................................................................................................................................... 1185
9.17 dhcp option82 insert enable...................................................................................................................................... 1186
9.18 dhcp option82 format (vap profile view).............................................................................................................. 1187
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxi

Fat AP and Cloud AP
9.19 display ap......................................................................................................................................................................... 1189

9.20 display ap configurable channel...............................................................................................................................1191
9.21 display interface wlan-radio...................................................................................................................................... 1192
9.22 display radio.................................................................................................................................................................... 1195
9.23 display radio-2g-profile............................................................................................................................................... 1196
9.24 display radio-5g-profile............................................................................................................................................... 1204
9.25 display references radio-2g-profile.......................................................................................................................... 1212
9.26 display references radio-5g-profile.......................................................................................................................... 1213
9.27 display references ssid-profile................................................................................................................................... 1214
9.28 display references vap-profile................................................................................................................................... 1215
9.29 display resource occupancy message..................................................................................................................... 1216
9.30 display ssid-profile.........................................................................................................................................................1217
9.31 display station................................................................................................................................................................. 1223
9.32 display station offline-record.................................................................................................................................... 1231
9.33 display station online-fail-record............................................................................................................................. 1232
9.34 display station statistics.............................................................................................................................................. 1246
9.35 display vap....................................................................................................................................................................... 1249
9.36 display vap-profile......................................................................................................................................................... 1251
9.37 display wlan config-errors.......................................................................................................................................... 1261
9.38 display station online-track........................................................................................................................................ 1262
9.39 display vap create-fail-record.................................................................................................................................... 1263
9.40 display vap-service-backup auth-server-down.................................................................................................... 1266
9.41 dot11a basic-rate........................................................................................................................................................... 1268
9.42 dot11a supported-rate................................................................................................................................................. 1269
9.43 dot11bg basic-rate........................................................................................................................................................ 1271
9.44 dot11bg supported-rate.............................................................................................................................................. 1273
9.45 dtim-interval....................................................................................................................................................................1274
9.46 eirp...................................................................................................................................................................................... 1276
9.47 fragmentation-threshold............................................................................................................................................. 1277
9.48 frequency.......................................................................................................................................................................... 1278
9.49 guard-interval-mode.................................................................................................................................................... 1280
9.50 he mcs-map (SSID Profile)......................................................................................................................................... 1281
9.51 ht a-mpdu disable......................................................................................................................................................... 1283
9.52 ht a-mpdu max-length-exponent............................................................................................................................ 1284
9.53 interface wlan-radio..................................................................................................................................................... 1285
9.54 legacy-station disable.................................................................................................................................................. 1287
9.55 max-sta-number (SSID profile view)...................................................................................................................... 1288
9.56 multicast-rate.................................................................................................................................................................. 1290
9.57 mu-mimo disable.......................................................................................................................................................... 1292
9.58 mu-mimo optimize enable......................................................................................................................................... 1293
9.59 probe-response-retry.................................................................................................................................................... 1294
9.60 qbss-load enable............................................................................................................................................................ 1295
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxii

Fat AP and Cloud AP
9.61 radio disable.................................................................................................................................................................... 1296

9.62 radio-2g-profile (WLAN view).................................................................................................................................. 1297
9.63 radio-5g-profile (WLAN view).................................................................................................................................. 1298
9.64 radio-type (2G radio profile view)........................................................................................................................... 1298
9.65 radio-type (5G radio profile view)........................................................................................................................... 1300
9.66 reach-max-sta................................................................................................................................................................. 1301
9.67 report-sta-assoc enable............................................................................................................................................... 1302
9.68 reset channel switch-record....................................................................................................................................... 1303
9.69 reset station offline-record.........................................................................................................................................1304
9.70 reset station online-fail-record................................................................................................................................. 1305
9.71 reset station statistics...................................................................................................................................................1306
9.72 rf-ping................................................................................................................................................................................ 1307
9.73 rts-cts-mode.................................................................................................................................................................... 1308
9.74 rts-cts-threshold............................................................................................................................................................. 1310
9.75 service-mode disable.................................................................................................................................................... 1311
9.76 service-vlan (VAP profile view)................................................................................................................................. 1312
9.77 short-preamble disable................................................................................................................................................ 1313
9.78 single-txchain enable................................................................................................................................................... 1314
9.79 snmp-agent trap enable feature-name wlan...................................................................................................... 1315
9.80 ssid...................................................................................................................................................................................... 1316
9.81 ssid-hide enable............................................................................................................................................................. 1317
9.82 ssid-profile (WLAN view)............................................................................................................................................ 1318
9.83 ssid-profile (VAP profile view).................................................................................................................................. 1320
9.84 sta-network-detect disable.........................................................................................................................................1321
9.85 type (VAP profile view)............................................................................................................................................... 1322
9.86 u-apsd enable................................................................................................................................................................. 1323
9.87 utmost-power................................................................................................................................................................. 1324
9.88 vap-profile (WLAN view)............................................................................................................................................ 1325
9.89 vap-profile (radio interface view)............................................................................................................................ 1326
9.90 vap-service-backup auth-server-down................................................................................................................... 1327
9.91 vht a-mpdu max-length-exponent.......................................................................................................................... 1329
9.92 vht a-msdu enable........................................................................................................................................................ 1331
9.93 vht a-msdu max-frame-num..................................................................................................................................... 1332
9.94 vht mcs-map................................................................................................................................................................... 1333
9.95 vht mcs-map (SSID profile)....................................................................................................................................... 1335
9.96 wlan.................................................................................................................................................................................... 1336
10 AP Management Configuration Commands............................................................ 1338

10.1 access-user syslog-restrain enable...........................................................................................................................1339
10.2 access-user syslog-restrain period........................................................................................................................... 1340
10.3 channel-load-mode indoor........................................................................................................................................ 1341
10.4 display ap around-ssid-list..........................................................................................................................................1342
10.5 display ap led.................................................................................................................................................................. 1343
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxiii

Fat AP and Cloud AP
10.6 display ap optical-info................................................................................................................................................. 1344

10.7 display ap run-info........................................................................................................................................................ 1347
10.8 display ap uncontrol all............................................................................................................................................... 1348
10.9 high-temperature threshold.......................................................................................................................................1349
10.10 led blink-time............................................................................................................................................................... 1351
10.11 led off.............................................................................................................................................................................. 1352
10.12 low-temperature threshold...................................................................................................................................... 1353
10.13 mtu (Cloud AP)............................................................................................................................................................ 1355
10.14 sta-ipv6-service enable..............................................................................................................................................1356
10.15 usb enable..................................................................................................................................................................... 1357
11 WLAN Radio Resource Management Configuration Commands (Common AP)

.................................................................................................................................................. 1359
11.1 amc-policy........................................................................................................................................................................ 1362
11.2 air-scan-profile............................................................................................................................................................... 1363
11.3 air-scan-profile (radio profile view)........................................................................................................................ 1365
11.4 band-steer balance gap-threshold.......................................................................................................................... 1366
11.5 band-steer balance start-threshold......................................................................................................................... 1367
11.6 band-steer client-band-expire................................................................................................................................... 1369
11.7 band-steer deny-threshold......................................................................................................................................... 1370
11.8 band-steer disable......................................................................................................................................................... 1371
11.9 band-steer snr-threshold............................................................................................................................................. 1372
11.10 calibrate auto-bandwidth-selection...................................................................................................................... 1373
11.11 calibrate auto-channel-select................................................................................................................................. 1375
11.12 calibrate auto-txpower-select................................................................................................................................. 1376
11.13 calibrate enable { auto | manual | schedule time }......................................................................................... 1377
11.14 calibrate environment-deterioration-blacklist...................................................................................................1379
11.15 calibrate error-rate-check......................................................................................................................................... 1380
11.16 calibrate error-rate-threshold..................................................................................................................................1381
11.17 calibrate tpc threshold...............................................................................................................................................1382
11.18 calibrate flexible-radio...............................................................................................................................................1383
11.19 calibrate flexible-radio manual-recognize.......................................................................................................... 1385
11.20 calibrate max-tx-power............................................................................................................................................. 1386
11.21 calibrate min-tx-power..............................................................................................................................................1387
11.22 calibrate manual startup.......................................................................................................................................... 1389
11.23 calibrate noise-floor-threshold............................................................................................................................... 1389
11.24 calibrate policy............................................................................................................................................................. 1390
11.25 calibrate reference data-analysis disable............................................................................................................ 1392
11.26 calibrate reference data-analysis........................................................................................................................... 1393
11.27 calibrate sensitivity..................................................................................................................................................... 1394
11.28 cca-threshold................................................................................................................................................................ 1396
11.29 dca-channel bandwidth............................................................................................................................................ 1397
11.30 dca-channel channel-set.......................................................................................................................................... 1399
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxiv

Fat AP and Cloud AP
11.31 dfs recover-delay......................................................................................................................................................... 1401

11.32 dfs smart-selection disable...................................................................................................................................... 1402
11.33 display air-scan-profile.............................................................................................................................................. 1403
11.34 display ap neighbor.................................................................................................................................................... 1405
11.35 display ap neighbor (Cloud AP)............................................................................................................................. 1406
11.36 display ap traffic statistics wireless....................................................................................................................... 1408
11.37 display channel switch-record.................................................................................................................................1412
11.38 display channel switch-record (Cloud AP)..........................................................................................................1415
11.39 display flexible-radio status..................................................................................................................................... 1419
11.40 display flexible-radio switch-record...................................................................................................................... 1420
11.41 display references air-scan-profile........................................................................................................................ 1422
11.42 display references rrm-profile................................................................................................................................. 1423
11.43 display rrm-profile...................................................................................................................................................... 1424
11.44 display sta-load-balance fairness.......................................................................................................................... 1432
11.45 display station neighbor........................................................................................................................................... 1433
11.46 display station neighbor all..................................................................................................................................... 1434
11.47 display station steer-history.................................................................................................................................... 1436
11.48 display station steer-info.......................................................................................................................................... 1439
11.49 display station steer-statistics................................................................................................................................. 1440
11.50 display station unsteerable...................................................................................................................................... 1442
11.51 display wlan calibrate channel-set........................................................................................................................ 1443
11.52 display wlan calibrate global configuration.......................................................................................................1444
11.53 display wlan calibrate statistics.............................................................................................................................. 1447
11.54 dynamic-edca enable................................................................................................................................................. 1448
11.55 dynamic-edca threshold............................................................................................................................................1449
11.56 high-density amc-optimize enable........................................................................................................................1450
11.57 interference adjacent-channel threshold............................................................................................................ 1451
11.58 interference co-channel threshold........................................................................................................................ 1452
11.59 interference detect-enable....................................................................................................................................... 1453
11.60 interference station threshold.................................................................................................................................1454
11.61 power auto-adjust enable........................................................................................................................................ 1455
11.62 reset ap traffic statistics wireless........................................................................................................................... 1456
11.63 reset station steer-history.........................................................................................................................................1457
11.64 reset station steer-statistics..................................................................................................................................... 1458
11.65 reset flexible-radio switch-record.......................................................................................................................... 1458
11.66 reset wlan calibrate statistics.................................................................................................................................. 1459
11.67 rrm-profile (WLAN view)......................................................................................................................................... 1460
11.68 rrm-profile (radio profile view).............................................................................................................................. 1462
11.69 scan-channel-set......................................................................................................................................................... 1463
11.70 scan-disable.................................................................................................................................................................. 1464
11.71 scan-enhancement..................................................................................................................................................... 1465
11.72 scan-interval..................................................................................................................................................................1466
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxv

Fat AP and Cloud AP
11.73 scan-period.................................................................................................................................................................... 1467

11.74 smart-antenna { enable | disable }....................................................................................................................... 1468
11.75 smart-antenna throughput-triggered-training................................................................................................. 1469
11.76 smart-antenna training-interval............................................................................................................................ 1471
11.77 smart-antenna training-mpdu-number...............................................................................................................1472
11.78 smart-antenna valid-per-scope.............................................................................................................................. 1473
11.79 smart-roam advanced-scan disable...................................................................................................................... 1475
11.80 smart-roam disable.................................................................................................................................................... 1476
11.81 smart-roam quick-kickoff back-off-time............................................................................................................ 1477
11.82 smart-roam quick-kickoff-snr check-interval.................................................................................................... 1478
11.83 smart-roam quick-kickoff-snr p-n criteria.......................................................................................................... 1479
11.84 smart-roam quick-kickoff-threshold.....................................................................................................................1481
11.85 smart-roam quick-kickoff-threshold { check-snr | check-rate }.................................................................. 1482
11.86 smart-roam quick-kickoff-threshold disable..................................................................................................... 1484
11.87 smart-roam roam-threshold { check-snr | check-rate }................................................................................. 1485
11.88 smart-roam roam-threshold { snr | rate }.......................................................................................................... 1486
11.89 smart-roam snr-margin.............................................................................................................................................1488
11.90 smart-roam unable-roam-client expire-time.................................................................................................... 1489
11.91 sta-load-balance dynamic btm-fail-times.......................................................................................................... 1491
11.92 sta-load-balance dynamic deauth-fail-times.................................................................................................... 1492
11.93 sta-load-balance dynamic deny-threshold......................................................................................................... 1494
11.94 sta-load-balance dynamic disable.........................................................................................................................1495
11.95 sta-load-balance dynamic sta-number gap-threshold...................................................................................1496
11.96 sta-load-balance dynamic sta-number start-threshold................................................................................. 1498
11.97 sta-load-balance dynamic channel-utilization gap-threshold.....................................................................1499
11.98 sta-load-balance dynamic channel-utilization start-threshold................................................................... 1500
11.99 sta-load-balance dynamic probe-report interval............................................................................................. 1502
11.100 sta-load-balance dynamic rssi-diff-gap............................................................................................................ 1503
11.101 sta-load-balance dynamic rssi-threshold......................................................................................................... 1504
11.102 sta-load-balance dynamic steer-restrict auth-threshold............................................................................. 1505
11.103 sta-load-balance dynamic steer-restrict probe-threshold...........................................................................1507
11.104 sta-load-balance dynamic steer-restrict restrict-time.................................................................................. 1508
11.105 sta-load-balance mode........................................................................................................................................... 1509
11.106 uac channel-utilization threshold....................................................................................................................... 1511
11.107 uac enable................................................................................................................................................................... 1512
11.108 uac client-number threshold.................................................................................................................................1514
11.109 uac client-snr threshold.......................................................................................................................................... 1515
11.110 uac reach-access-threshold................................................................................................................................... 1517
12 WLAN Roaming Commands (Common AP)............................................................. 1519

12.1 display station roam-track..........................................................................................................................................1519
12.2 display station roam-statistics.................................................................................................................................. 1521
12.3 dot11r enable.................................................................................................................................................................. 1522
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxvi

Fat AP and Cloud AP
13 WLAN Location Configuration Commands (Common AP)...................................1524

13.1 ble....................................................................................................................................................................................... 1525
13.2 ble low-power-threshold............................................................................................................................................. 1525
13.3 ble monitoring-list.........................................................................................................................................................1527
13.4 broadcaster enable........................................................................................................................................................1528
13.5 broadcasting-content................................................................................................................................................... 1529
13.6 broadcasting-interval................................................................................................................................................... 1532
13.7 display ble-profile.......................................................................................................................................................... 1533
13.8 display location-profile................................................................................................................................................ 1536
13.9 display references ble-profile.....................................................................................................................................1538
13.10 display references location-profile........................................................................................................................ 1539
13.11 display wlan ble global configuration..................................................................................................................1540
13.12 display wlan ble monitoring-list............................................................................................................................ 1541
13.13 display wlan ble site-info..........................................................................................................................................1542
13.14 location-profile............................................................................................................................................................. 1545
13.15 location-profile (WLAN view)................................................................................................................................. 1546
13.16 private mu protocol-version.................................................................................................................................... 1547
13.17 private mu-enable...................................................................................................................................................... 1549
13.18 private report-frequency........................................................................................................................................... 1549
13.19 private server................................................................................................................................................................ 1550
13.20 report-mode.................................................................................................................................................................. 1552
13.21 report-to-server............................................................................................................................................................1553
13.22 reset wlan ble site-info.............................................................................................................................................. 1555
13.23 sniffer enable................................................................................................................................................................ 1556
13.24 tx-power (BLE profile view).....................................................................................................................................1557
14 WLAN Security Configuration Commands (Common AP)....................................1559

14.1 anti-attack flood blacklist enable............................................................................................................................ 1560
14.2 anti-attack flood disable............................................................................................................................................. 1562
14.3 anti-attack flood sta-rate-threshold....................................................................................................................... 1564
14.4 arp anti-attack check user-bind enable................................................................................................................. 1566
14.5 brute-force-detect interval......................................................................................................................................... 1567
14.6 brute-force-detect quiet-time................................................................................................................................... 1568
14.7 brute-force-detect threshold..................................................................................................................................... 1569
14.8 contain............................................................................................................................................................................... 1571
14.9 contain-mode.................................................................................................................................................................. 1572
14.10 device report-interval................................................................................................................................................. 1573
14.11 dhcp trust port............................................................................................................................................................. 1575
14.12 display ap radio-environment................................................................................................................................. 1576
14.13 display wlan wids manual-contain device-mac-list........................................................................................ 1578
14.14 display wlan ids attack-detected........................................................................................................................... 1579
14.15 display wlan ids attack-detected statistics......................................................................................................... 1583
14.16 display wlan ids attack-history............................................................................................................................... 1585
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxvii

Fat AP and Cloud AP
14.17 display wlan ids contain............................................................................................................................................1587

14.18 display wlan ids device-detected........................................................................................................................... 1590
14.19 display wlan ids device-detected statistics......................................................................................................... 1596
14.20 display wlan dynamic-blacklist............................................................................................................................... 1598
14.21 display wlan ids rogue-history................................................................................................................................ 1600
14.22 display wlan ids spoof-ssid fuzzy-match.............................................................................................................1603
14.23 dynamic-blacklist aging-time..................................................................................................................................1605
14.24 dynamic-blacklist enable.......................................................................................................................................... 1606
14.25 flood-detect interval...................................................................................................................................................1607
14.26 flood-detect quiet-time............................................................................................................................................. 1608
14.27 flood-detect threshold............................................................................................................................................... 1610
14.28 ip source check user-bind enable.......................................................................................................................... 1611
14.29 learn-client-address dhcp-strict..............................................................................................................................1612
14.30 learn-client-address disable (VAP profile view)............................................................................................... 1613
14.31 permit-ap....................................................................................................................................................................... 1614
14.32 reset wlan ids attack-detected................................................................................................................................1617
14.33 reset wlan ids attack-detected statistics............................................................................................................. 1619
14.34 reset wlan ids attack-history................................................................................................................................... 1619
14.35 reset wlan dynamic-blacklist................................................................................................................................... 1621
14.36 reset wlan ids rogue-history.................................................................................................................................... 1622
14.37 rogue-device log enable........................................................................................................................................... 1624
14.38 spoof-detect quiet-time............................................................................................................................................ 1624
14.39 spoof-ssid....................................................................................................................................................................... 1626
14.40 sta arp-nd-proxy before-assoc................................................................................................................................ 1627
14.41 weak-iv-detect quiet-time........................................................................................................................................ 1628
14.42 wids.................................................................................................................................................................................. 1630
14.43 wids attack detect enable........................................................................................................................................ 1630
14.44 wids contain enable................................................................................................................................................... 1632
14.45 wids device detect enable........................................................................................................................................ 1633
14.46 wids manual-contain................................................................................................................................................. 1634
14.47 work-mode.................................................................................................................................................................... 1635
15 WLAN Mesh Configuration Commands (Cloud AP)...............................................1637

15.1 display mesh-profile (Cloud AP).............................................................................................................................. 1638
15.2 display mesh-whitelist-profile (Cloud AP)............................................................................................................ 1641
15.3 display mesh vap (Cloud AP).................................................................................................................................... 1643
15.4 display references mesh-profile (Cloud AP)......................................................................................................... 1644
15.5 display references mesh-whitelist-profile (Cloud AP).......................................................................................1645
15.6 display wlan mesh link (Cloud AP)......................................................................................................................... 1646
15.7 link-aging-time (Cloud AP)........................................................................................................................................ 1649
15.8 link-report-interval (Cloud AP)................................................................................................................................. 1650
15.9 link-rssi-threshold (Cloud AP)................................................................................................................................... 1651
15.10 max-link-number (Cloud AP).................................................................................................................................. 1652
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxviii

Fat AP and Cloud AP
15.11 mesh-id (Cloud AP).................................................................................................................................................... 1653

15.12 mesh-profile (Cloud AP)........................................................................................................................................... 1654
15.13 mesh-profile (WLAN radio interface view)(Cloud AP).................................................................................. 1655
15.14 mesh-whitelist-profile (Cloud AP).........................................................................................................................1657
15.15 mesh-whitelist-profile (WLAN radio interface view)(Cloud AP)................................................................ 1658
15.16 peer-ap mac (Mesh whitelist profile view) (Cloud AP)................................................................................. 1659
15.17 security-profile (Mesh profile view) (Cloud AP).............................................................................................. 1660
16 Vehicle-Ground Fast Link Handover Configuration Commands..........................1662

16.1 antenna-output.............................................................................................................................................................. 1663
16.2 client-mode enable....................................................................................................................................................... 1665
16.3 dhcp trust port (Mesh profile view)........................................................................................................................ 1666
16.4 display mesh vap........................................................................................................................................................... 1667
16.5 display mesh-handover-profile................................................................................................................................. 1668
16.6 display mesh-handover-trace.................................................................................................................................... 1671
16.7 display mesh-neighbor-rssi.........................................................................................................................................1673
16.8 display mesh-profile..................................................................................................................................................... 1675
16.9 display mesh-proxy-equip...........................................................................................................................................1678
16.10 display mesh-whitelist-profile................................................................................................................................ 1679
16.11 display references mesh-handover-profile......................................................................................................... 1681
16.12 display references mesh-profile............................................................................................................................. 1682
16.13 display references mesh-whitelist-profile........................................................................................................... 1683
16.14 display wlan mesh link.............................................................................................................................................. 1685
16.15 display wlan mesh switch-record all.................................................................................................................... 1687
16.16 link-aging-time.............................................................................................................................................................1688
16.17 link-hold-period........................................................................................................................................................... 1689
16.18 link-probe-interval...................................................................................................................................................... 1690
16.19 link-report-interval...................................................................................................................................................... 1691
16.20 link-rssi-threshold........................................................................................................................................................1692
16.21 location-based-algorithm enable.......................................................................................................................... 1693
16.22 max-link-number......................................................................................................................................................... 1695
16.23 max-rssi-threshold...................................................................................................................................................... 1696
16.24 mesh-handover-profile..............................................................................................................................................1697
16.25 mesh-handover-profile (Mesh profile view)......................................................................................................1699
16.26 mesh-id........................................................................................................................................................................... 1700
16.27 mesh-profile.................................................................................................................................................................. 1701
16.28 mesh-profile (WLAN radio interface view)........................................................................................................ 1702
16.29 mesh-proxy onboard-equip..................................................................................................................................... 1703
16.30 mesh-proxy trackside-equip.................................................................................................................................... 1705
16.31 mesh-whitelist-profile............................................................................................................................................... 1706
16.32 mesh-whitelist-profile (WLAN radio interface view)......................................................................................1707
16.33 min-rssi-threshold....................................................................................................................................................... 1709
16.34 peer-ap mac (Mesh whitelist profile view)........................................................................................................ 1710
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxix

Fat AP and Cloud AP
16.35 priority-map dscp (Mesh profile view)................................................................................................................ 1711

16.36 priority-map trust (Mesh profile view)................................................................................................................1713
16.37 p-n criteria..................................................................................................................................................................... 1714
16.38 rssi-margin..................................................................................................................................................................... 1715
16.39 security-profile (Mesh profile view)..................................................................................................................... 1716
16.40 switch-probe-interval................................................................................................................................................. 1717
16.41 urgent-handover low-rate........................................................................................................................................ 1718
16.42 urgent-handover punishment................................................................................................................................. 1720
17 Hotspot2.0 Configuration Commands (Common AP)........................................... 1722

17.1 cellular-network-profile.............................................................................................................................................. 1724
17.2 cellular-network-profile (Hotspot2.0 profile view)............................................................................................1725
17.3 connection-capability-profile..................................................................................................................................... 1726
17.4 connection-capability-profile (Hotspot2.0 profile view).................................................................................. 1728
17.5 connection-capability................................................................................................................................................... 1729
17.6 display cellular-network-profile............................................................................................................................... 1730
17.7 display connection-capability-profile......................................................................................................................1732
17.8 display hotspot2-profile.............................................................................................................................................. 1735
17.9 display nai-realm-profile............................................................................................................................................. 1738
17.10 display operating-class-profile............................................................................................................................... 1740
17.11 display operator-domain-profile............................................................................................................................ 1741
17.12 display operator-name-profile................................................................................................................................1743
17.13 display references cellular-network-profile........................................................................................................1744
17.14 display references connection-capability-profile.............................................................................................. 1745
17.15 display references hotspot2-profile.......................................................................................................................1747
17.16 display references nai-realm-profile..................................................................................................................... 1748
17.17 display references operating-class-profile.......................................................................................................... 1749
17.18 display references operator-domain-profile...................................................................................................... 1750
17.19 display references operator-name-profile.......................................................................................................... 1751
17.20 display references roaming-consortium-profile................................................................................................1752
17.21 display references venue-name-profile............................................................................................................... 1754
17.22 display roaming-consortium-profile..................................................................................................................... 1755
17.23 display venue-name-profile..................................................................................................................................... 1757
17.24 domain-name............................................................................................................................................................... 1758
17.25 hessid............................................................................................................................................................................... 1760
17.26 hotspot2-profile........................................................................................................................................................... 1761
17.27 hotspot2-profile (VAP profile view)...................................................................................................................... 1762
17.28 ipv4-address-avail....................................................................................................................................................... 1764
17.29 nai-realm-profile......................................................................................................................................................... 1765
17.30 nai-realm-profile (Hotspot2.0 profile view)...................................................................................................... 1766
17.31 nai-realm........................................................................................................................................................................ 1767
17.32 network-authen-type................................................................................................................................................. 1769
17.33 network-type................................................................................................................................................................ 1770
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxx

Fat AP and Cloud AP
17.34 operating-class-indication........................................................................................................................................ 1772

17.35 operating-class-profile.............................................................................................................................................. 1773
17.36 operating-class-profile (Hotspot2.0 profile view)............................................................................................1774
17.37 operator-domain-profile........................................................................................................................................... 1775
17.38 operator-domain-profile (Hotspot2.0 profile view)........................................................................................ 1777
17.39 operator-friendly-name............................................................................................................................................. 1778
17.40 operator-name-profile...............................................................................................................................................1780
17.41 operator-name-profile (Hotspot2.0 profile view)............................................................................................1781
17.42 p2p-cross-connect disable........................................................................................................................................1782
17.43 plmn-id........................................................................................................................................................................... 1783
17.44 roaming-consortium-oi............................................................................................................................................. 1784
17.45 roaming-consortium-profile.................................................................................................................................... 1785
17.46 roaming-consortium-profile (Hotspot2.0 profile view)................................................................................. 1787
17.47 venue-name-profile.................................................................................................................................................... 1788
17.48 venue-name-profile (Hotspot2.0 profile view)................................................................................................. 1789
17.49 venue-name.................................................................................................................................................................. 1790
17.50 venue-type..................................................................................................................................................................... 1792
18 IoT AP Configuration Commands............................................................................... 1794

18.1 iot-card reboot................................................................................................................................................................ 1794
18.2 iot-card reset-factory-configuration....................................................................................................................... 1795
18.3 iot-card reset-network-configuration..................................................................................................................... 1796
18.4 iot-card switch-firmware.............................................................................................................................................1797
19 WLAN Traffic Optimization Commands (Common AP)........................................1799

19.1 broadcast-suppression auto-detect......................................................................................................................... 1800
19.2 display wlan igmp-snooping vap-cac..................................................................................................................... 1801
19.3 igmp-snooping max-bandwidth (traffic profile view)...................................................................................... 1802
19.4 igmp-snooping max-user (traffic profile view)................................................................................................... 1803
19.5 igmp-snooping enable (traffic profile view)........................................................................................................ 1804
19.6 multicast-suppression auto-detect.......................................................................................................................... 1805
19.7 service-guarantee.......................................................................................................................................................... 1806
19.8 traffic-optimize arp-proxy enable............................................................................................................................ 1808
19.9 traffic-optimize bcmc deny all.................................................................................................................................. 1809
19.10 traffic-optimize bcmc unicast-send.......................................................................................................................1810
19.11 traffic-optimize bcmc unicast-send mismatch-action drop..........................................................................1811
19.12 traffic-optimize broadcast-suppression............................................................................................................... 1812
19.13 traffic-optimize multicast-suppression................................................................................................................ 1813
19.14 traffic-optimize multicast-unicast enable........................................................................................................... 1814
19.15 traffic-optimize multicast-unicast dynamic-adaptive disable......................................................................1815
19.16 traffic-optimize sta-bridge-forward disable....................................................................................................... 1816
19.17 traffic-optimize tcp adjust-mss.............................................................................................................................. 1817
19.18 traffic-optimize unicast-suppression.................................................................................................................... 1819
19.19 unicast-suppression auto-detect............................................................................................................................ 1820
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxi

Fat AP and Cloud AP
19.20 unicast-suppression auto-detect disable............................................................................................................. 1821
20 WLAN Service Configuration Commands (Central AP).........................................1823

20.1 active-dull-client enable..............................................................................................................................................1827
20.2 advertise-ap-name enable..........................................................................................................................................1828
20.3 antenna-gain................................................................................................................................................................... 1829
20.4 ap auth-mode................................................................................................................................................................. 1831
20.5 ap blacklist....................................................................................................................................................................... 1832
20.6 ap data-collection enable........................................................................................................................................... 1833
20.7 ap data-collection interval......................................................................................................................................... 1834
20.8 ap modify......................................................................................................................................................................... 1835
20.9 ap whitelist...................................................................................................................................................................... 1836
20.10 ap-confirm..................................................................................................................................................................... 1838
20.11 ap-id................................................................................................................................................................................. 1839
20.12 ap-mac............................................................................................................................................................................ 1841
20.13 association-timeout.................................................................................................................................................... 1842
20.14 auto-off service............................................................................................................................................................ 1843
20.15 beacon-2g-rate.............................................................................................................................................................1845
20.16 beacon-5g-rate.............................................................................................................................................................1847
20.17 beacon-interval............................................................................................................................................................ 1848
20.18 beamforming enable..................................................................................................................................................1849
20.19 capwap control-link-priority.................................................................................................................................... 1850
20.20 capwap dtls control-link encrypt........................................................................................................................... 1852
20.21 capwap dtls psk........................................................................................................................................................... 1853
20.22 capwap dtls psk-mandatory-match enable........................................................................................................1855
20.23 capwap echo................................................................................................................................................................. 1856
20.24 capwap message-integrity psk............................................................................................................................... 1857
20.25 capwap message-integrity check disable........................................................................................................... 1859
20.26 capwap sensitive-info psk........................................................................................................................................ 1860
20.27 capwap source interface........................................................................................................................................... 1861
20.28 capwap source ip-address........................................................................................................................................ 1862
20.29 channel........................................................................................................................................................................... 1863
20.30 channel-switch announcement disable............................................................................................................... 1865
20.31 channel-switch mode................................................................................................................................................. 1866
20.32 copy-from.......................................................................................................................................................................1867
20.33 country-code................................................................................................................................................................. 1869
20.34 coverage distance........................................................................................................................................................ 1873
20.35 deny-broadcast-probe enable................................................................................................................................. 1875
20.36 dhcp option82 insert enable....................................................................................................................................1876
20.37 dhcp option82 format (VAP profile view).......................................................................................................... 1877
20.38 display ap....................................................................................................................................................................... 1879
20.39 display ap blacklist......................................................................................................................................................1888
20.40 display ap config-info................................................................................................................................................ 1889
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxii

Fat AP and Cloud AP
20.41 display ap configurable channel............................................................................................................................ 1896

20.42 display ap global configuration..............................................................................................................................1898
20.43 display ap offline-record........................................................................................................................................... 1899
20.44 display ap online-fail-record................................................................................................................................... 1904
20.45 display ap sta-signal strength................................................................................................................................. 1908
20.46 display ap statistics..................................................................................................................................................... 1910
20.47 display ap unauthorized record.............................................................................................................................. 1911
20.48 display ap whitelist..................................................................................................................................................... 1912
20.49 display ap-group.......................................................................................................................................................... 1913
20.50 display capwap configuration................................................................................................................................. 1920
20.51 display radio.................................................................................................................................................................. 1922
20.52 display radio-2g-profile............................................................................................................................................. 1925
20.53 display radio-5g-profile............................................................................................................................................. 1932
20.54 display references radio-2g-profile....................................................................................................................... 1939
20.55 display references radio-5g-profile....................................................................................................................... 1940
20.56 display references regulatory-domain-profile................................................................................................... 1941
20.57 display references ssid-profile................................................................................................................................. 1942
20.58 display references vap-profile................................................................................................................................. 1943
20.59 display regulatory-domain-profile........................................................................................................................ 1945
20.60 display ssid-profile...................................................................................................................................................... 1947
20.61 display station.............................................................................................................................................................. 1953
20.62 display station online-fail-record........................................................................................................................... 1961
20.63 display station offline-record.................................................................................................................................. 1967
20.64 display station online-track..................................................................................................................................... 1972
20.65 display station statistics............................................................................................................................................ 1974
20.66 display vap..................................................................................................................................................................... 1980
20.67 display vap-profile...................................................................................................................................................... 1981
20.68 display vap create-fail-record................................................................................................................................. 1991
20.69 display vap-service-backup auth-server-down..................................................................................................1995
20.70 display wlan config-errors........................................................................................................................................1996
20.71 dot11a basic-rate.........................................................................................................................................................1997
20.72 dot11a supported-rate.............................................................................................................................................. 1999
20.73 dot11bg basic-rate...................................................................................................................................................... 2000
20.74 dot11bg supported-rate............................................................................................................................................ 2002
20.75 dtim-interval................................................................................................................................................................. 2004
20.76 eirp................................................................................................................................................................................... 2005
20.77 fragmentation-threshold.......................................................................................................................................... 2007
20.78 guard-interval-mode.................................................................................................................................................. 2008
20.79 ht a-mpdu disable....................................................................................................................................................... 2009
20.80 ht a-mpdu max-length-exponent..........................................................................................................................2010
20.81 legacy-station disable................................................................................................................................................ 2012
20.82 max-sta-number (SSID profile view)................................................................................................................... 2013
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxiii

Fat AP and Cloud AP
20.83 multicast-rate............................................................................................................................................................... 2014

20.84 mu-mimo disable........................................................................................................................................................ 2016
20.85 mu-mimo optimize enable...................................................................................................................................... 2017
20.86 probe-response-retry..................................................................................................................................................2018
20.87 qbss-load enable......................................................................................................................................................... 2019
20.88 radio................................................................................................................................................................................. 2020
20.89 radio disable.................................................................................................................................................................. 2021
20.90 radio-2g-profile (WLAN view)................................................................................................................................ 2022
20.91 radio-2g-profile............................................................................................................................................................ 2024
20.92 radio-5g-profile (WLAN view)................................................................................................................................ 2025
20.93 radio-5g-profile............................................................................................................................................................ 2026
20.94 radio-type (2G radio profile view)........................................................................................................................ 2027
20.95 radio-type (5G radio profile view)........................................................................................................................ 2029
20.96 reach-max-sta.............................................................................................................................................................. 2030
20.97 regulatory-domain-profile (WLAN view)............................................................................................................2031
20.98 regulatory-domain-profile....................................................................................................................................... 2032
20.99 report-sta-assoc enable.............................................................................................................................................2034
20.100 reset ap offline-record............................................................................................................................................ 2035
20.101 reset ap online-fail-record..................................................................................................................................... 2035
20.102 reset ap unauthorized record............................................................................................................................... 2036
20.103 reset channel switch-record.................................................................................................................................. 2037
20.104 reset station offline-record.................................................................................................................................... 2038
20.105 reset station online-fail-record.............................................................................................................................2039
20.106 reset station statistics.............................................................................................................................................. 2040
20.107 reset vap create-fail-record all............................................................................................................................. 2041
20.108 rf-ping........................................................................................................................................................................... 2041
20.109 rts-cts-mode............................................................................................................................................................... 2043
20.110 rts-cts-threshold........................................................................................................................................................ 2044
20.111 service-mode disable............................................................................................................................................... 2045
20.112 service-vlan (VAP profile view)............................................................................................................................ 2046
20.113 short-preamble disable........................................................................................................................................... 2047
20.114 single-txchain enable.............................................................................................................................................. 2048
20.115 snmp-agent trap enable feature-name wlan..................................................................................................2049
20.116 ssid................................................................................................................................................................................. 2050
20.117 ssid-hide enable........................................................................................................................................................ 2052
20.118 ssid-profile (WLAN view)....................................................................................................................................... 2053
20.119 ssid-profile (VAP profile view)............................................................................................................................. 2054
20.120 sta-network-detect disable.................................................................................................................................... 2055
20.121 type (VAP profile view)...........................................................................................................................................2056
20.122 u-apsd enable............................................................................................................................................................ 2058
20.123 undo ap........................................................................................................................................................................ 2059
20.124 utmost-power.............................................................................................................................................................2060
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxiv

Fat AP and Cloud AP
20.125 vap-profile (WLAN view)....................................................................................................................................... 2061

20.126 vap-profile................................................................................................................................................................... 2062
20.127 vap-service-backup auth-server-down.............................................................................................................. 2063
20.128 vht a-mpdu max-length-exponent..................................................................................................................... 2065
20.129 vht a-msdu enable................................................................................................................................................... 2067
20.130 vht a-msdu max-frame-num................................................................................................................................ 2068
20.131 vht mcs-map...............................................................................................................................................................2069
20.132 vht mcs-map (SSID profile)...................................................................................................................................2071
20.133 wlan............................................................................................................................................................................... 2072
21 RU Management Configuration Commands (Central AP)................................... 2074

21.1 access-user syslog-restrain enable...........................................................................................................................2079
21.2 access-user syslog-restrain period........................................................................................................................... 2080
21.3 ac-list (AP view)............................................................................................................................................................. 2081
21.4 ac-list (AP provisioning view).................................................................................................................................... 2082
21.5 address-mode (AP view)............................................................................................................................................. 2083
21.6 address-mode (AP provisioning view).................................................................................................................... 2084
21.7 alarm-restriction disable............................................................................................................................................. 2085
21.8 alarm-restriction period.............................................................................................................................................. 2086
21.9 ap lldp enable................................................................................................................................................................. 2087
21.10 ap manufacturer-config............................................................................................................................................ 2088
21.11 ap update ftp-server.................................................................................................................................................. 2089
21.12 ap update ftp-server max-connect-number...................................................................................................... 2092
21.13 ap update load............................................................................................................................................................. 2093
21.14 ap update mode.......................................................................................................................................................... 2095
21.15 ap update multi-load................................................................................................................................................. 2096
21.16 ap update multi-reset................................................................................................................................................ 2098
21.17 ap update reset............................................................................................................................................................ 2100
21.18 ap update sftp-server.................................................................................................................................................2101
21.19 ap update sftp-server max-connect-number.....................................................................................................2103
21.20 ap update update-filename..................................................................................................................................... 2104
21.21 ap update schedule-task.......................................................................................................................................... 2106
21.22 ap username................................................................................................................................................................. 2110
21.23 ap-group......................................................................................................................................................................... 2112
21.24 ap-group (AP view).................................................................................................................................................... 2114
21.25 ap-name......................................................................................................................................................................... 2115
21.26 ap-name (AP provisioning view)........................................................................................................................... 2116
21.27 ap-name (AP view).....................................................................................................................................................2117
21.28 ap password policy..................................................................................................................................................... 2119
21.29 ap-patch update load................................................................................................................................................ 2120
21.30 ap-patch update multi-load.................................................................................................................................... 2121
21.31 ap-patch update update-filename........................................................................................................................ 2123
21.32 ap-regroup..................................................................................................................................................................... 2124
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxv

Fat AP and Cloud AP
21.33 ap-rename..................................................................................................................................................................... 2126

21.34 ap-reset........................................................................................................................................................................... 2128
21.35 ap-system-profile (WLAN view)............................................................................................................................ 2129
21.36 ap-system-profile (AP group view and AP view)............................................................................................. 2131
21.37 broadcast-suppression auto-detect (AP system profile view)..................................................................... 2132
21.38 channel-load-mode indoor...................................................................................................................................... 2133
21.39 clear configuration this............................................................................................................................................. 2134
21.40 commit (AP provisioning view).............................................................................................................................. 2135
21.41 console ble-mode (AP system profile view)...................................................................................................... 2136
21.42 console disable............................................................................................................................................................. 2137
21.43 coordinate...................................................................................................................................................................... 2138
21.44 cpu-usage threshold................................................................................................................................................... 2140
21.45 crc-alarm enable.......................................................................................................................................................... 2141
21.46 description (AP wired port profile view)............................................................................................................. 2142
21.47 dai enable (AP wired port profile view).............................................................................................................. 2143
21.48 dhcp client option12.................................................................................................................................................. 2144
21.49 display ap around-ssid-list....................................................................................................................................... 2146
21.50 display ap asyn-message err-info.......................................................................................................................... 2147
21.51 display ap config-fail-record................................................................................................................................... 2149
21.52 display ap coordinate................................................................................................................................................. 2150
21.53 display ap elabel.......................................................................................................................................................... 2151
21.54 display ap lldp neighbor........................................................................................................................................... 2154
21.55 display ap led................................................................................................................................................................ 2161
21.56 display ap optical-info............................................................................................................................................... 2162
21.57 display ap performance statistics.......................................................................................................................... 2165
21.58 display ap provision.................................................................................................................................................... 2168
21.59 display ap port............................................................................................................................................................. 2169
21.60 display ap power-workmode................................................................................................................................... 2172
21.61 display ap run-info......................................................................................................................................................2174
21.62 display ap service-config acl....................................................................................................................................2177
21.63 display ap uncontrol all.............................................................................................................................................2178
21.64 display ap update configuration............................................................................................................................ 2179
21.65 display ap update schedule-task........................................................................................................................... 2182
21.66 display ap update status........................................................................................................................................... 2183
21.67 display ap username.................................................................................................................................................. 2193
21.68 display ap version........................................................................................................................................................2194
21.69 display ap wired-port................................................................................................................................................. 2201
21.70 display ap-system-profile......................................................................................................................................... 2205
21.71 display ap-type............................................................................................................................................................. 2219
21.72 display distribute-ap...................................................................................................................................................2222
21.73 display mac-address ap-all...................................................................................................................................... 2229
21.74 display mac-address { ap-id | ap-name }............................................................................................................ 2231
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxvi

Fat AP and Cloud AP
21.75 display management-vlan........................................................................................................................................2232

21.76 display port-link-profile............................................................................................................................................ 2233
21.77 display provision-ap parameter-list...................................................................................................................... 2237
21.78 display references ap-system-profile.................................................................................................................... 2239
21.79 display references port-link-profile....................................................................................................................... 2240
21.80 display references wired-port-profile................................................................................................................... 2241
21.81 display resource occupancy message................................................................................................................... 2243
21.82 display wired-port-profile.........................................................................................................................................2244
21.83 display wlan ble-link-info......................................................................................................................................... 2249
21.84 display wlan console ble statistics.........................................................................................................................2250
21.85 disk-usage threshold.................................................................................................................................................. 2252
21.86 eapol-response dest-address transform-condition.......................................................................................... 2253
21.87 eapol-response dest-address transform-to........................................................................................................ 2254
21.88 eapol-start dest-address transform-condition.................................................................................................. 2255
21.89 eapol-start dest-address transform-to................................................................................................................. 2257
21.90 eth-trunk (AP wired port profile view)................................................................................................................ 2258
21.91 high-temperature threshold.................................................................................................................................... 2259
21.92 ipsg enable (AP wired port profile view)............................................................................................................ 2260
21.93 ip-address (AP view).................................................................................................................................................. 2261
21.94 ip-address (AP provisioning view)......................................................................................................................... 2263
21.95 igmp-snooping enable (AP wired port profile view)...................................................................................... 2264
21.96 learn-client-address (AP wired port profile view)........................................................................................... 2265
21.97 led blink-time............................................................................................................................................................... 2266
21.98 led off.............................................................................................................................................................................. 2268
21.99 lldp admin-status........................................................................................................................................................ 2269
21.100 lldp dot3-tlv power (AP wired port link profile view)..................................................................................2270
21.101 lldp enable.................................................................................................................................................................. 2272
21.102 lldp message-transmission delay (AP system profile view).......................................................................2273
21.103 lldp message-transmission hold-multiplier (AP system profile view)....................................................2275
21.104 lldp message-transmission interval (AP system profile view).................................................................. 2276
21.105 lldp report enable..................................................................................................................................................... 2278
21.106 lldp report-interval................................................................................................................................................... 2279
21.107 lldp restart-delay....................................................................................................................................................... 2280
21.108 lldp tlv-enable (AP wired port link profile view)........................................................................................... 2281
21.109 lldp tlv-enable legacy-tlv four-pair-power (AP wired port link profile view)...................................... 2283
21.110 lldp tlv-enable legacy-tlv power-capability (AP wired port link profile view).................................... 2284
21.111 log-record-level......................................................................................................................................................... 2285
21.112 log-server..................................................................................................................................................................... 2287
21.113 low-temperature threshold................................................................................................................................... 2288
21.114 management-vlan.................................................................................................................................................... 2289
21.115 memory-usage threshold....................................................................................................................................... 2290
21.116 mode (AP wired port profile view)..................................................................................................................... 2291
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxvii

Fat AP and Cloud AP
21.117 mtu (cloud central AP)........................................................................................................................................... 2293

21.118 mtu................................................................................................................................................................................ 2295
21.119 multicast-suppression auto-detect (AP system profile view)....................................................................2297
21.120 password alert before-expire (AP password policy view)........................................................................... 2298
21.121 password alert original (AP password policy view)...................................................................................... 2299
21.122 password expire (AP password policy view)....................................................................................................2300
21.123 password history record number (AP password policy view)....................................................................2301
21.124 poe af-inrush enable (AP system profile view).............................................................................................. 2302
21.125 poe disable (AP wired port link profile view)................................................................................................. 2304
21.126 poe force-power (AP wired port link profile view)....................................................................................... 2305
21.127 poe high-inrush enable (AP system profile view)......................................................................................... 2306
21.128 poe legacy enable (AP wired port link profile view).................................................................................... 2307
21.129 poe max-power (AP system profile view)........................................................................................................ 2308
21.130 poe power-reserved (AP system profile view)................................................................................................ 2309
21.131 poe power-threshold (AP system profile view).............................................................................................. 2310
21.132 poe power-off time-range (AP wired port link profile view).................................................................... 2311
21.133 poe priority (AP wired port link profile view).................................................................................................2313
21.134 port-link-profile (WLAN view)............................................................................................................................. 2314
21.135 port-link-profile (AP wired port profile view).................................................................................................2315
21.136 provision-ap................................................................................................................................................................ 2316
21.137 report-disassoc-request disable........................................................................................................................... 2317
21.138 report-sta-info enable............................................................................................................................................. 2318
21.139 reset mac-address..................................................................................................................................................... 2319
21.140 reset statistics............................................................................................................................................................. 2320
21.141 reset wlan console ble statistics.......................................................................................................................... 2321
21.142 sample-time................................................................................................................................................................ 2322
21.143 sftp server disable..................................................................................................................................................... 2323
21.144 shutdown (AP wired port link profile view).................................................................................................... 2324
21.145 ssh client first-time enable (AP system profile view).................................................................................. 2325
21.146 sta-ipv6-service enable........................................................................................................................................... 2326
21.147 stelnet server disable............................................................................................................................................... 2327
21.148 stp auto-shutdown enable (AP wired port profile view)............................................................................ 2327
21.149 stp auto-shutdown recovery-time (AP wired port profile view).............................................................. 2329
21.150 stp enable (AP wired port profile view)............................................................................................................2330
21.151 telnet enable.............................................................................................................................................................. 2331
21.152 traffic-filter (AP wired port profile view)......................................................................................................... 2332
21.153 traffic-remark (AP wired port profile view).................................................................................................... 2335
21.154 traffic-optimize (AP wired port profile view)..................................................................................................2337
21.155 traffic-optimize broadcast-suppression disable (AP system profile view)............................................ 2339
21.156 traffic-optimize broadcast-suppression rate-threshold (AP system profile view)..............................2341
21.157 traffic-optimize tcp adjust-mss............................................................................................................................ 2343
21.158 unicast-suppression auto-detect (AP system profile view)........................................................................ 2344
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxviii

Fat AP and Cloud AP
21.159 unicast-suppression auto-detect disable (AP system profile view).........................................................2345

21.160 user-interface vty acl............................................................................................................................................... 2346
21.161 user-interface vty idle-timeout............................................................................................................................ 2348
21.162 user-interface vty screen-length.......................................................................................................................... 2349
21.163 user-isolate (AP wired port profile view)......................................................................................................... 2350
21.164 usb enable (AP system profile view)................................................................................................................. 2351
21.165 vlan pvid (AP wired port profile view).............................................................................................................. 2352
21.166 vlan (AP wired port profile view)........................................................................................................................ 2354
21.167 wired-port-profile (WLAN view)......................................................................................................................... 2356
21.168 wired-port-profile (AP group view and view).................................................................................................2358
22 WLAN Radio Resource Management Configuration Commands (Central AP)

.................................................................................................................................................. 2360
22.1 amc-policy........................................................................................................................................................................ 2364
22.2 air-scan-profile............................................................................................................................................................... 2365
22.3 air-scan-profile (radio profile view)........................................................................................................................ 2366
22.4 band-steer balance gap-threshold.......................................................................................................................... 2367
22.5 band-steer balance start-threshold......................................................................................................................... 2369
22.6 band-steer client-band-expire................................................................................................................................... 2370
22.7 band-steer deny-threshold......................................................................................................................................... 2371
22.8 band-steer disable......................................................................................................................................................... 2372
22.9 band-steer snr-threshold............................................................................................................................................. 2374
22.10 btm-fail-times.............................................................................................................................................................. 2375
22.11 calibrate auto-bandwidth-selection...................................................................................................................... 2376
22.12 calibrate auto-channel-select................................................................................................................................. 2377
22.13 calibrate auto-txpower-select................................................................................................................................. 2378
22.14 calibrate enable { auto | manual | schedule time }......................................................................................... 2379
22.15 calibrate environment-deterioration-blacklist...................................................................................................2381
22.16 calibrate error-rate-check......................................................................................................................................... 2382
22.17 calibrate error-rate-threshold..................................................................................................................................2384
22.18 calibrate tpc threshold...............................................................................................................................................2385
22.19 calibrate flexible-radio...............................................................................................................................................2386
22.20 calibrate flexible-radio disable............................................................................................................................... 2387
22.21 calibrate flexible-radio manual-recognize.......................................................................................................... 2388
22.22 calibrate max-tx-power............................................................................................................................................. 2389
22.23 calibrate min-tx-power..............................................................................................................................................2391
22.24 calibrate manual startup.......................................................................................................................................... 2392
22.25 calibrate noise-floor-threshold............................................................................................................................... 2393
22.26 calibrate policy............................................................................................................................................................. 2394
22.27 calibrate reference data-analysis disable............................................................................................................ 2396
22.28 calibrate reference data-analysis........................................................................................................................... 2397
22.29 calibrate sensitivity..................................................................................................................................................... 2398
22.30 calibrate virtual-group-size...................................................................................................................................... 2400
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxxix

Fat AP and Cloud AP
22.31 cca-threshold................................................................................................................................................................ 2401

22.32 channel-utilization gap-threshold......................................................................................................................... 2402
22.33 channel-utilization start-threshold....................................................................................................................... 2403
22.34 dca-channel bandwidth............................................................................................................................................ 2404
22.35 dca-channel channel-set.......................................................................................................................................... 2406
22.36 deauth-fail-times......................................................................................................................................................... 2408
22.37 deny-threshold............................................................................................................................................................. 2409
22.38 dfs recover-delay......................................................................................................................................................... 2410
22.39 dfs smart-selection disable...................................................................................................................................... 2411
22.40 display air-scan-profile.............................................................................................................................................. 2412
22.41 display ap neighbor.................................................................................................................................................... 2414
22.42 display ap neighbor (Cloud Central AP)..............................................................................................................2416
22.43 display ap traffic statistics wireless....................................................................................................................... 2419
22.44 display channel switch-record.................................................................................................................................2424
22.45 display channel switch-record (Cloud Central AP).......................................................................................... 2428
22.46 display flexible-radio status..................................................................................................................................... 2432
22.47 display flexible-radio switch-record...................................................................................................................... 2433
22.48 display references air-scan-profile........................................................................................................................ 2435
22.49 display references rrm-profile................................................................................................................................. 2436
22.50 display rrm-profile...................................................................................................................................................... 2437
22.51 display station neighbor........................................................................................................................................... 2449
22.52 display station neighbor all..................................................................................................................................... 2451
22.53 display station steer-history.................................................................................................................................... 2452
22.54 display station steer-info.......................................................................................................................................... 2455
22.55 display station steer-statistics................................................................................................................................. 2456
22.56 display station unsteerable...................................................................................................................................... 2458
22.57 display sta-load-balance fairness.......................................................................................................................... 2459
22.58 display sta-load-balance static-group.................................................................................................................. 2460
22.59 display wlan calibrate channel-set........................................................................................................................ 2464
22.60 display wlan calibrate global configuration.......................................................................................................2466
22.61 display wlan calibrate statistics.............................................................................................................................. 2468
22.62 dynamic-edca enable................................................................................................................................................. 2469
22.63 dynamic-edca threshold............................................................................................................................................2470
22.64 high-density amc-optimize enable........................................................................................................................2471
22.65 interference adjacent-channel threshold............................................................................................................ 2472
22.66 interference co-channel threshold........................................................................................................................ 2474
22.67 interference detect-enable....................................................................................................................................... 2475
22.68 interference station threshold.................................................................................................................................2476
22.69 member (static load balancing group view)..................................................................................................... 2477
22.70 mode (static load balancing group view)...........................................................................................................2478
22.71 power auto-adjust enable........................................................................................................................................ 2479
22.72 reset ap traffic statistics wireless........................................................................................................................... 2480
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xl

Fat AP and Cloud AP
22.73 reset station steer-statistics..................................................................................................................................... 2481

22.74 reset wlan calibrate statistics.................................................................................................................................. 2482
22.75 rrm-profile (WLAN view)......................................................................................................................................... 2483
22.76 rrm-profile (radio profile view).............................................................................................................................. 2484
22.77 rssi-diff-gap................................................................................................................................................................... 2485
22.78 rssi-threshold................................................................................................................................................................ 2486
22.79 scan-channel-set......................................................................................................................................................... 2487
22.80 scan-disable.................................................................................................................................................................. 2489
22.81 scan-interval..................................................................................................................................................................2490
22.82 scan-period.................................................................................................................................................................... 2491
22.83 smart-antenna { enable | disable }....................................................................................................................... 2492
22.84 smart-antenna throughput-triggered-training................................................................................................. 2493
22.85 smart-antenna training-interval............................................................................................................................ 2494
22.86 smart-antenna training-mpdu-number...............................................................................................................2496
22.87 smart-antenna valid-per-scope.............................................................................................................................. 2497
22.88 smart-roam advanced-scan disable...................................................................................................................... 2498
22.89 smart-roam disable.................................................................................................................................................... 2499
22.90 smart-roam quick-kickoff back-off-time............................................................................................................ 2500
22.91 smart-roam quick-kickoff-snr check-interval.................................................................................................... 2501
22.92 smart-roam quick-kickoff-snr p-n criteria.......................................................................................................... 2503
22.93 smart-roam quick-kickoff-threshold.....................................................................................................................2504
22.94 smart-roam quick-kickoff-threshold { check-snr | check-rate }.................................................................. 2506
22.95 smart-roam quick-kickoff-threshold disable..................................................................................................... 2507
22.96 smart-roam roam-threshold { check-snr | check-rate }................................................................................. 2508
22.97 smart-roam roam-threshold { snr | rate }.......................................................................................................... 2510
22.98 smart-roam snr-margin.............................................................................................................................................2511
22.99 smart-roam unable-roam-client expire-time.................................................................................................... 2513
22.100 sta-load-balance dynamic btm-fail-times........................................................................................................2514
22.101 sta-load-balance dynamic channel-utilization gap-threshold.................................................................. 2516
22.102 sta-load-balance dynamic channel-utilization start-threshold.................................................................2517
22.103 sta-load-balance dynamic deauth-fail-times.................................................................................................. 2518
22.104 sta-load-balance dynamic deny-threshold...................................................................................................... 2520
22.105 sta-load-balance dynamic disable...................................................................................................................... 2521
22.106 sta-load-balance dynamic sta-number gap-threshold................................................................................ 2522
22.107 sta-load-balance dynamic probe-report interval........................................................................................... 2524
22.108 sta-load-balance dynamic rssi-diff-gap............................................................................................................ 2525
22.109 sta-load-balance dynamic rssi-threshold......................................................................................................... 2526
22.110 sta-load-balance dynamic sta-number start-threshold...............................................................................2528
22.111 sta-load-balance dynamic steer-restrict auth-threshold............................................................................. 2529
22.112 sta-load-balance dynamic steer-restrict probe-threshold...........................................................................2530
22.113 sta-load-balance dynamic steer-restrict restrict-time.................................................................................. 2532
22.114 sta-load-balance mode........................................................................................................................................... 2533
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xli

Fat AP and Cloud AP
22.115 sta-load-balance static-group.............................................................................................................................. 2534

22.116 sta-number gap-threshold.....................................................................................................................................2535
22.117 sta-number start-threshold................................................................................................................................... 2537
22.118 steer-restrict auth-threshold................................................................................................................................. 2538
22.119 steer-restrict probe-threshold............................................................................................................................... 2540
22.120 steer-restrict restrict-time...................................................................................................................................... 2541
22.121 uac channel-utilization threshold....................................................................................................................... 2542
22.122 uac enable................................................................................................................................................................... 2544
22.123 uac client-number threshold.................................................................................................................................2545
22.124 uac client-snr threshold.......................................................................................................................................... 2547
22.125 uac reach-access-threshold................................................................................................................................... 2548
23 WLAN Roaming Commands (Central AP)................................................................ 2551

23.1 beacon disable................................................................................................................................................................ 2551
23.2 cts delay............................................................................................................................................................................ 2552
23.3 cts disable......................................................................................................................................................................... 2553
23.4 display station roam-statistics.................................................................................................................................. 2554
23.5 display station roam-track..........................................................................................................................................2557
23.6 dot11r enable.................................................................................................................................................................. 2558
23.7 sfn-roam enable............................................................................................................................................................. 2560
23.8 sfn-roam report-interval............................................................................................................................................. 2562
23.9 sfn-roam roam-check better-times......................................................................................................................... 2563
23.10 sfn-roam roam-check check-interval................................................................................................................... 2564
23.11 sfn-roam roam-check gap-rssi............................................................................................................................... 2565
23.12 sfn-roam roam-check high-threshold.................................................................................................................. 2566
23.13 sfn-roam roam-check low-threshold....................................................................................................................2567
23.14 sfn-roam roam-check rssi-accumulate................................................................................................................ 2568
23.15 sfn-roam roam-check sta-holding times............................................................................................................ 2569
24 WLAN Location Configuration Commands (Central AP)...................................... 2571

24.1 display ble-profile.......................................................................................................................................................... 2571
24.2 display location-profile................................................................................................................................................ 2575
24.3 display references location-profile...........................................................................................................................2577
24.4 display wlan ble site-info............................................................................................................................................ 2578
24.5 location-profile............................................................................................................................................................... 2581
24.6 location-profile (WLAN view)................................................................................................................................... 2582
24.7 private mu protocol-version.......................................................................................................................................2583
24.8 private mu-enable......................................................................................................................................................... 2585
24.9 private report-frequency............................................................................................................................................. 2585
24.10 private server................................................................................................................................................................ 2586
24.11 report-to-server............................................................................................................................................................2588
24.12 sniffer enable................................................................................................................................................................ 2589
25 WLAN Security Configuration Commands (Central AP)....................................... 2592
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xlii

Fat AP and Cloud AP
25.1 anti-attack flood blacklist enable............................................................................................................................ 2594

25.2 anti-attack flood disable............................................................................................................................................. 2596
25.3 anti-attack flood sta-rate-threshold....................................................................................................................... 2597
25.4 arp anti-attack check user-bind enable................................................................................................................. 2599
25.5 brute-force-detect interval......................................................................................................................................... 2600
25.6 brute-force-detect quiet-time................................................................................................................................... 2601
25.7 brute-force-detect threshold..................................................................................................................................... 2603
25.8 contain............................................................................................................................................................................... 2604
25.9 contain-mode.................................................................................................................................................................. 2605
25.10 device report-interval................................................................................................................................................. 2607
25.11 device synchronization-interval.............................................................................................................................. 2608
25.12 dhcp trust port............................................................................................................................................................. 2609
25.13 display ap radio-environment................................................................................................................................. 2610
25.14 display references wids-whitelist-profile............................................................................................................. 2613
25.15 display references wids-profile............................................................................................................................... 2614
25.16 display references wids-spoof-profile...................................................................................................................2615
25.17 display wids-whitelist-profile.................................................................................................................................. 2616
25.18 display wids-profile.....................................................................................................................................................2618
25.19 display wids-spoof-profile........................................................................................................................................ 2621
25.20 display station dynamic-blacklist........................................................................................................................... 2623
25.21 display wlan ids attack-detected........................................................................................................................... 2626
25.22 display wlan ids attack-detected statistics......................................................................................................... 2629
25.23 display wlan ids attack-history............................................................................................................................... 2632
25.24 display wlan ids contain............................................................................................................................................2634
25.25 display wlan ids device-detected........................................................................................................................... 2639
25.26 display wlan ids device-detected statistics......................................................................................................... 2645
25.27 display wlan dynamic-blacklist............................................................................................................................... 2647
25.28 display wlan ids rogue-history................................................................................................................................ 2649
25.29 display wlan ids spoof-ssid fuzzy-match.............................................................................................................2652
25.30 dynamic-blacklist aging-time..................................................................................................................................2654
25.31 dynamic-blacklist enable.......................................................................................................................................... 2655
25.32 flood-detect interval...................................................................................................................................................2656
25.33 flood-detect quiet-time............................................................................................................................................. 2657
25.34 flood-detect threshold............................................................................................................................................... 2659
25.35 ip source check user-bind enable.......................................................................................................................... 2660
25.36 learn-client-address dhcp-strict..............................................................................................................................2661
25.37 learn-client-address (VAP profile view)...............................................................................................................2662
25.38 permit-ap....................................................................................................................................................................... 2663
25.39 reset wlan ids attack-detected................................................................................................................................2667
25.40 reset wlan ids attack-detected statistics............................................................................................................. 2668
25.41 reset wlan ids attack-history................................................................................................................................... 2669
25.42 reset wlan dynamic-blacklist................................................................................................................................... 2670
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xliii

Fat AP and Cloud AP
25.43 reset wlan ids rogue-history.................................................................................................................................... 2672

25.44 rogue-device log enable........................................................................................................................................... 2674
25.45 spoof-detect quiet-time............................................................................................................................................ 2674
25.46 spoof-ssid....................................................................................................................................................................... 2676
25.47 sta arp-nd-proxy before-assoc................................................................................................................................ 2677
25.48 weak-iv-detect quiet-time........................................................................................................................................ 2679
25.49 wids attack detect enable........................................................................................................................................ 2680
25.50 wids contain enable................................................................................................................................................... 2682
25.51 wids device detect enable........................................................................................................................................ 2683
25.52 wids manual-contain................................................................................................................................................. 2684
25.53 wids-whitelist-profile (WLAN view)..................................................................................................................... 2685
25.54 wids-whitelist-profile (WIDS profile view)......................................................................................................... 2687
25.55 wids-profile (WLAN view)........................................................................................................................................ 2688
25.56 wids-profile (AP group view and AP view)........................................................................................................ 2689
25.57 wids-spoof-profile (WLAN view)........................................................................................................................... 2690
25.58 wids-spoof-profile (WIDS profile view)............................................................................................................... 2692
25.59 work-mode.................................................................................................................................................................... 2693
26 Hotspot2.0 Configuration Commands (Central AP)...............................................2695

26.1 cellular-network-profile.............................................................................................................................................. 2697
26.2 cellular-network-profile (Hotspot2.0 profile view)............................................................................................2698
26.3 connection-capability-profile..................................................................................................................................... 2699
26.4 connection-capability-profile (Hotspot2.0 profile view).................................................................................. 2701
26.5 connection-capability................................................................................................................................................... 2702
26.6 display cellular-network-profile............................................................................................................................... 2703
26.7 display connection-capability-profile......................................................................................................................2705
26.8 display hotspot2-profile.............................................................................................................................................. 2708
26.9 display nai-realm-profile............................................................................................................................................. 2711
26.10 display operating-class-profile............................................................................................................................... 2713
26.11 display operator-domain-profile............................................................................................................................ 2714
26.12 display operator-name-profile................................................................................................................................2716
26.13 display references cellular-network-profile........................................................................................................2717
26.14 display references connection-capability-profile.............................................................................................. 2718
26.15 display references hotspot2-profile.......................................................................................................................2720
26.16 display references nai-realm-profile..................................................................................................................... 2721
26.17 display references operating-class-profile.......................................................................................................... 2722
26.18 display references operator-domain-profile...................................................................................................... 2723
26.19 display references operator-name-profile.......................................................................................................... 2724
26.20 display references roaming-consortium-profile................................................................................................2725
26.21 display references venue-name-profile............................................................................................................... 2727
26.22 display roaming-consortium-profile..................................................................................................................... 2728
26.23 display venue-name-profile..................................................................................................................................... 2730
26.24 domain-name............................................................................................................................................................... 2731
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xliv

Fat AP and Cloud AP
26.25 hessid............................................................................................................................................................................... 2733

26.26 hotspot2-profile........................................................................................................................................................... 2734
26.27 hotspot2-profile (VAP profile view)...................................................................................................................... 2735
26.28 ipv4-address-avail....................................................................................................................................................... 2737
26.29 nai-realm-profile......................................................................................................................................................... 2738
26.30 nai-realm-profile (Hotspot2.0 profile view)...................................................................................................... 2739
26.31 nai-realm........................................................................................................................................................................ 2740
26.32 network-authen-type................................................................................................................................................. 2742
26.33 network-type................................................................................................................................................................ 2743
26.34 operating-class-indication........................................................................................................................................ 2745
26.35 operating-class-profile.............................................................................................................................................. 2746
26.36 operating-class-profile (Hotspot2.0 profile view)............................................................................................2747
26.37 operator-domain-profile........................................................................................................................................... 2748
26.38 operator-domain-profile (Hotspot2.0 profile view)........................................................................................ 2750
26.39 operator-friendly-name............................................................................................................................................. 2751
26.40 operator-name-profile...............................................................................................................................................2753
26.41 operator-name-profile (Hotspot2.0 profile view)............................................................................................2754
26.42 p2p-cross-connect disable........................................................................................................................................2755
26.43 plmn-id........................................................................................................................................................................... 2756
26.44 roaming-consortium-oi............................................................................................................................................. 2757
26.45 roaming-consortium-profile.................................................................................................................................... 2758
26.46 roaming-consortium-profile (Hotspot2.0 profile view)................................................................................. 2760
26.47 venue-name-profile.................................................................................................................................................... 2761
26.48 venue-name-profile (Hotspot2.0 profile view)................................................................................................. 2762
26.49 venue-name.................................................................................................................................................................. 2763
26.50 venue-type..................................................................................................................................................................... 2765
27 WLAN Traffic Optimization Commands (Central AP)...........................................2767

27.1 broadcast-suppression auto-detect......................................................................................................................... 2768
27.2 display wlan igmp-snooping vap-cac..................................................................................................................... 2769
27.3 igmp-snooping max-bandwidth (traffic profile view)...................................................................................... 2770
27.4 igmp-snooping max-user (traffic profile view)................................................................................................... 2771
27.5 igmp-snooping enable (traffic profile view)........................................................................................................ 2772
27.6 multicast-suppression auto-detect.......................................................................................................................... 2773
27.7 service-guarantee.......................................................................................................................................................... 2774
27.8 traffic-optimize arp-proxy enable............................................................................................................................ 2776
27.9 traffic-optimize bcmc deny all.................................................................................................................................. 2777
27.10 traffic-optimize bcmc unicast-send.......................................................................................................................2778
27.11 traffic-optimize bcmc unicast-send mismatch-action drop..........................................................................2779
27.12 traffic-optimize broadcast-suppression............................................................................................................... 2780
27.13 traffic-optimize multicast-suppression................................................................................................................ 2781
27.14 traffic-optimize multicast-unicast enable........................................................................................................... 2782
27.15 traffic-optimize multicast-unicast dynamic-adaptive disable......................................................................2783
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xlv

Fat AP and Cloud AP
27.16 traffic-optimize sta-bridge-forward disable....................................................................................................... 2784

27.17 traffic-optimize tcp adjust-mss.............................................................................................................................. 2785
27.18 traffic-optimize unicast-suppression.................................................................................................................... 2787
27.19 unicast-suppression auto-detect............................................................................................................................ 2788
27.20 unicast-suppression auto-detect disable............................................................................................................. 2789
28 VPN Configuration Commands................................................................................... 2790

28.1 IPSec Configuration Commands............................................................................................................................... 2790
28.1.1 alias................................................................................................................................................................................. 2790
28.1.2 ah authentication-algorithm.................................................................................................................................. 2791
28.1.3 anti-replay window.................................................................................................................................................... 2793
28.1.4 authentication-algorithm........................................................................................................................................ 2794
28.1.5 authentication-method............................................................................................................................................ 2795
28.1.6 certificate-request empty-payload enable........................................................................................................ 2796
28.1.7 dh..................................................................................................................................................................................... 2797
28.1.8 diagnose ipsec data-flow.........................................................................................................................................2798
28.1.9 diagnose ipsec interface.......................................................................................................................................... 2800
28.1.10 diagnose ipsec peer................................................................................................................................................. 2801
28.1.11 display ike error-info............................................................................................................................................... 2803
28.1.12 display ike global config........................................................................................................................................2809
28.1.13 display ike offline-info........................................................................................................................................... 2811
28.1.14 display ike identity...................................................................................................................................................2813
28.1.15 display ike peer (all views)................................................................................................................................... 2815
28.1.16 display ike peer (User view).................................................................................................................................2822
28.1.17 display ike proposal (all views)...........................................................................................................................2830
28.1.18 display ike proposal (User view)........................................................................................................................ 2833
28.1.19 display ike sa............................................................................................................................................................. 2836
28.1.20 display ike statistics.................................................................................................................................................2845
28.1.21 display ikev2 statistics............................................................................................................................................ 2849
28.1.22 display ipsec global config....................................................................................................................................2860
28.1.23 display ipsec interface brief..................................................................................................................................2863
28.1.24 display ipsec history record.................................................................................................................................. 2864
28.1.25 display ipsec policy (all views)............................................................................................................................ 2866
28.1.26 display ipsec policy (User view).......................................................................................................................... 2872
28.1.27 display ipsec policy-template (all views).........................................................................................................2878
28.1.28 display ipsec policy-template (User view)...................................................................................................... 2883
28.1.29 display ipsec proposal (All views)...................................................................................................................... 2887
28.1.30 display ipsec proposal (User view).................................................................................................................... 2889
28.1.31 display ipsec sa......................................................................................................................................................... 2891
28.1.32 display ipsec statistics............................................................................................................................................ 2897
28.1.33 display ipsec statistics route.................................................................................................................................2901
28.1.34 dn.................................................................................................................................................................................. 2904
28.1.35 dpd................................................................................................................................................................................ 2905
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xlvi

Fat AP and Cloud AP
28.1.36 dpd msg...................................................................................................................................................................... 2907

28.1.37 dpd msg notify-hash-sequence learning......................................................................................................... 2908
28.1.38 dpd packet receive if-related enable.................................................................................................................2909
28.1.39 dpd type...................................................................................................................................................................... 2910
28.1.40 dscp............................................................................................................................................................................... 2912
28.1.41 encapsulation-mode............................................................................................................................................... 2913
28.1.42 encryption-algorithm..............................................................................................................................................2914
28.1.43 esp authentication-algorithm..............................................................................................................................2915
28.1.44 esp encryption-algorithm......................................................................................................................................2917
28.1.45 exchange-mode........................................................................................................................................................ 2918
28.1.46 fqdn.............................................................................................................................................................................. 2919
28.1.47 ike call admission limit in-negotiation-sa....................................................................................................... 2920
28.1.48 ike dscp........................................................................................................................................................................ 2921
28.1.49 ike heartbeat............................................................................................................................................................. 2922
28.1.50 ike heartbeat-timer interval................................................................................................................................. 2924
28.1.51 ike heartbeat-timer timeout................................................................................................................................ 2925
28.1.52 ike identity..................................................................................................................................................................2926
28.1.53 ike local-name.......................................................................................................................................................... 2927
28.1.54 ike nat-keepalive-timer interval......................................................................................................................... 2928
28.1.55 ike peer........................................................................................................................................................................ 2929
28.1.56 ike proposal............................................................................................................................................................... 2930
28.1.57 ike-peer....................................................................................................................................................................... 2932
28.1.58 ike-proposal............................................................................................................................................................... 2933
28.1.59 ikev1 phase1-phase2 sa dependent.................................................................................................................. 2934
28.1.60 ikev2 authentication sign-hash........................................................................................................................... 2935
28.1.61 ikev2 cookie-challenge...........................................................................................................................................2937
28.1.62 ikev2 delete old child-sa enable......................................................................................................................... 2938
28.1.63 ikev2 fragmentation............................................................................................................................................... 2939
28.1.64 ikev2 id-match-certificate enable...................................................................................................................... 2940
28.1.65 ikev2 initial-contact enable.................................................................................................................................. 2941
28.1.66 inband crl.................................................................................................................................................................... 2942
28.1.67 inband ocsp................................................................................................................................................................ 2943
28.1.68 integrity-algorithm.................................................................................................................................................. 2944
28.1.69 ip address....................................................................................................................................................................2945
28.1.70 ipsec anti-replay enable........................................................................................................................................ 2946
28.1.71 ipsec anti-replay window...................................................................................................................................... 2948
28.1.72 ipsec decrypt check................................................................................................................................................. 2949
28.1.73 ipsec df-bit................................................................................................................................................................. 2950
28.1.74 ipsec fragmentation before-encryption........................................................................................................... 2951
28.1.75 ipsec invalid-spi-recovery enable........................................................................................................................2952
28.1.76 ipsec netmask........................................................................................................................................................... 2953
28.1.77 ipsec policy shared.................................................................................................................................................. 2955
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xlvii

Fat AP and Cloud AP
28.1.78 ipsec policy (interface view)................................................................................................................................ 2956

28.1.79 ipsec policy (system view).................................................................................................................................... 2957
28.1.80 ipsec policy-template............................................................................................................................................. 2960
28.1.81 ipsec proposal........................................................................................................................................................... 2961
28.1.82 ipsec remote traffic-identical accept................................................................................................................. 2962
28.1.83 ipsec sa global-duration........................................................................................................................................ 2964
28.1.84 ipsec tunnel-index based remote-ip.................................................................................................................. 2966
28.1.85 lifetime-notification-message enable............................................................................................................... 2967
28.1.86 local-address..............................................................................................................................................................2969
28.1.87 local-id-type...............................................................................................................................................................2970
28.1.88 local-id......................................................................................................................................................................... 2973
28.1.89 local-id-preference certificate enable (Central AP)..................................................................................... 2974
28.1.90 local-id-reflect enable............................................................................................................................................ 2975
28.1.91 match ike-identity................................................................................................................................................... 2976
28.1.92 nat traversal...............................................................................................................................................................2977
28.1.93 pfs..................................................................................................................................................................................2978
28.1.94 pki realm..................................................................................................................................................................... 2980
28.1.95 policy enable............................................................................................................................................................. 2981
28.1.96 pre-shared-key (IKE peer view).......................................................................................................................... 2982
28.1.97 prf.................................................................................................................................................................................. 2984
28.1.98 proposal...................................................................................................................................................................... 2985
28.1.99 re-authentication interval..................................................................................................................................... 2987
28.1.100 remote-address (IKE peer view)....................................................................................................................... 2988
28.1.101 remote-id..................................................................................................................................................................2990
28.1.102 remote-id-type....................................................................................................................................................... 2991
28.1.103 reset ike error-info.................................................................................................................................................2993
28.1.104 reset ike offline-info............................................................................................................................................. 2994
28.1.105 reset ike sa............................................................................................................................................................... 2995
28.1.106 reset ike statistics.................................................................................................................................................. 2996
28.1.107 reset ipsec history record.................................................................................................................................... 2997
28.1.108 reset ipsec sa........................................................................................................................................................... 2998
28.1.109 reset ipsec statistics.............................................................................................................................................. 3000
28.1.110 reset ipsec statistics route.................................................................................................................................. 3000
28.1.111 respond-only enable.............................................................................................................................................3001
28.1.112 route inject...............................................................................................................................................................3002
28.1.113 rsa signature-padding.......................................................................................................................................... 3004
28.1.114 sa authentication-hex.......................................................................................................................................... 3005
28.1.115 sa duration (IKE proposal view)....................................................................................................................... 3008
28.1.116 sa duration (ISAKMP IPSec policy view, IPSec policy template view, IPSec profile view)............ 3010
28.1.117 sa keep-holding-to hard-duration................................................................................................................... 3013
28.1.118 sa encryption-hex.................................................................................................................................................. 3014
28.1.119 sa spi.......................................................................................................................................................................... 3016
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xlviii

Fat AP and Cloud AP
28.1.120 sa string-key............................................................................................................................................................ 3018

28.1.121 sa trigger-mode......................................................................................................................................................3021
28.1.122 security acl............................................................................................................................................................... 3022
28.1.123 transform.................................................................................................................................................................. 3024
28.1.124 tunnel local.............................................................................................................................................................. 3025
28.1.125 tunnel remote (Manual IPSec policy view).................................................................................................. 3027
28.1.126 tunnel remote (ISAKMP IPSec policy view, IPSec policy template view, IPSec profile view)...... 3028
28.1.127 version....................................................................................................................................................................... 3029
28.1.128 user-fqdn.................................................................................................................................................................. 3030
29 Reliability Commands....................................................................................................3032
29.1 BFD Configuration Commands................................................................................................................................. 3032
29.1.1 bfd................................................................................................................................................................................... 3032
29.1.2 bfd bind peer-ip.......................................................................................................................................................... 3033
29.1.3 bfd bind peer-ip default-ip...................................................................................................................................... 3035
29.1.4 bfd bind peer-ip source-ip auto.............................................................................................................................3038
29.1.5 bfd one-arm-echo...................................................................................................................................................... 3040
29.1.6 bfd bfd-name............................................................................................................................................................... 3042
29.1.7 bfd session nonexistent-config-check................................................................................................................. 3044
29.1.8 commit........................................................................................................................................................................... 3044
29.1.9 default-ip-address...................................................................................................................................................... 3046
29.1.10 description (BFD session view)........................................................................................................................... 3047
29.1.11 detect-multiplier.......................................................................................................................................................3048
29.1.12 discriminator..............................................................................................................................................................3050
29.1.13 display bfd configuration...................................................................................................................................... 3051
29.1.14 display bfd interface............................................................................................................................................... 3055
29.1.15 display bfd session................................................................................................................................................... 3056
29.1.16 display bfd statistics................................................................................................................................................ 3062
29.1.17 display bfd statistics session................................................................................................................................ 3066
29.1.18 display bfd ttl............................................................................................................................................................ 3069
29.1.19 display snmp-agent trap feature-name bfd all............................................................................................. 3070
29.1.20 min-echo-rx-interval............................................................................................................................................... 3072
29.1.21 min-rx-interval.......................................................................................................................................................... 3073
29.1.22 min-tx-interval.......................................................................................................................................................... 3075
29.1.23 multi-hop.................................................................................................................................................................... 3076
29.1.24 peer-ip ttl.................................................................................................................................................................... 3078
29.1.25 process-interface-status........................................................................................................................................ 3079
29.1.26 reset bfd statistics.................................................................................................................................................... 3081
29.1.27 shutdown (BFD session view)............................................................................................................................. 3082
29.1.28 snmp-agent bfd trap-interval.............................................................................................................................. 3083
29.1.29 snmp-agent trap enable feature-name bfd....................................................................................................3084
29.1.30 tos-exp......................................................................................................................................................................... 3086
29.1.31 wtr................................................................................................................................................................................. 3087
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xlix

Fat AP and Cloud AP
29.2 VRRP Configuration Commands............................................................................................................................... 3088

29.2.1 admin-vrrp vrid........................................................................................................................................................... 3088
29.2.2 display snmp-agent trap feature-name vrrp all.............................................................................................. 3089
29.2.3 display vrrp................................................................................................................................................................... 3091
29.2.4 display vrrp admin-vrrp............................................................................................................................................3096
29.2.5 display vrrp binding admin-vrrp........................................................................................................................... 3097
29.2.6 display vrrp binding admin-vrrp member-vrrp................................................................................................ 3099
29.2.7 display vrrp protocol-information........................................................................................................................ 3101
29.2.8 display vrrp state-change interface vrid.............................................................................................................3102
29.2.9 display vrrp statistics................................................................................................................................................. 3106
29.2.10 reset vrrp statistics.................................................................................................................................................. 3109
29.2.11 snmp-agent trap enable feature-name vrrp.................................................................................................. 3110
29.2.12 vrrp gratuitous-arp timeout................................................................................................................................. 3111
29.2.13 vrrp gratuitous-arp timeout disable.................................................................................................................. 3113
29.2.14 vrrp recover-delay.................................................................................................................................................... 3113
29.2.15 vrrp timer-advertise learning enable................................................................................................................ 3115
29.2.16 vrrp un-check ttl.......................................................................................................................................................3116
29.2.17 vrrp version................................................................................................................................................................ 3117
29.2.18 vrrp version-3 send-packet-mode...................................................................................................................... 3118
29.2.19 vrrp vrid authentication-mode............................................................................................................................ 3119
29.2.20 vrrp vrid preempt-mode disable......................................................................................................................... 3121
29.2.21 vrrp vrid preempt-mode timer delay................................................................................................................ 3122
29.2.22 vrrp vrid priority....................................................................................................................................................... 3124
29.2.23 vrrp vrid timer advertise........................................................................................................................................ 3125
29.2.24 vrrp vrid track admin-vrrp vrid............................................................................................................................3126
29.2.25 vrrp vrid track bfd-session.................................................................................................................................... 3128
29.2.26 vrrp vrid track interface......................................................................................................................................... 3130
29.2.27 vrrp vrid version-3 send-packet-mode............................................................................................................. 3132
29.2.28 vrrp vrid virtual-ip....................................................................................................................................................3134
30 User Access and Authentication Commands........................................................... 3136

30.1 AAA Configuration Commands................................................................................................................................. 3136
30.1.1 aaa................................................................................................................................................................................... 3136
30.1.2 aaa-author session-timeout invalid-value enable.......................................................................................... 3137
30.1.3 aaa abnormal-offline-record..................................................................................................................................3138
30.1.4 aaa offline-record...................................................................................................................................................... 3139
30.1.5 aaa online-fail-record............................................................................................................................................... 3140
30.1.6 aaa-authen-bypass.................................................................................................................................................... 3141
30.1.7 aaa-author-bypass..................................................................................................................................................... 3142
30.1.8 aaa-author-cmd-bypass........................................................................................................................................... 3144
30.1.9 aaa-quiet administrator except-list......................................................................................................................3145
30.1.10 access-user remote authen-fail...........................................................................................................................3146
30.1.11 accounting dual-stack separate.......................................................................................................................... 3148
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. l

Fat AP and Cloud AP
30.1.12 accounting interim-fail.......................................................................................................................................... 3149

30.1.13 accounting realtime................................................................................................................................................ 3151
30.1.14 accounting start-fail................................................................................................................................................3152
30.1.15 accounting-mode..................................................................................................................................................... 3154
30.1.16 accounting-scheme (AAA domain view)......................................................................................................... 3155
30.1.17 accounting-scheme (authentication profile view)....................................................................................... 3156
30.1.18 accounting-scheme (AAA view)......................................................................................................................... 3158
30.1.19 admin-user privilege level.................................................................................................................................... 3159
30.1.20 administrator remote authen-fail...................................................................................................................... 3162
30.1.21 authentication-mode (authentication scheme view)..................................................................................3163
30.1.22 authentication-scheme (AAA domain view).................................................................................................. 3166
30.1.23 authentication-scheme (authentication profile view)................................................................................ 3167
30.1.24 authentication-scheme (AAA view).................................................................................................................. 3168
30.1.25 authentication-type radius chap access-type admin...................................................................................3170
30.1.26 authentication { roam-accounting | update-ip-accounting } * enable.................................................. 3172
30.1.27 authentication roam-accounting update-session-mode............................................................................ 3173
30.1.28 authorization-cmd................................................................................................................................................... 3174
30.1.29 authorization-info check-fail policy................................................................................................................... 3176
30.1.30 authorization-mode................................................................................................................................................ 3177
30.1.31 authorization-modify mode................................................................................................................................. 3179
30.1.32 authorization-scheme (AAA domain view).................................................................................................... 3181
30.1.33 authorization-scheme (authentication profile view).................................................................................. 3182
30.1.34 authorization-scheme (AAA view).....................................................................................................................3183
30.1.35 cmd recording-scheme...........................................................................................................................................3185
30.1.36 cut access-user.......................................................................................................................................................... 3186
30.1.37 display aaa................................................................................................................................................................. 3189
30.1.38 display aaa configuration..................................................................................................................................... 3198
30.1.39 display aaa statistics access-type-authenreq................................................................................................. 3201
30.1.40 display aaa statistics offline-reason.................................................................................................................. 3202
30.1.41 display aaa-quiet administrator except-list.................................................................................................... 3203
30.1.42 display access-user (all views)............................................................................................................................ 3204
30.1.43 display accounting-scheme.................................................................................................................................. 3212
30.1.44 display authentication-scheme........................................................................................................................... 3215
30.1.45 display authorization-scheme............................................................................................................................. 3218
30.1.46 display domain......................................................................................................................................................... 3220
30.1.47 display local-access-code...................................................................................................................................... 3223
30.1.48 display local-user..................................................................................................................................................... 3224
30.1.49 display local-user expire-time............................................................................................................................. 3230
30.1.50 display local-aaa-user password policy............................................................................................................3231
30.1.51 display recording-scheme..................................................................................................................................... 3233
30.1.52 display remote-user authen-fail......................................................................................................................... 3234
30.1.53 display service-scheme...........................................................................................................................................3237
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. li

Fat AP and Cloud AP
30.1.54 dns (service scheme view).................................................................................................................................... 3239

30.1.55 domain (AAA view)................................................................................................................................................. 3240
30.1.56 domain (system view)............................................................................................................................................3242
30.1.57 domain-location....................................................................................................................................................... 3243
30.1.58 domain-name-delimiter........................................................................................................................................ 3245
30.1.59 domainname-parse-direction.............................................................................................................................. 3246
30.1.60 idle-cut (service scheme view)............................................................................................................................ 3248
30.1.61 local-aaa-user wrong-password......................................................................................................................... 3249
30.1.62 local-access-code..................................................................................................................................................... 3251
30.1.63 local-aaa-user password policy access-user................................................................................................... 3253
30.1.64 local-aaa-user password policy administrator...............................................................................................3253
30.1.65 local-user (AAA view)............................................................................................................................................ 3255
30.1.66 local-user change-password................................................................................................................................ 3263
30.1.67 local-user expire-date............................................................................................................................................ 3264
30.1.68 local-user password................................................................................................................................................ 3266
30.1.69 local-user service-type........................................................................................................................................... 3268
30.1.70 local-user time-range............................................................................................................................................. 3271
30.1.71 outbound recording-scheme................................................................................................................................ 3273
30.1.72 password alert before-expire............................................................................................................................... 3274
30.1.73 password alert original.......................................................................................................................................... 3275
30.1.74 password expire........................................................................................................................................................ 3277
30.1.75 password history record number........................................................................................................................ 3278
30.1.76 permit-domain.......................................................................................................................................................... 3279
30.1.77 recording-mode hwtacacs.....................................................................................................................................3280
30.1.78 recording-scheme.................................................................................................................................................... 3281
30.1.79 redirect-acl................................................................................................................................................................. 3283
30.1.80 remote-user authen-fail unblock....................................................................................................................... 3284
30.1.81 reset aaa..................................................................................................................................................................... 3285
30.1.82 reset aaa statistics access-type-authenreq..................................................................................................... 3286
30.1.83 reset aaa statistics offline-reason...................................................................................................................... 3287
30.1.84 reset access-user statistics.................................................................................................................................... 3288
30.1.85 reset local-user password history record......................................................................................................... 3288
30.1.86 security-name enable............................................................................................................................................. 3289
30.1.87 security-name-delimiter........................................................................................................................................ 3290
30.1.88 server no-response accounting........................................................................................................................... 3292
30.1.89 service-scheme (aaa domain view)................................................................................................................... 3293
30.1.90 service-scheme (AAA view).................................................................................................................................. 3294
30.1.91 state (AAA domain view)...................................................................................................................................... 3295
30.1.92 statistic enable (AAA domain view).................................................................................................................. 3296
30.1.93 statistic enable (authentication profile view)................................................................................................ 3297
30.1.94 system recording-scheme..................................................................................................................................... 3298
30.1.95 user-group (AAA domain view).......................................................................................................................... 3299
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lii

Fat AP and Cloud AP
30.1.96 user-password complexity-check........................................................................................................................3301

30.2 RADIUS Configuration Commands.......................................................................................................................... 3302
30.2.1 called-station-id mac-format................................................................................................................................. 3302
30.2.2 called-station-id wlan-user-format...................................................................................................................... 3303
30.2.3 calling-station-id mac-format................................................................................................................................ 3305
30.2.4 display radius-attribute............................................................................................................................................ 3307
30.2.5 display radius-attribute check................................................................................................................................3309
30.2.6 display radius-attribute disable............................................................................................................................. 3311
30.2.7 display radius-attribute translate......................................................................................................................... 3312
30.2.8 display radius-server accounting-stop-packet..................................................................................................3314
30.2.9 display radius-server authorization configuration.......................................................................................... 3315
30.2.10 display radius-server configuration................................................................................................................... 3318
30.2.11 display radius-server dead-interval dead-count detect-cycle...................................................................3323
30.2.12 display radius-server item..................................................................................................................................... 3324
30.2.13 display radius-server max-unresponsive-interval......................................................................................... 3327
30.2.14 display radius-server session-manage configuration.................................................................................. 3328
30.2.15 display snmp-agent trap feature-name radius all........................................................................................3329
30.2.16 radius-attribute check............................................................................................................................................ 3331
30.2.17 radius-attribute disable..........................................................................................................................................3332
30.2.18 radius-attribute nas-ip........................................................................................................................................... 3333
30.2.19 radius-attribute nas-ip (system view).............................................................................................................. 3335
30.2.20 radius-attribute service-type with-authenonly-reauthen.......................................................................... 3336
30.2.21 radius-attribute set..................................................................................................................................................3337
30.2.22 radius-attribute translate...................................................................................................................................... 3339
30.2.23 radius-reject local.................................................................................................................................................... 3343
30.2.24 radius-server (aaa domain view)....................................................................................................................... 3344
30.2.25 radius-server (authentication profile view).................................................................................................... 3345
30.2.26 radius-server accounting....................................................................................................................................... 3346
30.2.27 radius-server accounting-stop-packet resend................................................................................................ 3349
30.2.28 radius-server algorithm......................................................................................................................................... 3350
30.2.29 radius-server attribute message-authenticator access-request...............................................................3352
30.2.30 radius-server attribute translate......................................................................................................................... 3353
30.2.31 radius-server authentication................................................................................................................................ 3354
30.2.32 radius-server authorization.................................................................................................................................. 3357
30.2.33 radius-server authorization attribute-decode-sameastemplate..............................................................3359
30.2.34 radius-server authorization attribute-encode-sameastemplate..............................................................3361
30.2.35 radius-server authorization calling-station-id decode-mac-format....................................................... 3363
30.2.36 radius-server authorization match-type.......................................................................................................... 3365
30.2.37 radius-server dead-detect-condition by-server-ip........................................................................................ 3366
30.2.38 radius-server dead-interval dead-count detect-cycle..................................................................................3368
30.2.39 radius-server detect-server interval................................................................................................................... 3369
30.2.40 radius-server detect-server timeout.................................................................................................................. 3370
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. liii

Fat AP and Cloud AP
30.2.41 radius-server detect-server up-server interval............................................................................................... 3373

30.2.42 radius-server format-attribute............................................................................................................................ 3374
30.2.43 radius-server hw-ap-info-format include-ap-ip............................................................................................ 3377
30.2.44 radius-server hw-dhcp-option-format.............................................................................................................. 3378
30.2.45 radius-server max-unresponsive-interval........................................................................................................ 3379
30.2.46 radius-server nas-identifier-format................................................................................................................... 3380
30.2.47 radius-server nas-port-format............................................................................................................................. 3381
30.2.48 radius-server nas-port-id-format........................................................................................................................3383
30.2.49 radius-server retransmit timeout....................................................................................................................... 3384
30.2.50 radius-server dead-time........................................................................................................................................ 3386
30.2.51 radius-server session-manage............................................................................................................................. 3387
30.2.52 radius-server shared-key (RADIUS server template view)........................................................................ 3388
30.2.53 radius-server shared-key (system view).......................................................................................................... 3390
30.2.54 radius-server support chargeable-user-identity............................................................................................ 3391
30.2.55 radius-server template........................................................................................................................................... 3393
30.2.56 radius-server testuser............................................................................................................................................. 3394
30.2.57 radius-server traffic-unit....................................................................................................................................... 3396
30.2.58 radius-server user-name domain-included..................................................................................................... 3397
30.2.59 reset radius-server accounting-stop-packet................................................................................................... 3399
30.2.60 snmp-agent trap enable feature-name radius.............................................................................................. 3400
30.2.61 test-aaa....................................................................................................................................................................... 3401
30.3 HWTACACS Configuration Commands.................................................................................................................. 3405
30.3.1 display hwtacacs-server accounting-stop-packet........................................................................................... 3405
30.3.2 display hwtacacs-server template........................................................................................................................ 3407
30.3.3 display hwtacacs-server template verbose........................................................................................................3410
30.3.4 hwtacacs enable......................................................................................................................................................... 3417
30.3.5 hwtacacs-server.......................................................................................................................................................... 3418
30.3.6 hwtacacs-server (authentication profile view)................................................................................................ 3419
30.3.7 hwtacacs-server accounting................................................................................................................................... 3420
30.3.8 hwtacacs-server accounting-stop-packet resend............................................................................................ 3422
30.3.9 hwtacacs-server authentication............................................................................................................................ 3423
30.3.10 hwtacacs-server authorization............................................................................................................................ 3425
30.3.11 hwtacacs-server shared-key................................................................................................................................. 3427
30.3.12 hwtacacs-server source-ip.................................................................................................................................... 3428
30.3.13 hwtacacs-server source-ip (system view)........................................................................................................3430
30.3.14 hwtacacs-server template.....................................................................................................................................3431
30.3.15 hwtacacs-server timer quiet................................................................................................................................ 3432
30.3.16 hwtacacs-server timer response-timeout........................................................................................................ 3433
30.3.17 hwtacacs-server traffic-unit................................................................................................................................. 3435
30.3.18 hwtacacs-server user-name domain-included............................................................................................... 3436
30.3.19 hwtacacs-user change-password hwtacacs-server...................................................................................... 3437
30.3.20 reset hwtacacs-server accounting-stop-packet............................................................................................. 3438
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. liv

Fat AP and Cloud AP
30.3.21 reset hwtacacs-server statistics...........................................................................................................................3439

30.4 LDAP Configuration Commands (Central AP)..................................................................................................... 3440
30.4.1 display ldap-server configuration......................................................................................................................... 3440
30.4.2 display ldap-server template..................................................................................................................................3441
30.4.3 ldap-server authentication...................................................................................................................................... 3444
30.4.4 ldap-server authentication base-dn.................................................................................................................... 3446
30.4.5 ldap-server authentication manager...................................................................................................................3447
30.4.6 ldap-server authentication manager-anonymous enable............................................................................3450
30.4.7 ldap-server authentication manager-password...............................................................................................3451
30.4.8 ldap-server authentication manager-with-base-dn enable.........................................................................3453
30.4.9 ldap-server authorization bind-user enable..................................................................................................... 3454
30.4.10 ldap-server group-filter......................................................................................................................................... 3455
30.4.11 ldap-server server-type.......................................................................................................................................... 3456
30.4.12 ldap-server ssl version............................................................................................................................................ 3456
30.4.13 ldap-server template.............................................................................................................................................. 3458
30.4.14 ldap-server user-filter............................................................................................................................................. 3459
30.4.15 ldap-server (aaa domain view)...........................................................................................................................3460
30.4.16 ldap-server (authentication profile view)....................................................................................................... 3461
30.5 AD Configuration Commands (Central AP)......................................................................................................... 3462
30.5.1 ad-server authentication......................................................................................................................................... 3462
30.5.2 ad-server authentication base-dn........................................................................................................................ 3463
30.5.3 ad-server authentication host-name................................................................................................................... 3464
30.5.4 ad-server authentication ldap-port......................................................................................................................3465
30.5.5 ad-server authentication manager...................................................................................................................... 3466
30.5.6 ad-server authentication manager-anonymous enable............................................................................... 3468
30.5.7 ad-server authentication manager-with-base-dn enable............................................................................ 3469
30.5.8 ad-server authorization bind-user enable......................................................................................................... 3470
30.5.9 ad-server group-filter............................................................................................................................................... 3471
30.5.10 ad-server template.................................................................................................................................................. 3472
30.5.11 ad-server user-filter................................................................................................................................................ 3473
30.5.12 ad-server (aaa domain view).............................................................................................................................. 3474
30.5.13 ad-server (authentication profile view)........................................................................................................... 3475
30.5.14 display ad-server template................................................................................................................................... 3476
30.6 NAC Configuration Commands................................................................................................................................ 3478
30.6.1 access-domain............................................................................................................................................................. 3479
30.6.2 acl-id (user group view)...........................................................................................................................................3481
30.6.3 authentication event action authorize................................................................................................................3482
30.6.4 authentication event authen-server-up action re-authen........................................................................... 3484
30.6.5 authentication event client-no-response action authorize.......................................................................... 3485
30.6.6 authentication event portal-server-down action authorize........................................................................ 3486
30.6.7 authentication event portal-server-up action re-authen..............................................................................3488
30.6.8 authentication ip-address in-accounting-start................................................................................................ 3489
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lv

Fat AP and Cloud AP
30.6.9 authentication ip-conflict-check enable............................................................................................................. 3490

30.6.10 authentication roam pre-authen mac-authen enable................................................................................ 3491
30.6.11 authentication single-access................................................................................................................................ 3492
30.6.12 authentication speed-limit auto......................................................................................................................... 3493
30.6.13 authentication user-alarm percentage............................................................................................................. 3494
30.6.14 authentication-profile (VAP profile view)....................................................................................................... 3495
30.6.15 authentication-profile (system view)............................................................................................................... 3497
30.6.16 authentication portal-ip-trigger......................................................................................................................... 3498
30.6.17 authentication termination-action reauthenticate...................................................................................... 3499
30.6.18 authorize..................................................................................................................................................................... 3500
30.6.19 display access-user.................................................................................................................................................. 3502
30.6.20 display authentication-profile configuration..................................................................................................3505
30.6.21 display authentication user-alarm configuration......................................................................................... 3514
30.6.22 display dot1x............................................................................................................................................................. 3515
30.6.23 display dot1x-access-profile configuration..................................................................................................... 3522
30.6.24 display dot1x quiet-user........................................................................................................................................ 3524
30.6.25 display free-rule-template configuration........................................................................................................ 3526
30.6.26 display mac-access-profile configuration........................................................................................................ 3527
30.6.27 display mac-authen................................................................................................................................................. 3532
30.6.28 display mac-authen quiet-user........................................................................................................................... 3537
30.6.29 display portal............................................................................................................................................................. 3538
30.6.30 display portal local-server connect.................................................................................................................... 3541
30.6.31 display portal local-server.................................................................................................................................... 3543
30.6.32 display portal local-server page-information................................................................................................ 3551
30.6.33 display portal local-server wechat-authen user (Central AP).................................................................. 3552
30.6.34 display portal user-logout..................................................................................................................................... 3554
30.6.35 display portal-access-profile configuration.................................................................................................... 3555
30.6.36 display portal quiet-user....................................................................................................................................... 3559
30.6.37 display portal url-encode configuration.......................................................................................................... 3560
30.6.38 display server-detect state.................................................................................................................................... 3561
30.6.39 display url-template................................................................................................................................................3563
30.6.40 display user-group................................................................................................................................................... 3566
30.6.41 display web-auth-server configuration............................................................................................................ 3568
30.6.42 display webmng configuration........................................................................................................................... 3575
30.6.43 dot1x abnormal-track cache-record-num....................................................................................................... 3577
30.6.44 dot1x authentication-method............................................................................................................................. 3578
30.6.45 dot1x eap-notify-packet........................................................................................................................................ 3580
30.6.46 dot1x quiet-period................................................................................................................................................... 3581
30.6.47 dot1x quiet-times.....................................................................................................................................................3582
30.6.48 dot1x reauthenticate mac-address.................................................................................................................... 3583
30.6.49 dot1x reauthenticate.............................................................................................................................................. 3584
30.6.50 dot1x retry.................................................................................................................................................................. 3586
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lvi

Fat AP and Cloud AP
30.6.51 dot1x timer................................................................................................................................................................ 3587

30.6.52 dot1x timer tx-period............................................................................................................................................. 3589
30.6.53 dot1x timer quiet-period....................................................................................................................................... 3590
30.6.54 dot1x-access-profile (authentication profile view)...................................................................................... 3591
30.6.55 dot1x-access-profile (system view)................................................................................................................... 3592
30.6.56 free-rule...................................................................................................................................................................... 3593
30.6.57 free-rule-template (authentication profile view)......................................................................................... 3596
30.6.58 free-rule-template (system view)...................................................................................................................... 3597
30.6.59 http get-method enable........................................................................................................................................ 3599
30.6.60 http-method post.................................................................................................................................................... 3600
30.6.61 mac-access-profile (authentication profile view).........................................................................................3605
30.6.62 mac-access-profile (system view)...................................................................................................................... 3606
30.6.63 mac-authen authentication-method.................................................................................................................3608
30.6.64 mac-authen quiet-times........................................................................................................................................ 3609
30.6.65 mac-authen reauthenticate mac-address........................................................................................................3610
30.6.66 mac-authen reauthenticate.................................................................................................................................. 3611
30.6.67 mac-authen timer quiet-period.......................................................................................................................... 3612
30.6.68 mac-authen timer reauthenticate-period........................................................................................................3613
30.6.69 mac-authen username........................................................................................................................................... 3615
30.6.70 parameter................................................................................................................................................................... 3618
30.6.71 polling-time (Central AP)......................................................................................................................................3620
30.6.72 port (Portal server template view).................................................................................................................... 3621
30.6.73 portal captive-adaptive enable........................................................................................................................... 3622
30.6.74 portal captive-bypass enable............................................................................................................................... 3624
30.6.75 portal https-redirect enable (Cloud AP).......................................................................................................... 3625
30.6.76 portal http-proxy-redirect enable.......................................................................................................................3626
30.6.77 portal local-server access-code........................................................................................................................... 3627
30.6.78 portal local-server ad-image load..................................................................................................................... 3628
30.6.79 portal local-server anonymous........................................................................................................................... 3630
30.6.80 portal local-server authentication-method.................................................................................................... 3632
30.6.81 portal local-server background-color............................................................................................................... 3633
30.6.82 portal local-server background-image load................................................................................................... 3634
30.6.83 portal local-server enable..................................................................................................................................... 3636
30.6.84 portal local-server ip...............................................................................................................................................3637
30.6.85 portal local-server keep-alive.............................................................................................................................. 3639
30.6.86 portal local-server load..........................................................................................................................................3640
30.6.87 portal local-server logo load................................................................................................................................3642
30.6.88 portal local-server max-user................................................................................................................................ 3644
30.6.89 portal local-server................................................................................................................................................... 3645
30.6.90 portal local-server page-text load..................................................................................................................... 3647
30.6.91 portal local-server policy-text load....................................................................................................................3649
30.6.92 portal local-server pre-auth-suppression (Central AP)...............................................................................3651
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lvii

Fat AP and Cloud AP
30.6.93 portal local-server redirect-url enable.............................................................................................................. 3652

30.6.94 portal local-server timer pre-auth time (Central AP)................................................................................. 3653
30.6.95 portal local-server timer session-timeout....................................................................................................... 3655
30.6.96 portal local-server url............................................................................................................................................. 3656
30.6.97 portal local-server syslog-limit enable............................................................................................................. 3657
30.6.98 portal local-server syslog-limit period..............................................................................................................3658
30.6.99 portal local-server default-language................................................................................................................ 3659
30.6.100 portal local-server wechat (Central AP)........................................................................................................ 3660
30.6.101 portal local-server wechat-authen (Central AP)........................................................................................ 3661
30.6.102 portal logout different-server enable............................................................................................................. 3662
30.6.103 portal logout resend timeout............................................................................................................................ 3663
30.6.104 portal max-user..................................................................................................................................................... 3664
30.6.105 portal pass dns enable.........................................................................................................................................3665
30.6.106 portal quiet-period................................................................................................................................................ 3666
30.6.107 portal quiet-times................................................................................................................................................. 3667
30.6.108 portal redirect-http-port..................................................................................................................................... 3668
30.6.109 portal redirect js enable...................................................................................................................................... 3669
30.6.110 portal timer quiet-period.................................................................................................................................... 3670
30.6.111 portal url-encode enable.................................................................................................................................... 3671
30.6.112 portal user-alarm percentage........................................................................................................................... 3672
30.6.113 portal user-roam-out reply enable.................................................................................................................. 3673
30.6.114 portal web-authen-server...................................................................................................................................3674
30.6.115 portal-access-profile (authentication profile view)...................................................................................3676
30.6.116 portal-access-profile (system view)................................................................................................................ 3677
30.6.117 public-account (Central AP).............................................................................................................................. 3679
30.6.118 force-push................................................................................................................................................................ 3680
30.6.119 protocol..................................................................................................................................................................... 3682
30.6.120 priority....................................................................................................................................................................... 3683
30.6.121 remote-access-user manage............................................................................................................................. 3684
30.6.122 reset dot1x statistics............................................................................................................................................. 3686
30.6.123 reset mac-authen statistics................................................................................................................................ 3687
30.6.124 server-detect........................................................................................................................................................... 3687
30.6.125 server-detect type..................................................................................................................................................3689
30.6.126 server-ip (Portal server template view)......................................................................................................... 3691
30.6.127 shared-key (Portal server template view).................................................................................................... 3692
30.6.128 shop-id (Central AP).............................................................................................................................................3693
30.6.129 source-interface (Portal server template view).......................................................................................... 3695
30.6.130 source-ip (Portal server template view)........................................................................................................ 3697
30.6.131 url (URL template view)..................................................................................................................................... 3698
30.6.132 url (Portal server template view).................................................................................................................... 3700
30.6.133 url-parameter mac-address format.................................................................................................................3701
30.6.134 url-parameter......................................................................................................................................................... 3702
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lviii

Fat AP and Cloud AP
30.6.135 url-parameter set.................................................................................................................................................. 3706

30.6.136 url-template name................................................................................................................................................ 3708
30.6.137 url-template (Portal server template view)................................................................................................. 3709
30.6.138 user-group................................................................................................................................................................ 3710
30.6.139 user-isolated............................................................................................................................................................ 3712
30.6.140 user-sync................................................................................................................................................................... 3713
30.6.141 user-vlan................................................................................................................................................................... 3714
30.6.142 web-auth-server listening-port.........................................................................................................................3715
30.6.143 web-auth-server reply-message....................................................................................................................... 3716
30.6.144 web-auth-server source-ip................................................................................................................................. 3717
30.6.145 web-auth-server (Portal access profile view).............................................................................................. 3719
30.6.146 web-auth-server (system view)........................................................................................................................3721
30.6.147 web-auth-server version..................................................................................................................................... 3722
30.6.148 web-description..................................................................................................................................................... 3723
30.6.149 web-redirection disable (Portal server template view)............................................................................3724
30.6.150 wechat-server-ip (Central AP)...........................................................................................................................3725
30.7 Security Policy Configuration Commands............................................................................................................. 3727
30.7.1 display references security-profile........................................................................................................................ 3727
30.7.2 display security-profile............................................................................................................................................. 3728
30.7.3 display wlan wapi certificate.................................................................................................................................. 3733
30.7.4 pmf.................................................................................................................................................................................. 3735
30.7.5 security dot1x.............................................................................................................................................................. 3736
30.7.6 security open................................................................................................................................................................3738
30.7.7 security psk................................................................................................................................................................... 3739
30.7.8 security wapi................................................................................................................................................................ 3742
30.7.9 security wep................................................................................................................................................................. 3744
30.7.10 security wpa2-wpa3 psk-sae................................................................................................................................ 3747
30.7.11 security wpa3 dot1x................................................................................................................................................ 3749
30.7.12 security wpa3 sae.................................................................................................................................................... 3750
30.7.13 security-profile (WLAN view).............................................................................................................................. 3752
30.7.14 security-profile (VAP profile view).....................................................................................................................3753
30.7.15 wapi asu...................................................................................................................................................................... 3754
30.7.16 wapi bk........................................................................................................................................................................ 3755
30.7.17 wapi cert-retrans-count......................................................................................................................................... 3757
30.7.18 wapi import certificate........................................................................................................................................... 3758
30.7.19 wapi import private-key........................................................................................................................................ 3760
30.7.20 wapi key-update.......................................................................................................................................................3761
30.7.21 wapi msk..................................................................................................................................................................... 3763
30.7.22 wapi sa-timeout....................................................................................................................................................... 3764
30.7.23 wapi usk...................................................................................................................................................................... 3765
30.7.24 wep default-key........................................................................................................................................................3766
30.7.25 wep key....................................................................................................................................................................... 3767
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lix

Fat AP and Cloud AP
30.7.26 wpa ptk-update enable..........................................................................................................................................3770

30.7.27 wpa ptk-update ptk-update-interval.................................................................................................................3771
30.8 Security Policy Configuration Commands (Central AP)................................................................................... 3772
30.8.1 display references security-profile........................................................................................................................ 3772
30.8.2 display security-profile............................................................................................................................................. 3773
30.8.3 display wlan wapi certificate.................................................................................................................................. 3778
30.8.4 pmf.................................................................................................................................................................................. 3779
30.8.5 security dot1x.............................................................................................................................................................. 3781
30.8.6 security open................................................................................................................................................................3783
30.8.7 security psk................................................................................................................................................................... 3783
30.8.8 security wapi................................................................................................................................................................ 3787
30.8.9 security wep................................................................................................................................................................. 3789
30.8.10 security-profile (WLAN view).............................................................................................................................. 3792
30.8.11 security-profile (VAP profile view).....................................................................................................................3793
30.8.12 wapi asu...................................................................................................................................................................... 3794
30.8.13 wapi bk........................................................................................................................................................................ 3795
30.8.14 wapi cert-retrans-count......................................................................................................................................... 3796
30.8.15 wapi import certificate........................................................................................................................................... 3797
30.8.16 wapi import private-key........................................................................................................................................ 3799
30.8.17 wapi key-update.......................................................................................................................................................3801
30.8.18 wapi msk..................................................................................................................................................................... 3802
30.8.19 wapi sa-timeout....................................................................................................................................................... 3803
30.8.20 wapi usk...................................................................................................................................................................... 3804
30.8.21 wep default-key........................................................................................................................................................3805
30.8.22 wep key....................................................................................................................................................................... 3806
30.8.23 wpa ptk-update enable..........................................................................................................................................3810
30.8.24 wpa ptk-update ptk-update-interval.................................................................................................................3811
30.9 STA Blacklist and Whitelist Configuration Commands..................................................................................... 3812
30.9.1 display references sta-blacklist-profile............................................................................................................... 3812
30.9.2 display references sta-whitelist-profile............................................................................................................... 3813
30.9.3 display sta-blacklist-profile..................................................................................................................................... 3814
30.9.4 display sta-whitelist-profile.................................................................................................................................... 3815
30.9.5 oui.................................................................................................................................................................................... 3817
30.9.6 sta-access-mode......................................................................................................................................................... 3819
30.9.7 sta-blacklist-profile.................................................................................................................................................... 3820
30.9.8 sta-mac.......................................................................................................................................................................... 3821
30.9.9 sta-whitelist-profile................................................................................................................................................... 3823
30.10 STA Blacklist and Whitelist Configuration Commands (Central AP).........................................................3824
30.10.1 display references sta-blacklist-profile............................................................................................................. 3824
30.10.2 display references sta-whitelist-profile............................................................................................................ 3825
30.10.3 display sta-blacklist-profile.................................................................................................................................. 3826
30.10.4 display sta-whitelist-profile.................................................................................................................................. 3828
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lx

Fat AP and Cloud AP
30.10.5 oui................................................................................................................................................................................. 3829

30.10.6 sta-access-mode....................................................................................................................................................... 3831
30.10.7 sta-blacklist-profile................................................................................................................................................. 3832
30.10.8 sta-mac........................................................................................................................................................................3834
30.10.9 sta-whitelist-profile................................................................................................................................................. 3835
31 Security Commands....................................................................................................... 3837

31.1 ACL Configuration Commands................................................................................................................................. 3837
31.1.1 acl name........................................................................................................................................................................ 3838
31.1.2 acl (system view)....................................................................................................................................................... 3840
31.1.3 description.................................................................................................................................................................... 3842
31.1.4 display acl..................................................................................................................................................................... 3843
31.1.5 display acl resource................................................................................................................................................... 3845
31.1.6 display time-range..................................................................................................................................................... 3846
31.1.7 passthrough-domain................................................................................................................................................. 3848
31.1.8 rule (advanced ACL view)....................................................................................................................................... 3849
31.1.9 rule (basic ACL view)................................................................................................................................................ 3861
31.1.10 rule (layer 2 ACL view).......................................................................................................................................... 3864
31.1.11 rule (user ACL view)............................................................................................................................................... 3868
31.1.12 rule description......................................................................................................................................................... 3880
31.1.13 step............................................................................................................................................................................... 3882
31.1.14 time-range..................................................................................................................................................................3883
31.2 Local Attack Defense Configuration Commands................................................................................................ 3887
31.2.1 application-apperceive............................................................................................................................................. 3888
31.2.2 auto-defend enable................................................................................................................................................... 3889
31.2.3 auto-defend action.................................................................................................................................................... 3890
31.2.4 auto-defend alarm enable...................................................................................................................................... 3892
31.2.5 auto-defend alarm threshold................................................................................................................................. 3893
31.2.6 auto-defend protocol................................................................................................................................................ 3894
31.2.7 auto-defend threshold.............................................................................................................................................. 3896
31.2.8 auto-defend trace-type............................................................................................................................................ 3898
31.2.9 cpu-defend application-apperceive enable....................................................................................................... 3899
31.2.10 cpu-defend-policy.................................................................................................................................................... 3901
31.2.11 cpu-defend policy.................................................................................................................................................... 3902
31.2.12 deny.............................................................................................................................................................................. 3903
31.2.13 description (attack defense policy view)......................................................................................................... 3904
31.2.14 display auto-defend attack-source.................................................................................................................... 3905
31.2.15 display auto-defend configuration.................................................................................................................... 3907
31.2.16 display cpu-defend configuration...................................................................................................................... 3909
31.2.17 display cpu-defend policy..................................................................................................................................... 3911
31.2.18 display cpu-defend statistics................................................................................................................................ 3913
31.2.19 packet-type................................................................................................................................................................ 3915
31.2.20 packet-type priority.................................................................................................................................................3916
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxi

Fat AP and Cloud AP
31.2.21 rate-limit all-packets.............................................................................................................................................. 3918

31.2.22 reset auto-defend attack-source........................................................................................................................ 3919
31.2.23 reset cpu-defend statistics.................................................................................................................................... 3919
31.3 Attack Defense Configuration Commands........................................................................................................... 3921
31.3.1 anti-attack abnormal enable................................................................................................................................. 3921
31.3.2 anti-attack enable...................................................................................................................................................... 3922
31.3.3 anti-attack fragment enable.................................................................................................................................. 3923
31.3.4 anti-attack fragment car......................................................................................................................................... 3924
31.3.5 anti-attack icmp-flood enable............................................................................................................................... 3925
31.3.6 anti-attack icmp-flood car...................................................................................................................................... 3926
31.3.7 anti-attack tcp-syn enable...................................................................................................................................... 3927
31.3.8 anti-attack tcp-syn car............................................................................................................................................. 3928
31.3.9 anti-attack udp-flood enable................................................................................................................................. 3929
31.3.10 display anti-attack statistics.................................................................................................................................3931
31.3.11 reset anti-attack statistics..................................................................................................................................... 3932
31.4 Traffic Suppression and Storm Control Configuration Commands.............................................................. 3934
31.4.1 broadcast-suppression (interface view)............................................................................................................. 3934
31.4.2 display flow-suppression interface....................................................................................................................... 3935
31.4.3 icmp rate-limit.............................................................................................................................................................3936
31.4.4 icmp rate-limit enable.............................................................................................................................................. 3937
31.4.5 multicast-suppression (interface view)...............................................................................................................3938
31.4.6 unicast-suppression (interface view)................................................................................................................... 3939
31.5 ARP Security Configuration Commands................................................................................................................ 3940
31.5.1 arp anti-attack entry-check enable..................................................................................................................... 3940
31.5.2 arp anti-attack log-trap-timer............................................................................................................................... 3942
31.5.3 arp anti-attack packet-check sender-mac......................................................................................................... 3943
31.5.4 arp anti-attack rate-limit......................................................................................................................................... 3944
31.5.5 arp anti-attack rate-limit alarm enable............................................................................................................. 3946
31.5.6 arp anti-attack rate-limit alarm threshold........................................................................................................ 3947
31.5.7 arp anti-attack rate-limit enable.......................................................................................................................... 3948
31.5.8 arp gratuitous-arp send enable.............................................................................................................................3949
31.5.9 arp gratuitous-arp send interval........................................................................................................................... 3950
31.5.10 arp learning disable................................................................................................................................................ 3951
31.5.11 arp learning strict (interface view).................................................................................................................... 3952
31.5.12 arp learning strict (system view)....................................................................................................................... 3953
31.5.13 arp speed-limit source-mac................................................................................................................................. 3954
31.5.14 arp speed-limit source-ip...................................................................................................................................... 3956
31.5.15 arp validate................................................................................................................................................................ 3957
31.5.16 arp-fake expire-time............................................................................................................................................... 3959
31.5.17 arp-limit...................................................................................................................................................................... 3960
31.5.18 arp-miss anti-attack rate-limit............................................................................................................................ 3962
31.5.19 arp-miss anti-attack rate-limit alarm enable................................................................................................ 3963
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxii

Fat AP and Cloud AP
31.5.20 arp-miss anti-attack rate-limit alarm threshold........................................................................................... 3965

31.5.21 arp-miss anti-attack rate-limit enable............................................................................................................. 3966
31.5.22 arp-miss speed-limit source-ip............................................................................................................................ 3967
31.5.23 display arp anti-attack configuration............................................................................................................... 3968
31.5.24 display arp learning strict..................................................................................................................................... 3972
31.5.25 display arp packet statistics................................................................................................................................. 3973
31.5.26 display arp-limit....................................................................................................................................................... 3974
31.5.27 reset arp anti-attack statistics rate-limit......................................................................................................... 3976
31.5.28 reset arp packet statistics..................................................................................................................................... 3977
31.6 DHCP Snooping Configuration Commands.......................................................................................................... 3978
31.6.1 arp dhcp-snooping-detect enable........................................................................................................................ 3978
31.6.2 dhcp option82 enable............................................................................................................................................... 3979
31.6.3 dhcp option82 encapsulation.................................................................................................................................3981
31.6.4 dhcp option82 format...............................................................................................................................................3982
31.6.5 dhcp option82 subscriber-id format.................................................................................................................... 3988
31.6.6 dhcp option82 vendor-specific format................................................................................................................3989
31.6.7 dhcp server detect......................................................................................................................................................3991
31.6.8 dhcp snooping alarm dhcp-rate enable............................................................................................................. 3992
31.6.9 dhcp snooping alarm dhcp-rate threshold........................................................................................................ 3993
31.6.10 dhcp snooping alarm enable............................................................................................................................... 3995
31.6.11 dhcp snooping alarm threshold.......................................................................................................................... 3996
31.6.12 dhcp snooping check dhcp-giaddr enable...................................................................................................... 3999
31.6.13 dhcp snooping check dhcp-rate.......................................................................................................................... 4000
31.6.14 dhcp snooping check dhcp-rate enable........................................................................................................... 4002
31.6.15 dhcp snooping check dhcp-chaddr enable..................................................................................................... 4004
31.6.16 dhcp snooping check dhcp-request enable.................................................................................................... 4005
31.6.17 dhcp snooping disable........................................................................................................................................... 4007
31.6.18 dhcp snooping enable............................................................................................................................................ 4008
31.6.19 dhcp snooping enable no-user-binding........................................................................................................... 4010
31.6.20 dhcp snooping max-user-number...................................................................................................................... 4012
31.6.21 dhcp snooping user-alarm percentage.............................................................................................................4014
31.6.22 dhcp snooping user-bind autosave.................................................................................................................... 4015
31.6.23 dhcp snooping user-transfer enable..................................................................................................................4017
31.6.24 display dhcp option82 configuration................................................................................................................ 4018
31.6.25 display dhcp snooping............................................................................................................................................4020
31.6.26 display dhcp snooping configuration................................................................................................................ 4025
31.6.27 display dhcp snooping statistics......................................................................................................................... 4027
31.6.28 display dhcp snooping user-bind........................................................................................................................ 4029
31.6.29 reset dhcp snooping statistics............................................................................................................................. 4032
31.6.30 reset dhcp snooping user-bind............................................................................................................................ 4033
31.7 IP Source Guard Configuration Commands..........................................................................................................4034
31.7.1 display dhcp static user-bind.................................................................................................................................. 4035
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxiii

Fat AP and Cloud AP
31.7.2 user-bind static............................................................................................................................................................4036

31.8 PKI Configuration Commands................................................................................................................................... 4038
31.8.1 auto-enroll.................................................................................................................................................................... 4038
31.8.2 ca id................................................................................................................................................................................ 4040
31.8.3 cdp-url............................................................................................................................................................................ 4041
31.8.4 certificate-check..........................................................................................................................................................4042
31.8.5 common-name............................................................................................................................................................ 4045
31.8.6 country (PKI entity view).........................................................................................................................................4046
31.8.7 crl auto-update enable.............................................................................................................................................4047
31.8.8 crl cache........................................................................................................................................................................ 4048
31.8.9 crl http............................................................................................................................................................................4048
31.8.10 crl scep......................................................................................................................................................................... 4049
31.8.11 crl update-period..................................................................................................................................................... 4050
31.8.12 display pki ca-capability........................................................................................................................................ 4051
31.8.13 display pki cert-req.................................................................................................................................................. 4052
31.8.14 display pki certificate.............................................................................................................................................. 4055
31.8.15 display pki certificate built-in-ca........................................................................................................................ 4058
31.8.16 display pki certificate enroll-status....................................................................................................................4062
31.8.17 display pki certificate filename........................................................................................................................... 4063
31.8.18 display pki credential-storage-path................................................................................................................... 4066
31.8.19 display pki crl............................................................................................................................................................ 4067
31.8.20 display pki entity...................................................................................................................................................... 4069
31.8.21 display pki ocsp cache detail............................................................................................................................... 4071
31.8.22 display pki ocsp cache statistics..........................................................................................................................4073
31.8.23 display pki ocsp server down-information...................................................................................................... 4074
31.8.24 display pki realm...................................................................................................................................................... 4076
31.8.25 display pki rsa built-in-ca public........................................................................................................................ 4080
31.8.26 display pki rsa local-key-pair............................................................................................................................... 4081
31.8.27 email............................................................................................................................................................................ 4083
31.8.28 enrollment self-signed........................................................................................................................................... 4084
31.8.29 enrollment-request signature message-digest-method............................................................................. 4085
31.8.30 enrollment-url........................................................................................................................................................... 4086
31.8.31 entity............................................................................................................................................................................ 4088
31.8.32 fingerprint...................................................................................................................................................................4089
31.8.33 fqdn.............................................................................................................................................................................. 4091
31.8.34 ip-address................................................................................................................................................................... 4092
31.8.35 key-usage....................................................................................................................................................................4093
31.8.36 locality......................................................................................................................................................................... 4095
31.8.37 ocsp nonce enable................................................................................................................................................... 4096
31.8.38 ocsp signature enable............................................................................................................................................ 4096
31.8.39 ocsp url........................................................................................................................................................................ 4097
31.8.40 ocsp-url from-ca.......................................................................................................................................................4098
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxiv

Fat AP and Cloud AP
31.8.41 organization-unit..................................................................................................................................................... 4099

31.8.42 organization............................................................................................................................................................... 4101
31.8.43 password (PKI realm view)...................................................................................................................................4102
31.8.44 pki built-in-ca match-rsa-key.............................................................................................................................. 4103
31.8.45 pki create-certificate............................................................................................................................................... 4104
31.8.46 pki delete-certificate............................................................................................................................................... 4105
31.8.47 pki delete-certificate built-in-ca......................................................................................................................... 4106
31.8.48 pki delete-crl............................................................................................................................................................. 4107
31.8.49 pki enroll-certificate................................................................................................................................................ 4108
31.8.50 pki entity..................................................................................................................................................................... 4110
31.8.51 pki export-certificate.............................................................................................................................................. 4111
31.8.52 pki export-certificate default............................................................................................................................... 4113
31.8.53 pki export built-in-ca rsa-key-pair..................................................................................................................... 4114
31.8.54 pki export rsa-key-pair........................................................................................................................................... 4117
31.8.55 pki file-format........................................................................................................................................................... 4119
31.8.56 pki generate built-in-ca certificate.................................................................................................................... 4120
31.8.57 pki get-certificate..................................................................................................................................................... 4121
31.8.58 pki get-crl................................................................................................................................................................... 4123
31.8.59 pki http........................................................................................................................................................................ 4124
31.8.60 pki import-certificate.............................................................................................................................................. 4125
31.8.61 pki import-certificate built-in-ca........................................................................................................................ 4127
31.8.62 pki import-crl............................................................................................................................................................ 4128
31.8.63 pki import built-in-ca rsa-key-pair.................................................................................................................... 4129
31.8.64 pki import rsa-key-pair.......................................................................................................................................... 4131
31.8.65 pki match-rsa-key.................................................................................................................................................... 4133
31.8.66 pki ocsp response cache enable..........................................................................................................................4134
31.8.67 pki ocsp response cache number....................................................................................................................... 4134
31.8.68 pki ocsp response cache refresh interval......................................................................................................... 4135
31.8.69 pki realm (system view)........................................................................................................................................ 4136
31.8.70 pki rsa built-in-ca.....................................................................................................................................................4137
31.8.71 pki rsa local-key-pair create.................................................................................................................................4139
31.8.72 pki rsa local-key-pair destroy.............................................................................................................................. 4140
31.8.73 pki set-certificate expire-prewarning................................................................................................................ 4142
31.8.74 pki validate ocsp-server-certificate enable..................................................................................................... 4143
31.8.75 pki validate-certificate........................................................................................................................................... 4144
31.8.76 reset pki ocsp response cache............................................................................................................................. 4145
31.8.77 reset pki ocsp server down-information.......................................................................................................... 4145
31.8.78 rsa local-key-pair..................................................................................................................................................... 4146
31.8.79 source........................................................................................................................................................................... 4148
31.8.80 state (PKI entity view)........................................................................................................................................... 4149
31.9 SSL Configuration Commands.................................................................................................................................. 4150
31.9.1 ciphersuite.................................................................................................................................................................... 4150
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxv

Fat AP and Cloud AP
31.9.2 display ssl connection statistics............................................................................................................................. 4152

31.9.3 display ssl policy......................................................................................................................................................... 4153
31.9.4 pki-realm....................................................................................................................................................................... 4156
31.9.5 prefer-ciphersuite....................................................................................................................................................... 4157
31.9.6 reset ssl connection statistics................................................................................................................................. 4159
31.9.7 server-verify enable................................................................................................................................................... 4160
31.9.8 session............................................................................................................................................................................ 4161
31.9.9 ssl policy........................................................................................................................................................................ 4162
31.9.10 ssl renegotiation-rate............................................................................................................................................. 4163
31.9.11 version (client SSL policy view).......................................................................................................................... 4164
31.9.12 version (server SSL policy view)......................................................................................................................... 4165
31.10 HTTPS Configuration Commands.......................................................................................................................... 4166
31.10.1 http secure-server enable..................................................................................................................................... 4167
31.10.2 http secure-server ssl-policy.................................................................................................................................4168
31.10.3 http secure-server port.......................................................................................................................................... 4169
31.11 URL Filtering Configuration Commands (Common AP)................................................................................4170
31.11.1 blacklist....................................................................................................................................................................... 4170
31.11.2 default-action............................................................................................................................................................ 4172
31.11.3 defence-profile (system view)............................................................................................................................. 4173
31.11.4 defence-profile (user group view)..................................................................................................................... 4174
31.11.5 defence-profile (VAP profile view).................................................................................................................... 4175
31.11.6 display defence-profile...........................................................................................................................................4176
31.11.7 display references defence-profile..................................................................................................................... 4177
31.11.8 display url-filter statistics (Common AP)........................................................................................................ 4178
31.11.9 display url-filter-profile..........................................................................................................................................4179
31.11.10 profile type url-filter.............................................................................................................................................4181
31.11.11 profile type url-filter (attack defense profile view)...................................................................................4182
31.11.12 reset url-filter statistics........................................................................................................................................4183
31.11.13 whitelist.................................................................................................................................................................... 4184
31.12 URL Filtering Configuration Commands (Central AP)................................................................................... 4186
31.12.1 add { blacklist | whitelist } (URL filtering profile view).............................................................................. 4186
31.12.2 add referer-host........................................................................................................................................................ 4189
31.12.3 default action (URL filtering profile view)...................................................................................................... 4191
31.12.4 defence engine enable........................................................................................................................................... 4192
31.12.5 defence engine log timeout................................................................................................................................. 4193
31.12.6 defence-profile (interface view)......................................................................................................................... 4194
31.12.7 defence-profile (system view)............................................................................................................................. 4195
31.12.8 defence-profile (user group view)..................................................................................................................... 4196
31.12.9 defence-profile (VAP profile view).................................................................................................................... 4196
31.12.10 display references defence-profile................................................................................................................... 4197
31.12.11 display defence-profile........................................................................................................................................ 4198
31.12.12 description (URL filtering profile view)......................................................................................................... 4200
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxvi

Fat AP and Cloud AP
31.12.13 display profile type url-filter..............................................................................................................................4201

31.12.14 display url-filter statistics................................................................................................................................... 4204
31.12.15 profile type url-filter copy.................................................................................................................................. 4205
31.12.16 profile type url-filter (attack defense profile view)...................................................................................4206
31.12.17 profile type url-filter name................................................................................................................................ 4207
31.12.18 referer-filter whitelist-all enable...................................................................................................................... 4208
31.12.19 rename (URL filtering profile view)................................................................................................................ 4209
31.12.20 reset url-filter statistics........................................................................................................................................4210
31.12.21 url-filter anti-bypass enable.............................................................................................................................. 4211
31.12.22 url-filter high-performance mode enable.....................................................................................................4212
31.12.23 url-filter https-filter consistency-check enable........................................................................................... 4213
31.13 IAE Advanced Configuration Commands (Central AP).................................................................................. 4214
31.13.1 display engine information...................................................................................................................................4214
31.13.2 display engine session statistics..........................................................................................................................4216
31.13.3 display engine session table.................................................................................................................................4218
31.13.4 display engine statistics......................................................................................................................................... 4220
31.13.5 display fragment-reassemble configuration...................................................................................................4222
31.13.6 display fragment-reassemble session table.................................................................................................... 4224
31.13.7 display fragment-reassemble statistics............................................................................................................ 4225
31.13.8 display profile............................................................................................................................................................ 4227
31.13.9 display stream-reassemble configuration....................................................................................................... 4228
31.13.10 decoding uri-cache............................................................................................................................................... 4230
31.13.11 engine configuration commit............................................................................................................................4231
31.13.12 engine enhanced-detection............................................................................................................................... 4232
31.13.13 engine http status-code...................................................................................................................................... 4233
31.13.14 engine log enable.................................................................................................................................................. 4234
31.13.15 engine pass-through enable.............................................................................................................................. 4235
31.13.16 fragment-reassemble enable............................................................................................................................ 4235
31.13.17 fragment-reassemble overflow-mode............................................................................................................4236
31.13.18 fragment-reassemble user-configure............................................................................................................. 4237
31.13.19 reset engine session statistics........................................................................................................................... 4238
31.13.20 reset engine session table.................................................................................................................................. 4239
31.13.21 reset engine statistics...........................................................................................................................................4240
31.13.22 reset fragment-reassemble statistics.............................................................................................................. 4241
31.13.23 stream-reassemble enable................................................................................................................................. 4242
31.13.24 stream-reassemble enhanced-mode.............................................................................................................. 4242
31.13.25 stream-reassemble overflow-mode................................................................................................................ 4243
31.13.26 stream-reassemble overlap-mode................................................................................................................... 4244
31.13.27 stream-reassemble session-cache................................................................................................................... 4245
31.13.28 stream-reassemble session-timeout............................................................................................................... 4246
31.13.29 stream-reassemble tcp-option check............................................................................................................. 4247
31.13.30 stream-reassemble timestamp check.............................................................................................................4248
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxvii

Fat AP and Cloud AP
31.13.31 stream-reassemble user-configure defense-check.................................................................................... 4249

31.14 Updating Signature Databases Configuration Commands (Central AP)................................................. 4249
31.14.1 display update configuration............................................................................................................................... 4250
31.14.2 display update host source................................................................................................................................... 4252
31.14.3 display update information all-sdb................................................................................................................... 4253
31.14.4 display update status..............................................................................................................................................4254
31.14.5 display version (engine or signature database)............................................................................................ 4256
31.14.6 update abort.............................................................................................................................................................. 4257
31.14.7 update apply..............................................................................................................................................................4258
31.14.8 update confirm......................................................................................................................................................... 4259
31.14.9 update download-server aging-time................................................................................................................ 4260
31.14.10 update force apply................................................................................................................................................ 4261
31.14.11 update force local................................................................................................................................................. 4263
31.14.12 update force online...............................................................................................................................................4264
31.14.13 update force restore sdb-default..................................................................................................................... 4265
31.14.14 update force rollback........................................................................................................................................... 4266
31.14.15 update host source............................................................................................................................................... 4267
31.14.16 update local.............................................................................................................................................................4269
31.14.17 update online.......................................................................................................................................................... 4270
31.14.18 update online-mode............................................................................................................................................. 4271
31.14.19 update proxy........................................................................................................................................................... 4272
31.14.20 update proxy enable.............................................................................................................................................4274
31.14.21 update restore sdb-default................................................................................................................................ 4274
31.14.22 update rollback...................................................................................................................................................... 4275
31.14.23 update schedule..................................................................................................................................................... 4276
31.14.24 update schedule enable...................................................................................................................................... 4278
31.14.25 update schedule retry-download interval.....................................................................................................4279
31.14.26 update schedule retry-load interval................................................................................................................4280
31.14.27 update server.......................................................................................................................................................... 4281
31.15 Intrusion Prevention Configuration Commands (Central AP)..................................................................... 4283
31.15.1 action (IPS signature filter view)........................................................................................................................ 4283
31.15.2 action (user-defined IPS signature view)........................................................................................................ 4284
31.15.3 application (IPS signature filter view).............................................................................................................. 4285
31.15.4 assoc-check enable..................................................................................................................................................4286
31.15.5 category (IPS signature filter view)................................................................................................................... 4287
31.15.6 check (user-defined signature rule view)........................................................................................................4288
31.15.7 cnc domain-filter enable....................................................................................................................................... 4289
31.15.8 cnc domain-filter exception domain-name.................................................................................................... 4291
31.15.9 collect-attack-evidence enable (intrusion prevention profile view).......................................................4292
31.15.10 condition (user-defined signature rule view).............................................................................................. 4293
31.15.11 condition associated (user-defined signature rule view)........................................................................ 4297
31.15.12 condition move (user-defined signature rule view).................................................................................. 4299
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxviii

Fat AP and Cloud AP
31.15.13 context-awareness enable.................................................................................................................................. 4301

31.15.14 description (intrusion prevention profile view).......................................................................................... 4302
31.15.15 description (user-defined IPS signature view)............................................................................................ 4303
31.15.16 destination-ip (user-defined signature rule view)..................................................................................... 4304
31.15.17 destination-port (user-defined signature rule view)................................................................................ 4305
31.15.18 display cnc domain-filter domain statistics..................................................................................................4306
31.15.19 display cnc domain-filter exception................................................................................................................ 4308
31.15.20 display cnc domain-filter statistics.................................................................................................................. 4309
31.15.21 display cnc information....................................................................................................................................... 4310
31.15.22 display context-awareness information statistics...................................................................................... 4311
31.15.23 display context-awareness statistics............................................................................................................... 4313
31.15.24 display ips signature-id rule...............................................................................................................................4314
31.15.25 display ips signature-state................................................................................................................................. 4317
31.15.26 display ips statistics.............................................................................................................................................. 4318
31.15.27 display ips signature-action............................................................................................................................... 4320
31.15.28 display ips-signature.............................................................................................................................................4322
31.15.29 display ips-signature cve-id............................................................................................................................... 4328
31.15.30 display ips-signature statistics.......................................................................................................................... 4330
31.15.31 display ips-signature vendor-id.........................................................................................................................4331
31.15.32 display profile type ips.........................................................................................................................................4333
31.15.33 dns domain check................................................................................................................................................. 4344
31.15.34 dns domain length check................................................................................................................................... 4345
31.15.35 dns malformed-packet check............................................................................................................................ 4346
31.15.36 dns request-type check........................................................................................................................................4347
31.15.37 dns session request-times check...................................................................................................................... 4348
31.15.38 exception ips-signature-id.................................................................................................................................. 4349
31.15.39 http multi-host check...........................................................................................................................................4351
31.15.40 http ssh-over-http check..................................................................................................................................... 4352
31.15.41 http x-forwarded-for check................................................................................................................................ 4353
31.15.42 http x-forwarded-for whitelist.......................................................................................................................... 4354
31.15.43 http x-online-host blacklist................................................................................................................................ 4355
31.15.44 http x-online-host check..................................................................................................................................... 4356
31.15.45 ips associated pre-defined..................................................................................................................................4357
31.15.46 ips collect-attack-evidence max-session-number...................................................................................... 4359
31.15.47 ips log based-on-session..................................................................................................................................... 4361
31.15.48 ips log extend enable........................................................................................................................................... 4362
31.15.49 ips log merge enable............................................................................................................................................4363
31.15.50 ips signature-action.............................................................................................................................................. 4363
31.15.51 ips signature-id.......................................................................................................................................................4365
31.15.52 ips signature-state.................................................................................................................................................4366
31.15.53 name (user-defined IPS signature view)....................................................................................................... 4368
31.15.54 os (IPS signature filter view)............................................................................................................................. 4369
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxix

Fat AP and Cloud AP
31.15.55 profile type ips (attack defense profile view)..............................................................................................4371

31.15.56 profile type ips copy............................................................................................................................................. 4372
31.15.57 profile type ips name........................................................................................................................................... 4373
31.15.58 protocol (IPS signature filter view)................................................................................................................. 4374
31.15.59 protocol (user-defined IPS signature view)..................................................................................................4375
31.15.60 rename (intrusion prevention profile view)................................................................................................. 4376
31.15.61 rename (IPS signature filter view).................................................................................................................. 4377
31.15.62 rename (user-defined signature rule view)................................................................................................. 4378
31.15.63 reset cnc domain-filter statistics...................................................................................................................... 4379
31.15.64 reset context-awareness information statistics...........................................................................................4380
31.15.65 reset context-awareness statistics................................................................................................................... 4380
31.15.66 reset ips statistics.................................................................................................................................................. 4381
31.15.67 reset ips-signature statistics.............................................................................................................................. 4382
31.15.68 rule name (user-defined IPS signature view).............................................................................................. 4383
31.15.69 scope (user-defined signature rule view)..................................................................................................... 4384
31.15.70 severity (IPS signature filter view).................................................................................................................. 4385
31.15.71 severity (user-defined IPS signature view)................................................................................................... 4387
31.15.72 signature-set move............................................................................................................................................... 4388
31.15.73 signature-set name............................................................................................................................................... 4389
31.15.74 source-ip (user-defined signature rule view).............................................................................................. 4390
31.15.75 source-port (user-defined signature rule view).......................................................................................... 4391
31.15.76 target (IPS signature filter view)......................................................................................................................4392
31.15.77 target (user-defined IPS signature view)...................................................................................................... 4393
31.16 Antivirus Configuration Commands (Central AP)............................................................................................4394
31.16.1 av extract hash enable........................................................................................................................................... 4394
31.16.2 av log merge enable............................................................................................................................................... 4395
31.16.3 collect-attack-evidence enable (antivirus profile view)............................................................................. 4396
31.16.4 description (antivirus profile view)....................................................................................................................4397
31.16.5 display av statistics.................................................................................................................................................. 4398
31.16.6 display av-signature................................................................................................................................................ 4400
31.16.7 display profile type av............................................................................................................................................ 4402
31.16.8 exception application............................................................................................................................................. 4404
31.16.9 exception av-signature-id..................................................................................................................................... 4406
31.16.10 ftp-detect................................................................................................................................................................. 4407
31.16.11 http-detect............................................................................................................................................................... 4409
31.16.12 imap-detect............................................................................................................................................................. 4411
31.16.13 nfs-detect................................................................................................................................................................. 4412
31.16.14 pop3-detect............................................................................................................................................................. 4413
31.16.15 profile type av copy.............................................................................................................................................. 4414
31.16.16 profile type av (attack defense profile view).............................................................................................. 4415
31.16.17 profile type av name............................................................................................................................................ 4416
31.16.18 rename (antivirus profile view)........................................................................................................................ 4418
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxx

Fat AP and Cloud AP
31.16.19 reset av statistics................................................................................................................................................... 4418

31.16.20 smb-detect............................................................................................................................................................... 4419
31.16.21 smtp-detect............................................................................................................................................................. 4421
31.17 Global IAE Configuration Commands (Central AP)........................................................................................ 4422
31.17.1 display file-frame information............................................................................................................................ 4422
31.17.2 display file-frame statistics...................................................................................................................................4424
31.17.3 file-frame breakpoint-resume-blocking protocol......................................................................................... 4427
31.17.4 file-frame decompress depth...............................................................................................................................4429
31.17.5 file-frame decompress depth action................................................................................................................. 4430
31.17.6 file-frame decompress size................................................................................................................................... 4431
31.17.7 file-frame decompress size action..................................................................................................................... 4432
31.17.8 reset file-frame statistics....................................................................................................................................... 4433
32 QoS Commands............................................................................................................... 4435

32.1 Traffic Policing Commands........................................................................................................................................ 4435
32.1.1 display qos car statistics.......................................................................................................................................... 4435
32.1.2 qos car............................................................................................................................................................................ 4437
32.1.3 reset qos car statistics...............................................................................................................................................4441
32.2 ACL-based Simplified Traffic Policy Commands................................................................................................. 4442
32.2.1 display traffic-filter applied-record...................................................................................................................... 4442
32.2.2 display traffic-filter statistics.................................................................................................................................. 4444
32.2.3 reset traffic-filter statistics...................................................................................................................................... 4445
32.2.4 traffic-filter (interface view)...................................................................................................................................4446
32.2.5 traffic-remark (interface view).............................................................................................................................. 4449
32.3 Commands for Configuring Global Rate Limiting for Broadcast and Multicast Packets......................4451
32.3.1 display traffic-optimize configuration.................................................................................................................4451
32.3.2 traffic-optimize broadcast-suppression disable (system view).................................................................. 4455
32.3.3 traffic-optimize broadcast-suppression rate-threshold (system view).................................................... 4457
32.4 WLAN QoS Configuration Commands (Common AP)..................................................................................... 4458
32.4.1 airtime-fair-schedule enable.................................................................................................................................. 4459
32.4.2 car (QoS profile view).............................................................................................................................................. 4460
32.4.3 description (QoS profile view)............................................................................................................................... 4463
32.4.4 display qos car............................................................................................................................................................. 4464
32.4.5 display qos-profile......................................................................................................................................................4465
32.4.6 display references traffic-profile........................................................................................................................... 4467
32.4.7 display references user-profile............................................................................................................................... 4469
32.4.8 display traffic-profile................................................................................................................................................. 4470
32.4.9 display traffic-remark applied-record................................................................................................................. 4475
32.4.10 display user-profile.................................................................................................................................................. 4477
32.4.11 multimedia-air-optimize enable......................................................................................................................... 4478
32.4.12 multimedia-air-optimize threshold....................................................................................................................4480
32.4.13 priority-map downstream dot1p........................................................................................................................ 4481
32.4.14 priority-map downstream dscp...........................................................................................................................4482
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxxi

Fat AP and Cloud AP
32.4.15 priority-map downstream trust.......................................................................................................................... 4484

32.4.16 qos car......................................................................................................................................................................... 4485
32.4.17 qos car (user profile view)....................................................................................................................................4488
32.4.18 qos-profile.................................................................................................................................................................. 4489
32.4.19 qos-profile (user group view).............................................................................................................................. 4490
32.4.20 rate-limit..................................................................................................................................................................... 4491
32.4.21 rate-limit client dynamic....................................................................................................................................... 4492
32.4.22 rate-limit client dynamic disable........................................................................................................................ 4493
32.4.23 remark 8021p (QoS profile view)...................................................................................................................... 4494
32.4.24 remark dscp (QoS profile view)..........................................................................................................................4496
32.4.25 remark local-precedence (QoS profile view)................................................................................................. 4497
32.4.26 traffic-filter (traffic profile view)........................................................................................................................4498
32.4.27 traffic-profile (WLAN view)................................................................................................................................. 4503
32.4.28 traffic-profile (VAP profile view)........................................................................................................................ 4504
32.4.29 traffic-remark (traffic profile view)................................................................................................................... 4505
32.4.30 user-isolate (traffic profile view)........................................................................................................................ 4507
32.4.31 user-priority (user profile view).......................................................................................................................... 4508
32.4.32 user-profile (VAP profile view)........................................................................................................................... 4509
32.4.33 user-profile................................................................................................................................................................. 4510
32.4.34 wmm edca-ap........................................................................................................................................................... 4512
32.4.35 wmm edca-client (SSID profile view)............................................................................................................... 4515
32.4.36 wmm disable............................................................................................................................................................. 4518
32.4.37 wmm mandatory enable.......................................................................................................................................4519
32.5 WLAN QoS Configuration Commands (Central AP)......................................................................................... 4520
32.5.1 airtime-fair-schedule enable.................................................................................................................................. 4520
32.5.2 car (QoS profile view).............................................................................................................................................. 4521
32.5.3 description (QoS profile view)............................................................................................................................... 4525
32.5.4 display qos car............................................................................................................................................................. 4526
32.5.5 display qos-profile......................................................................................................................................................4527
32.5.6 display references traffic-profile........................................................................................................................... 4529
32.5.7 display references user-profile............................................................................................................................... 4531
32.5.8 display traffic-profile................................................................................................................................................. 4532
32.5.9 display traffic-remark applied-record................................................................................................................. 4537
32.5.10 display user-profile.................................................................................................................................................. 4538
32.5.11 multimedia-air-optimize enable......................................................................................................................... 4540
32.5.12 multimedia-air-optimize threshold....................................................................................................................4541
32.5.13 priority-map downstream dot1p........................................................................................................................ 4543
32.5.14 priority-map downstream dscp........................................................................................................................... 4544
32.5.15 priority-map downstream trust.......................................................................................................................... 4546
32.5.16 qos car......................................................................................................................................................................... 4547
32.5.17 qos car (user profile view)....................................................................................................................................4550
32.5.18 qos-profile.................................................................................................................................................................. 4551
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxxii

Fat AP and Cloud AP
32.5.19 qos-profile (user group view).............................................................................................................................. 4552

32.5.20 rate-limit..................................................................................................................................................................... 4553
32.5.21 rate-limit client dynamic....................................................................................................................................... 4554
32.5.22 rate-limit client dynamic disable........................................................................................................................ 4555
32.5.23 remark 8021p (QoS profile view)...................................................................................................................... 4556
32.5.24 remark dscp (QoS profile view)..........................................................................................................................4558
32.5.25 remark local-precedence (QoS profile view)................................................................................................. 4559
32.5.26 traffic-filter (traffic profile view)........................................................................................................................4560
32.5.27 traffic-profile (WLAN view)................................................................................................................................. 4563
32.5.28 traffic-profile (VAP profile view)........................................................................................................................ 4564
32.5.29 traffic-remark (traffic profile view)................................................................................................................... 4565
32.5.30 user-isolate (traffic profile view)........................................................................................................................ 4568
32.5.31 user-priority (user profile view).......................................................................................................................... 4569
32.5.32 user-profile (VAP profile view)........................................................................................................................... 4570
32.5.33 user-profile................................................................................................................................................................. 4571
32.5.34 wmm edca-ap........................................................................................................................................................... 4572
32.5.35 wmm edca-client (SSID profile view)............................................................................................................... 4575
32.5.36 wmm disable............................................................................................................................................................. 4579
32.5.37 wmm mandatory enable.......................................................................................................................................4580
32.6 SAC Configuration Commands (Common AP).................................................................................................... 4581
32.6.1 application-group car (SAC profile view).......................................................................................................... 4581
32.6.2 application-group deny (SAC profile view)....................................................................................................... 4583
32.6.3 application-group remark (SAC profile view).................................................................................................. 4584
32.6.4 display references sac-profile................................................................................................................................. 4586
32.6.5 display sac application-group................................................................................................................................ 4587
32.6.6 display sac information............................................................................................................................................ 4588
32.6.7 display sac-profile...................................................................................................................................................... 4590
32.6.8 display sac application-list...................................................................................................................................... 4592
32.6.9 display sac protocol-statistic.................................................................................................................................. 4593
32.6.10 reset sac protocol-statistic.................................................................................................................................... 4595
32.6.11 sac enable................................................................................................................................................................... 4596
32.6.12 sac update-signature online.................................................................................................................................4597
32.6.13 sac-profile................................................................................................................................................................... 4598
32.6.14 sac-profile (user group view).............................................................................................................................. 4599
32.6.15 sac-profile (VAP profile view)..............................................................................................................................4600
32.6.16 sac restore-signature.............................................................................................................................................. 4601
32.6.17 sac update-signature.............................................................................................................................................. 4602
32.6.18 sac update-signature schedule............................................................................................................................4603
32.6.19 sac update-signature schedule enable............................................................................................................. 4604
32.6.20 sac update-signature server................................................................................................................................. 4605
32.6.21 user-protocol-statistic enable.............................................................................................................................. 4606
32.6.22 vap-protocol-statistic enable............................................................................................................................... 4607
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxxiii

Fat AP and Cloud AP
32.7 SAC Configuration Commands (Central AP)........................................................................................................4608

32.7.1 application-group car (SAC profile view).......................................................................................................... 4608
32.7.2 application-group deny (SAC profile view)....................................................................................................... 4610
32.7.3 application-group remark (SAC profile view).................................................................................................. 4611
32.7.4 application name cache type aging-time.......................................................................................................... 4612
32.7.5 detect max-bytes........................................................................................................................................................ 4613
32.7.6 detect max-packets................................................................................................................................................... 4614
32.7.7 detect max-time......................................................................................................................................................... 4615
32.7.8 detect uni-direction................................................................................................................................................... 4616
32.7.9 display application..................................................................................................................................................... 4617
32.7.10 display application name aging-time............................................................................................................... 4620
32.7.11 display references sac-profile.............................................................................................................................. 4621
32.7.12 display sac application-group.............................................................................................................................. 4622
32.7.13 display sac information..........................................................................................................................................4624
32.7.14 display sac-profile.................................................................................................................................................... 4625
32.7.15 display sac application-list....................................................................................................................................4627
32.7.16 display sac protocol-statistic................................................................................................................................ 4629
32.7.17 port-identification packet-number-threshold................................................................................................ 4631
32.7.18 reset sac protocol-statistic.................................................................................................................................... 4632
32.7.19 sa................................................................................................................................................................................... 4633
32.7.20 sac-profile................................................................................................................................................................... 4634
32.7.21 sac-profile (user group view).............................................................................................................................. 4635
32.7.22 sac-profile (VAP profile view)..............................................................................................................................4636
32.7.23 user-protocol-statistic enable.............................................................................................................................. 4637
32.7.24 vap-protocol-statistic enable............................................................................................................................... 4638
33 Network Management and Monitoring Commands..............................................4640

33.1 SNMP Configuration Commands............................................................................................................................. 4640
33.1.1 display snmp-agent community........................................................................................................................... 4640
33.1.2 display snmp-agent extend error-code status..................................................................................................4642
33.1.3 display snmp-agent group...................................................................................................................................... 4643
33.1.4 display snmp-agent local-engineid...................................................................................................................... 4646
33.1.5 display snmp-agent mib-view................................................................................................................................4647
33.1.6 display snmp-agent statistics................................................................................................................................. 4649
33.1.7 display snmp-agent sys-info...................................................................................................................................4652
33.1.8 display snmp-agent target-host............................................................................................................................ 4653
33.1.9 display snmp-agent trap all....................................................................................................................................4655
33.1.10 display snmp-agent trap feature-name all..................................................................................................... 4657
33.1.11 display snmp-agent trap feature-name snmp all......................................................................................... 4658
33.1.12 display snmp-agent trap-source......................................................................................................................... 4659
33.1.13 display snmp-agent usm-user............................................................................................................................. 4660
33.1.14 enable snmp trap updown................................................................................................................................... 4662
33.1.15 snmp-agent................................................................................................................................................................ 4663
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxxiv

Fat AP and Cloud AP
33.1.16 snmp-agent community........................................................................................................................................ 4664

33.1.17 snmp-agent community complexity-check disable..................................................................................... 4667
33.1.18 snmp-agent extend error-code enable.............................................................................................................4668
33.1.19 snmp-agent group................................................................................................................................................... 4669
33.1.20 snmp-agent local-engineid.................................................................................................................................. 4672
33.1.21 snmp-agent mib-view............................................................................................................................................ 4674
33.1.22 snmp-agent protocol get-bulk timeout........................................................................................................... 4676
33.1.23 snmp-agent protocol source-interface............................................................................................................. 4677
33.1.24 snmp-agent sys-info............................................................................................................................................... 4678
33.1.25 snmp-agent target-host trap-hostname..........................................................................................................4680
33.1.26 snmp-agent target-host trap-paramsname....................................................................................................4682
33.1.27 snmp-agent trap disable....................................................................................................................................... 4685
33.1.28 snmp-agent trap enable........................................................................................................................................ 4686
33.1.29 snmp-agent trap enable feature-name........................................................................................................... 4687
33.1.30 snmp-agent trap enable feature-name snmp............................................................................................... 4688
33.1.31 snmp-agent trap life............................................................................................................................................... 4689
33.1.32 snmp-agent trap queue-size................................................................................................................................ 4689
33.1.33 snmp-agent trap source........................................................................................................................................ 4690
33.1.34 snmp-agent usm-user............................................................................................................................................ 4691
33.2 Mirroring Configuration Commands.......................................................................................................................4695
33.2.1 display mirror-port..................................................................................................................................................... 4696
33.2.2 display mirror-vap...................................................................................................................................................... 4697
33.2.3 display observe-port.................................................................................................................................................. 4698
33.2.4 mirror (interface view)............................................................................................................................................. 4699
33.2.5 mirror vap..................................................................................................................................................................... 4700
33.2.6 observe-port................................................................................................................................................................. 4702
33.3 Ping and Tracert Configuration Commands......................................................................................................... 4703
33.3.1 ping................................................................................................................................................................................. 4703
33.3.2 tracert............................................................................................................................................................................. 4713
33.4 LLDP Configuration Commands............................................................................................................................... 4718
33.4.1 display lldp local......................................................................................................................................................... 4718
33.4.2 display lldp neighbor.................................................................................................................................................4728
33.4.3 display lldp neighbor brief ..................................................................................................................................... 4737
33.4.4 display lldp statistics................................................................................................................................................. 4738
33.4.5 display lldp tlv-config............................................................................................................................................... 4739
33.4.6 display snmp-agent trap feature-name lldptrap all.......................................................................................4744
33.4.7 lldp clear neighbor..................................................................................................................................................... 4746
33.4.8 lldp dot3-tlv power.................................................................................................................................................... 4747
33.4.9 lldp enable (interface view)................................................................................................................................... 4749
33.4.10 lldp enable (system view).....................................................................................................................................4750
33.4.11 lldp management-address.................................................................................................................................... 4751
33.4.12 lldp message-transmission delay....................................................................................................................... 4753
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxxv

Fat AP and Cloud AP
33.4.13 lldp message-transmission hold-multiplier.................................................................................................... 4754

33.4.14 lldp message-transmission interval................................................................................................................... 4756
33.4.15 lldp restart-delay...................................................................................................................................................... 4758
33.4.16 lldp tlv-enable........................................................................................................................................................... 4759
33.4.17 lldp tlv-enable legacy-tlv four-pair-power...................................................................................................... 4764
33.4.18 lldp tlv-enable legacy-tlv power-capability.................................................................................................... 4765
33.4.19 lldp trap-interval...................................................................................................................................................... 4766
33.4.20 reset lldp statistics................................................................................................................................................... 4767
33.4.21 snmp-agent trap enable feature-name lldptrap........................................................................................... 4768
33.5 Packet Obtaining Configuration Command......................................................................................................... 4770
33.5.1 capture-packet............................................................................................................................................................ 4770
33.6 Service Diagnosis Configuration Commands....................................................................................................... 4773
33.6.1 display trace information........................................................................................................................................ 4773
33.6.2 display trace instance............................................................................................................................................... 4775
33.6.3 display trace object.................................................................................................................................................... 4777
33.6.4 reset trace instance....................................................................................................................................................4780
33.6.5 save trace information............................................................................................................................................. 4781
33.6.6 trace enable..................................................................................................................................................................4782
33.6.7 trace object................................................................................................................................................................... 4783
33.6.8 trace syslog source..................................................................................................................................................... 4787
33.7 Managing WLAN Access Site Information Commands.................................................................................... 4788
33.7.1 coordinate..................................................................................................................................................................... 4788
33.7.2 display wireless-access-specification configuration....................................................................................... 4790
33.7.3 location.......................................................................................................................................................................... 4791
33.7.4 report.............................................................................................................................................................................. 4792
33.7.5 report enable............................................................................................................................................................... 4794
33.7.6 site................................................................................................................................................................................... 4796
33.7.7 wireless-access-specification.................................................................................................................................. 4797
33.7.8 wireless-access-specification report..................................................................................................................... 4798
33.8 WMI Commands............................................................................................................................................................ 4799
33.8.1 collect-item (WMI view).......................................................................................................................................... 4799
33.8.2 display wmi status..................................................................................................................................................... 4802
33.8.3 keepalive (WMI view)............................................................................................................................................... 4806
33.8.4 log module................................................................................................................................................................... 4808
33.8.5 max-packet-size (WMI view)................................................................................................................................. 4809
33.8.6 report-interval (WMI view).....................................................................................................................................4810
33.8.7 server (WMI view)..................................................................................................................................................... 4811
33.8.8 wmi-server (system view)....................................................................................................................................... 4812
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. lxxvi

Fat AP and Cloud AP
Command Reference 1 About This Document
1 About This Document
Overview
This document provides the configuration commands of each feature supported by
the device, including the syntax, view, default level, description, parameters, usage
guideline, related commands, and example of each command.
This document together with the Configuration Guide provides intended readers
with detailed usage of each command.
Intended Audience
This document is intended for network engineers responsible for WLAN
configuration and management. You should be familiar with basic Ethernet
knowledge and have extensive experience in network deployment and
management.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a potentially hazardous

situation which, if not avoided, could
result in equipment damage, data loss,
performance deterioration, or
unanticipated results.
NOTICE is used to address practices
not related to personal injury.
Supplements the important

information in the main text.
NOTE is used to address information
not related to personal injury,
equipment damage, and environment
deterioration.
Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. 1

Fat AP and Cloud AP
Command Conventions
The command conventions that may be found in this document are defined as
follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in brackets [ ] are

optional.
{ x | y | ... } Optional items are grouped in braces and separated

by vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and

separated by vertical bars. One item is selected or
no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated

by vertical bars. A minimum of one item or a
maximum of all items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and

separated by vertical bars. Several items or no item
can be selected.
&<1-n> The parameter before the & sign can be repeated 1

to n times.
# A line starting with the # sign is comments.
NOTE
The interface types, command outputs, and device models provided in this manual vary
according to device configurations and may differ from the actual information.
To obtain better user experience, you are advised to set the number of columns displayed
on the command line editor to 132 or higher.
Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use
the existing interface numbers on devices.
Security Conventions
● Password setting
When configuring a password, the cipher text is recommended. To ensure
device security, do not disable password complexity check, and change the
password periodically.
When configuring a plaintext password, do not start and end it with %$%$,
%^%#, %#%#, %@%@, or @%@%, which are considered valid ciphertext

Fat AP and Cloud AP
characters. The device can decrypt such as password and display the same
plaintext password as that configured by the user in the configuration file.
Ciphertext passwords starting and ending with %$%$, %^%#, %#%#, %@
%@, or @%@% are valid. However, ciphertext passwords for different
features are not interchangeable. For example, the ciphertext password
generated for Authentication, Authorization, Accounting (AAA) cannot be
configured for other features.
● Encryption algorithm
Currently, the device uses the following encryption algorithms: DES, 3DES,
AES, RSA, SHA1, SHA2, MD5, SMS4, and RC4. The encryption algorithm
depends on the applicable scenario. Use the recommended encryption
algorithm; otherwise, security protection requirements may not be met.
– For the symmetrical encryption algorithm, use AES with the key of 128
bits or more.
– For the asymmetrical encryption algorithm, use RSA with the key of 2048
bits or more.
– For the hash algorithm, use SHA2 with the key of 256 bits or more.
– For the HMAC algorithm, use HMAC-SHA2.
– The encryption algorithms DES/3DES/RSA (RSA-1024 or lower)/MD5 (in
digital signature scenarios and password encryption)/SHA1 (in digital
signature scenarios) have a low security, which may bring security risks. If
protocols allowed, using more secure encryption algorithms, such as
AES/RSA (RSA-2048 or higher)/SHA2/HMAC-SHA2, is recommended.
– SHA2 is irreversible encryption algorithm. The irreversible encryption
algorithm must be used for the administrator password.
● Personal data
Some personal data (such as the MAC or IP addresses of users) may be
obtained or used during operation or fault location of your purchased
products, services, features, so you have an obligation to make privacy policies
and take measures according to the applicable law of the country to protect
personal data.

Fat AP and Cloud AP
Command Reference 2 How to Use Command Lines
2 How to Use Command Lines
About This Chapter
2.1 Entering Command Views

2.2 Setting Command Levels
2.3 Editing Command Lines
2.4 Using Command Line Online Help
2.5 Interpreting Command Line Error Messages
2.6 Using the undo Command Line
2.7 Displaying History Commands
2.8 Using Command Line Shortcut Keys
2.1 Entering Command Views

The device has many functions; therefore various configuration commands and
query commands are provided to facilitate device management and maintenance.
The wireless access point registers commands to different command views based
on the functions of the commands, so users can easily use them. To use a
function, enter the corresponding command view first and then run corresponding
commands.
The device provides various command views. For the methods of entering the
command views except the following views, see the Command Reference.

Fat AP and Cloud AP
Common Command Views

Name How To Enter Function
User When a user logs in to the In the user view, you can view
view device, the user enters the user the running status and statistics
view and the following prompt is of the device.
displayed on the screen:
<HUAWEI>
System Run the system-view command In the system view, you can set
view and press Enter in the user view. the system parameters of the
The system view is displayed. device, and enter other function
<HUAWEI> system-view views from this view.
Enter system view, return user view with
Ctrl+Z.
[HUAWEI]
Interface Run the interface command and You can configure interface
view specify an interface type and parameters in the interface view.
number to enter an interface The interface parameters include
view. physical attributes, link layer
[HUAWEI] interface gigabitethernet protocols, and IP addresses.
X/Y/Z
[HUAWEI-GigabitEthernetX/Y/Z]
NOTE
● X/Y/Z indicates the number of an
interface that needs to be
specified. It is in the format of
slot number/sub card number/
interface sequence number.
● The interface GigabitEthernet is
only an example.
WLAN Run the wlan command and In the WLAN view, you can
view press Enter in the system view. configure most WLAN
The WLAN view is displayed. parameters.
[HUAWEI] wlan
[HUAWEI-wlan-
view]
NOTE
● The command line prompt HUAWEI is the default host name (sysname). The prompt
indicates the current view. For example, <> indicates the user view and [] indicates all
other views except user view.
● Some commands can be executed in multiple views, but they have different functions
after being executed in different views. For example, you can run the lldp enable
command in the system view to enable LLDP globally and in the interface view to
enable LLDP on an interface.
● In the system view, you can run the diagnose command to enter the diagnostic view.
Diagnostic commands are used for device fault diagnosis. If you run some commands in
the diagnostic view, the device may run improperly or services may be interrupted.
Contact technical support personnel and use these diagnostic commands with caution.

Fat AP and Cloud AP
Quitting Command Views

You can run the quit command to return from the current view to an upper-level
view.
For example, return from the interface view to the system view and run the quit
command to return to the user view.
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI]quit
<HUAWEI>
To return from the interface view directly to the user view, press Ctrl+Z or run the
return command.
# Press Ctrl+Z to return directly to the user view.
[HUAWEI-GigabitEthernet0/0/1] #Press Ctrl+Z.
<HUAWEI>
# Run the return command to return directly to the user view.

[HUAWEI-GigabitEthernet0/0/1] return
<HUAWEI>
2.2 Setting Command Levels

Context
The system divides commands into four levels and sets the command level in the
specified view. The device administrator can change the command level as
required, so that a lower-level user can use some high-level commands. The device
administrator can also change the command level to a larger value to improve
device security.
● The system grants users different access permissions based on their roles.
User levels are classified into sixteen levels, which correspond to the
command levels. Users can use only the commands at the same or lower level
than their own levels. By default, there are four command levels 0 to 3 and
sixteen user levels 0 to 15. Table 2-1 describes the relationship between
command levels and user levels.
Table 2-1 Relationship between command levels and user levels

User Com Name Description
Leve man
l d
Leve
l
0 0 Visit level Commands of this level include network

diagnosis tool commands (such as ping and
tracert), and commands for accessing external
devices from the local device (such as STelnet).

Fat AP and Cloud AP
User Com Name Description

Leve man
l d
Leve
l
1 0, 1 Monitorin Commands of this level are used for system

g level maintenance, including display commands.
NOTE
Some display commands are not at this level. For
example, the display current-configuration and
display saved-configuration commands are at level
3. For details about command levels, see the
Command Reference.
2 0, 1, Configura Commands of this level are used for service

2 tion level configuration to provide direct network services,
including routing commands and commands of
each network layer.
3 to 0, 1, Managem Commands of this level are used for basic

15 2, 3 ent level system operations, including file system, FTP,
TFTP download, user management, command
level configuration, and debugging.
NOTICE
Changing the default command level without the guidance of technical personnel
is not recommended. This may result in inconvenience for operation and
maintenance and bring about security problems.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run command-privilege level level view view-name command-key
The command level is set in the specified view.
----End
2.3 Editing Command Lines

Editing Feature
You can edit commands in a CLI that supports multi-line edition. Each command
can contain a maximum of 512 characters. The keywords in the commands are
case insensitive. Whether a command parameter is case sensitive or not depends
on what the parameter is.

Fat AP and Cloud AP
Table 2-2 lists keys that are frequently used for command editing.
Table 2-2 Keys for command editing

Key Function
Common key Inserts a character at the current location of the cursor

if the editing buffer is not full, and the cursor moves to
the right. Otherwise, an alarm is generated.
Backspace Deletes the character on the left of the cursor and the
cursor moves to the left. When the cursor reaches the
head of the command, an alarm is generated.
Left cursor key ← or Moves the cursor to the left by the space of a
Ctrl+B character. When the cursor reaches the head of the
command, an alarm is generated.
Right cursor key → or Moves the cursor to the right by the space of a
Ctrl+F character. When the cursor reaches the end of the
command, an alarm is generated.
Operating Techniques
Incomplete Keyword
You can enter incomplete keywords on the device. In the current view, you do not
need to enter complete keywords if the entered characters can match a unique
keyword. This function improves operating efficiency.
For example, to execute the display current-configuration command, you can
enter d cu, di cu, or dis cu, but you cannot enter d c or dis c because they do not
match unique keywords.
NOTE
The maximum length of a command (including the incomplete command) to be entered is

512 characters. If a command in incomplete form is configured, the system saves the
command to the configuration file in its complete form, which may cause the command to
have more than 512 characters. In this case, the command in incomplete form cannot be
restored after the system restarts. Therefore, when you configure a command in incomplete
form, pay attention to the length of the command.
Tab
Enter an incomplete keyword and press Tab to complete the keyword.
● When a unique keyword matches the input, the system replaces the
incomplete input with the unique keyword and displays it in a new line with
the cursor leaving a space behind. For example:
a. Enter an incomplete keyword.
[HUAWEI] info-
b. Press Tab.
The system replaces the entered keyword and displays it in a new line
with the complete keyword followed by a space.

Fat AP and Cloud AP
[HUAWEI] info-center
● When the input has multiple matches, press Tab repeatedly to display the
keywords beginning with the incomplete input in a circle until the desired
keyword is displayed. In this case, the cursor closely follows the end of the
keyword. For example:
a. Enter an incomplete keyword.
[HUAWEI] info-center log
b. Press Tab.
The system displays the prefixes of all the matched keywords. In this
example, the prefix is log.
[HUAWEI] info-center logbuffer
Press Tab to switch from one matched keyword to another. In this case,
the cursor closely follows the end of a word.
[HUAWEI] info-center logfile
[HUAWEI] info-center loghost
Stop pressing Tab when the desired keyword is displayed.
● When an incorrect keyword is entered, press Tab and it is displayed in a new
line without being changed. For example:
a. Enter an incorrect keyword.
[HUAWEI] info-center loglog
b. Press Tab.
[HUAWEI] info-center loglog
The system displays information in a new line, but the keyword loglog
remains unchanged and there is no space between the cursor and the
keyword, indicating that this keyword does not exist.
2.4 Using Command Line Online Help

When entering command lines, you can enter a question mark (?) at any time to
obtain online help. You can choose to obtain full help or partial help.
Full Help
When entering a command, you can use the full help function to obtain keywords
and parameters for the command. Use any of the following methods to obtain full
help from a command line.
● Enter a question mark (?) in any command view to obtain all the commands
and their simple descriptions. For example:
<HUAWEI> ?
User view commands:
autosave <Group> autosave command group
backup Backup information
cd Change current directory
clear Clear
clock Specify the system clock
cls Clear screen
compare Compare configuration file
copy Copy from one file to another
...
● Enter some keywords of a command and a question mark (?) separated by a
space. All keywords associated with this command, as well as simple
descriptions, are displayed. For example:

Fat AP and Cloud AP
<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] authentication-mode ?
aaa AAA authentication
password Authentication through the password of a user terminal interface
[HUAWEI-ui-vty0-4] authentication-mode aaa ?
<cr> Please press ENTER to execute command
[HUAWEI-ui-vty0-4] authentication-mode aaa
– "aaa" and "password" are keywords. "AAA authentication" and

"Authentication through the password of a user terminal interface"
describe the keywords respectively.
– <cr> indicates that there is no keyword or parameter in this position. You
can press Enter to run this command.
● Enter some keywords of a command and a question mark (?) separated by a
space. All parameters associated with this keyword, as well as simple
descriptions, are listed. For example:
[HUAWEI] ftp timeout ?
INTEGER<1-35791> The value of FTP timeout (in minute)
[HUAWEI] ftp timeout 35 ?
<cr> Please press ENTER to execute command
[HUAWEI] ftp timeout 35
"INTEGER<1-35791>" describes the value range of the parameter. "The value

of FTP timeout (in minutes)" briefly describes the function of this parameter.
Partial Help
If you enter only the first or first several characters of a command keyword, partial
help provides keywords that begin with this character or character string. Use any
of the following methods to obtain partial help from a command line.
● Enter a character string followed directly by a question mark (?) to display all
keywords that begin with this character string. For example:
<HUAWEI> d?
debugging <Group> debugging command group
delete Delete a file
dir List files on a filesystem
display Display information
<HUAWEI>d
● Enter a command and a string followed directly by a question mark (?) to

display all the keywords that begin with this string. For example:
<HUAWEI> display b?
binding Display binding relation of profile
bridge Bridge MAC
bridge-link Bridge link
bridge-profile Display Bridge profile
bridge-whitelist Bridge Whitelist
● Enter the first several letters of a keyword in a command and press Tab to
display a complete keyword. The first several letters, however, must uniquely
identify the keyword. If they do not identify a specific keyword, press Tab
continuously to display different keywords and you can select one as required.
NOTE
The command output obtained through the online help function is used for reference only.

Fat AP and Cloud AP
2.5 Interpreting Command Line Error Messages

Table 2-3 lists the common error messages.
Table 2-3 Common error messages of the command line

Error Message Cause of the Error
Error: Unrecognized command No command is found.

found at '^' position.
No keyword is found.
Error: Wrong parameter found at The parameter type is incorrect.

'^' position.
The parameter value exceeds the limit.
Error: Incomplete command The entered command is incomplete.

Error: Too many parameters Too many parameters are entered.

Error: Ambiguous command Indefinite command is entered.

2.6 Using the undo Command Line

If a command line begins with the keyword undo, it is an undo command line.
The undo command lines restore default settings of parameters, disable functions,
or delete configurations. Almost each configuration command line has a
corresponding undo command.
Some examples of using the undo command are listed as follows:
● The undo command restores the default setting.
The sysname command sets a device host name. For example:
[HUAWEI] sysname Server
[Server] undo sysname
[HUAWEI]
● The undo command disables a specified function.
The ftp server enable command enables the FTP server function on the
device. For example:
[HUAWEI] ftp server enable
Warning: FTP is not a secure protocol, and it is recommended to use SFTP.
Info: Succeeded in starting the FTP server
[HUAWEI] undo ftp server
Info: Succeeded in closing the FTP server.
● The undo command deletes a specified configuration.
The header command configures the header information displayed on
terminals when users log in. For example:

Fat AP and Cloud AP
[HUAWEI] header login information "Hello!"
Log out of the terminal and re-log in. A message "Hello!" is displayed before
authentication. Run the undo header login command.
Hello!
Login authentication
Username:admin
Password:
[HUAWEI] undo header login
Log out of the terminal and re-log in. No message is displayed before
authentication.
Login authentication
Username:admin
Password:
<HUAWEI>
NOTE
The command output provided here is used for reference only. The actual output
information may differ from the preceding information.
2.7 Displaying History Commands

By default, the system saves 10 history commands for each user. Run the history-
command max-size size-value command to reset the number of history
commands that are allowed to be saved in a specified user interface view. The
maximum number is 256.
NOTE
If the value is too large, it may take a long time to obtain a required history command.
Therefore, a large value is not recommended.
Table 2-4 shows operations of history commands.
Table 2-4 Accessing history commands

Action Command or Key Result
Display history display history-command Display history

commands. commands entered by
the current user.
Display the earlier Up arrow key ↑ or Ctrl+P If there is an earlier

history command. history command, the
earlier history command
is displayed. Otherwise,
an alarm is generated.

Fat AP and Cloud AP
Action Command or Key Result
Display the later Down arrow key ↓ or Ctrl+N If there is a later history
history command. command, the later
history command is
displayed. Otherwise, the
command is cleared and
an alarm is generated.
When using history commands, note the following:
● The saved history commands are the same as that those entered by users. For
example, if the user enters an incomplete command, the saved command also
is incomplete.
● If the user runs the same command several times, only the latest command is
saved. If the command is entered in different forms, they are considered as
different commands.
For example, if the display current-configuration command is run several
times, only one history command is saved. If the display current-
configuration command and the dis curr command are used, both of them
are saved.
2.8 Using Command Line Shortcut Keys

There are two types of shortcut keys:
● User-defined shortcut keys: include Ctrl+G, Ctrl+L, Ctrl+O, and Ctrl+U. You can
associate these shortcut keys with any commands. When a shortcut key is
pressed, the system runs the corresponding command.
● System-defined shortcut keys: shortcut keys defined in the system that have
fixed functions. Users cannot define these shortcut keys. Table 2-5 lists the
frequently used system-defined shortcut keys.
NOTE
The terminal in use may affect the functions of the shortcut keys. For example, if the
shortcut keys defined by the terminal conflict with those defined in the system, the shortcut
keys entered by the user are captured by the terminal program and the commands
corresponding to the shortcut keys are not executed.
User-defined Shortcut Keys

When a user frequently uses a command or some commands, the user can use
shortcut keys to define these commands. Only management-level users and
configuration-level users have the rights to define shortcut keys. The
configurations are as follows:
1. Run the system-view command to enter the system view.
2. Run the hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_U } command-text
command to configure a shortcut key corresponding to a command.

Fat AP and Cloud AP
The system supports four user-defined shortcut keys and the default values are as
follows:
● Ctrl+G: display current-configuration
● Ctrl+L: undo idle-timeout
● Ctrl+O: undo debugging all
● Ctrl+U: Null
NOTE
● When defining shortcut keys, use double quotation marks to define the command if this
command contains several keywords separated by spaces. For example, hotkey ctrl_l
"display tcp status". Do not use double quotation marks to define a command if the
command contains only one keyword.
● Run the display hotkey command to view the status of the defined, undefined, and
system-defined shortcut keys.
● Run the undo hotkey command to restore default values of the configured shortcut
keys.
● Shortcut keys are executed in the same way as commands. The system can record
commands in their original formats in the command buffer and logs to help query and
locate the fault.
● The user-defined shortcut keys are available to all users. If a user does not have the
rights to use the command defined by a shortcut key, the system displays an error
message when this shortcut key is executed.
System-defined Shortcut Keys
Table 2-5 System-defined shortcut keys
Key Function
Ctrl+A Moves the cursor to the beginning of the

current line.
Ctrl+B Moves the cursor back one character.
Ctrl+C Stops performing current functions.
Ctrl+D Deletes the character where the cursor is

located at.
Ctrl+E Moves the cursor to the end of the last

line.
Ctrl+F Moves the cursor forward one character.
Ctrl+H Deletes the character on the left side of

the cursor.
Ctrl+I Provides the same function as Tab.
Ctrl+J Provides the same function as Enter.
Ctrl+M Provides the same function as Enter.

Fat AP and Cloud AP
Key Function
Ctrl+N Displays the next command in the history

command buffer.
Ctrl+P Displays the previous command in the

history command buffer.
Ctrl+T Provides the same function as a question

mark.
Ctrl+W Deletes a character string on the left side

of the cursor.
Ctrl+X Deletes all the characters on the left side

of the cursor.
Ctrl+Y Deletes all the characters on the right

side of the cursor and the character
where the cursor is located at.
Ctrl+Z Returns to the user view.
Ctrl+] Stops incoming connections or redirects

the connections.
Esc+B Moves the cursor back one word.
Esc+D Deletes one word on the right side of the

cursor.
Esc+F Moves the cursor forward one word.

Fat AP and Cloud AP
Command Reference 3 Basic Configurations Commands
3 Basic Configurations Commands
About This Chapter
3.1 CLI Overview Commands

3.2 First Login Commands
3.3 UI Configuration Commands
3.4 User Login Configuration Commands
3.5 File Management Commands
3.6 Configuring System Startup Commands
3.7 Upgrade Commands
3.8 HTTP Server Commands
3.1 CLI Overview Commands
3.1.1 cls
Function
The cls command clears the current screen.
Format
cls
Parameters
None

Fat AP and Cloud AP
Views
User view
Default Level
1: Monitoring level
Usage Guidelines
This command only clears the screen and does not clear the screen buffer.
Example
# Clear screen.
<HUAWEI> cls
Info: Current terminal monitor is off.
Info: Current terminal debugging is off.
3.1.2 command-privilege level

Function
The command-privilege level command sets the command level in a specified
view.
The undo command-privilege command restores the default command level.
By default, each command in each view has a default command level.
Format
command-privilege level level view view-name command-key
undo command-privilege view view-name command-key
Parameters
Parameter Description Value
level level Specifies the command level. The value is an
integer that
ranges from 0 to
15.
view view-name Specifies the view name. You can enter a -
question mark (?) in the terminal GUI to
obtain all view names in the command
view.
command-key Specifies a command. The command must -

be entered manually because automatic
command line completion is not supported.

Fat AP and Cloud AP
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The system divides commands into four levels and sets the command level in the
specified view. The device administrator can change the command level as
required, so that a lower-level user can use some high-level commands. The device
administrator can also change the command level to a larger value to improve
device security.
You can run the command-privilege level command to change the level of one
command line based on Table 3-1.
Table 3-1 Common Views
View View Name
cli_8f All views
user User view
system System view
aaa AAA view
eth-trunk Eth-Trunk interface view
gigabitethernet GE interface view
multige MultiGE interface view
loopBack Loopback interface view
vlanif VLANIF interface view
Precautions
You are advised not to change the default command level. If you need to change
it, consult with professional personnel to ensure that routine operations and
maintenance are not affected and security risk is avoided.
When you run this command to lower the level of a command, pay attention to
relative commands in the upper-layer view of the command. If the level of
commands in the upper-layer view is lower the current command level, users of
the corresponding level cannot run the command for which the level is lowered
because the users cannot enter the upper-layer view.

Fat AP and Cloud AP
The rules for using this command to set the command level of a specified view are
as follows:
● When you degrade the target command, all keywords in the command are
degraded.
● When you upgrade the target command, only the last keyword in the
command is upgraded.
● When you set a level for the target command, the levels of all commands (in
the same view) starting with this command are changed.
● When you set a level for the target command, the keyword level in other
commands having the same index as the keyword whose level is changed is
also changed.
● If the level of keywords that have the same index is modified for multiple
times, the latest configured level takes effect.
You cannot change the command level of some commands, including:
● config lock
● config unlock interval time
● diagnose
● quit
● return
● cls
Example
# Set the privilege level of the save command to 5.
[HUAWEI] command-privilege level 5 view user save
3.1.3 diagnose
Function
The diagnose command enters the diagnostic view from the system view.
Format
diagnose
Parameters
None
Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Diagnostic commands are mainly used for fault diagnosis. However, running some
commands may cause device faults or service interruptions. Therefore, use these
commands under the instruction of technical support personnel.
Example
# Enter the diagnostic view.
[HUAWEI] diagnose
[HUAWEI-diagnose]
3.1.4 display history-command
Function
The display history-command command displays the historical commands stored
on the current device.
Format
display history-command
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run this command to check historical commands the user has executed
recently, facilitating information search. Historical commands are recorded in
circular mode. You can run the history-command max-size command to set the
maximum number of historical commands to be recorded.
Precautions
All the historical commands entered by a user are automatically saved on the
terminal, that is, any input that ends with Enter is saved as a historical command.

Fat AP and Cloud AP
NOTE
● Historical commands are saved in the same format as that used in the input. If a
command that is entered by a user is in an incomplete format, the saved historical
command is also in the incomplete format.
● If a user runs a command several times, only the latest command is saved on the device.
If the command is entered in different formats, they are considered as different
commands.
You can view historical commands using the following methods:
● To view the previous historical command, press the Up arrow key or Ctrl+P.
If there is an earlier historical command, the earlier historical command is
displayed.
● To view the next historical command, press the Down arrow key or Ctrl+N.
If there is a new historical command, the new historical command is
displayed.
Example
# Display the historical commands that have been executed on the current
terminal.
<HUAWEI> display history-command
quit
user privilege level 15
user-interface vty 0 4
system-view
3.1.5 display language
Function
The display language command displays the language that the system supports
and version information.
Format
display language
Parameters
None
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
You can use this command to check the language supported by the system or the
running version information. The system can display information in different
languages according to customer requirements.
By default, the system supports English.
Example
# Display the languages that the system supports and the version information.
<HUAWEI> display language
General:
Description: ENGLISH
Version: V200R003C00
Encoding: ANSI
Table 3-2 Description of the display language command output
Item Description
General General language.
Description Language name.
Version Version information.
Encoding Encoding format, including DEFAULT,

GBK, ISO8859-1, UTF-8, and ANSI.
3.1.6 display this
Function
The display this command displays the running configuration in the current view.
Format
display this
Parameters
None
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
After the configurations are complete in a certain view, run the display this
command to check the current configurations.
Precautions
If a configuration parameter uses the default value, this parameter is not

displayed. Configurations of the functions that do not take effect are not
displayed.
If you run the display this command in an interface view, configuration of the
interface view is displayed. If you run this command in a protocol view,
configuration of the protocol view is displayed.
Example
# Display the running configuration in the current view.
[HUAWEI] aaa
[HUAWEI-aaa] display this
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher %$%$I6.ASV)hJET,p"Dn.YM%3aXO%$%$
local-user admin service-type http
#
return
3.1.7 header
Function
The header command configures the header information displayed on a terminal
when users log in to a connected device.
The undo header command deletes the header information displayed on a

terminal when users log in to a connected device.
By default, no header information is displayed on terminals when users log in to a

connected device.
Format
header { login | shell } { information text | file file-name }
undo header { login | shell }

Fat AP and Cloud AP
Parameters
login Indicates header -

information displayed on
a terminal when a user
logs in to the device and a
connection between the
terminal and the device is
activated.
shell Indicates the header -

displayed on a terminal
when the session is set up
after the user logs in to
the connected device.
information Specifies the header and The value is a string with spaces
text content. and carriage returns supported. The
maximum length of the string that
can be entered at one time is 480
characters, if a linefeed is contained
in the first line. If no linefeed is
contained in the first line, a
maximum of 510 characters can be
entered at one time, and the total
string length ranges from 1 to 2038
characters.
file file-name Specifies the file name The value is a string of 5 to 64

that the header uses. characters. The size of the specified
file must be smaller than or equal
to 128 KB. If the size is greater than
128 KB, only the first 128 KB
contents are displayed.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To provide some prompts or alarms to users, you can use the header command to
configure a title on the device. If a user logs in to the device, the title is displayed.

Fat AP and Cloud AP
Procedure
If information is specified, the header text starts and ends with the same
character. You can set the header text in either of the following modes:
● Non-interactive: enter the header text behind the start character.
Use the same character at the beginning and end of the header and press
Enter. If the start and end characters are inconsistent, the system prompts an
error message.
● Interactive: enter the start character and press Enter.
The system displays a message prompting the correct header information.
Then enter the required information and enter the same character at the
beginning and end of the header, and press Enter. The system quits the
interactive process.
During interaction, you can press Enter at any time to enter information in
the next line.
Precautions
● Before setting the login parameter, you must set login authentication
parameters; otherwise, no header information about authentication is
displayed.
● Before setting the file parameter, ensure that the file containing the header
exists; otherwise, the file name cannot be obtained.
● If the file parameter is set, save the file containing the header in the root
directory of the default storage media. To save the file to another directory,
you must use a full path.
● If you use SSH1.X to log in to the device, the shell header rather than the
login header is displayed.
● If you use SSH2.0 to log in to the device, both login and shell headers are
displayed in the login process.
● If the header command is configured several times, only the latest
configuration takes effect.
● After the login title is configured, any user that logs in to the system can view
the title.
● The start and end characters in the header text can be double quotation
marks (""). However, the header text content cannot contain double
quotation marks ("").
Example
# Configure a shell header in non-interactive mode.
[HUAWEI] header shell information &Hello! Welcome to system!& # Enter the header text behind
the start character '&' and enter '&' at the end of the header text, and press Enter.
# Display the shell header if the login succeeds.

Hello! Welcome to system!
# Configure a shell header in interactive mode.


Fat AP and Cloud AP
[HUAWEI] header shell information % # Press Enter after entering the start character % to start the
interactive process.
Info: Input banner text, and quit with the character '%'. Hello!
Welcome to system!%
[HUAWEI] quit
<HUAWEI> quit # Log off.
# Press Enter. The shell header is displayed when the user logs in again.
Hello!
Welcome to system!
<HUAWEI>
# Specify the file that stores a login header.

[HUAWEI] header login file flash:/header-file.txt
3.1.8 display hotkey

Function
The display hotkey command displays the status of the defined, undefined, and
system hotkeys.
Format
display hotkey
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After you understand the defined, undefined, and system hotkeys in the system,
you can use hotkeys to quickly enter commands. To redefine hotkeys for a
command, run the hotkey command.
The system allows hotkeys in places where commands can be entered, and
displays the commands corresponding to hotkeys. You can run the display hotkey
command to view the commands corresponding to hotkeys.
Example
# Display defined, undefined, and system hotkeys.
<HUAWEI> display hotkey
----------------- HOTKEY -----------------

Fat AP and Cloud AP
=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L undo idle-timeout
CTRL_O undo debugging all
=Undefined hotkeys=
Hotkeys Command
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the first line
CTRL_B Move the cursor one character left
CTRL_C Stop current command function
CTRL_D Erase current character
CTRL_E Move the cursor to the end of the Last line
CTRL_F Move the cursor one character right
CTRL_H Erase the character left of the cursor
CTRL_I Perform the same fucntion as the "Tab" key
CTRL_J Perform the same fucntion as the "Enter" key
CTRL_K Kill outgoing connection when connecting
CTRL_M Perform the same fucntion as the "Enter" key
CTRL_N Display the next command from the history buffer
CTRL_T Function as a question mark
CTRL_P Display the previous command from the history buffer
CTRL_W Delete the word left of the cursor
CTRL_X Delete all characters up to the cursor
CTRL_Y Delete all characters after the cursor
CTRL_Z Return to the user view
CTRL_] Kill incoming connection or redirect connection
ESC_B Move the cursor one word back
ESC_D Delete remainder of word
ESC_F Move the cursor forward one word
Table 3-3 Description of the display hotkey command output

Item Description
Defined hotkeys Defined hotkeys.
Undefined hotkeys Undefined hotkeys.
System hotkeys System hotkeys.
3.1.9 hotkey
Function
The hotkey command sets a shortcut key for a command.
The undo hotkey restores the system shortcut keys to the default values.
By default, the system sets the default values for three shortcut keys CTRL+G,
CTRL+L, and CTRL+O, while does not set default value for CTRL+U.
Format
hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_U } command-text
undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_U }

Fat AP and Cloud AP
Parameters
CTRL_G Specifies the shortcut key Ctrl+G for a -
command.
CTRL_L Specifies the shortcut key Ctrl+L for a -
command.
CTRL_O Specifies the shortcut key Ctrl+O for a -
command.
CTRL_U Specifies the shortcut key Ctrl+U for a -
command.
command-text Specifies the associated command line for The value is a string
shortcut keys. of 1 to 240
characters.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
You can set a shortcut key for a command that is often used; you can also change
the default value of the shortcut key that is defined by the system according to
your requirements.
Precautions
Four shortcut keys are customized by users: CTRL+G, CTRL+L, CTRL+O, and CTRL
+U.
● By default, the shortcut key CTRL+G corresponds to the display current-
configuration command which displays current configuration.
● By default, the shortcut key CTRL+L corresponds to the undo idle-timeout
command which restores the default timeout period.
● By default, the shortcut key CTRL+O corresponds to the undo debugging all
command which stops the output of all debugging information.
After you use the hotkey command to set a shortcut key for a command, you can
run the command by pressing the shortcut key or entering a command.

Fat AP and Cloud AP
NOTE
One shortcut key can be set for only one command. If you set a shortcut key for multiple
commands, only the latest configuration takes effect.
When assigning a command for a shortcut key, you need to mark the command with
double quotation marks if the command consists of several words, that is, the command
includes spaces. You do not need to mark the command with double quotation marks if the
command consists of only one word.
Example
# Assign the display tcp status command for the shortcut key CTRL+L.
[HUAWEI] hotkey ctrl_l "display tcp status"
[HUAWEI] display hotkey
----------------- HOTKEY -----------------
=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display tcp status
CTRL_O undo debugging all
=Undefined hotkeys=
Hotkeys Command
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the first line
CTRL_B Move the cursor one character left
CTRL_C Stop current command function
CTRL_D Erase current character
CTRL_E Move the cursor to the end of the Last line
CTRL_F Move the cursor one character right
CTRL_H Erase the character left of the cursor
CTRL_I Perform the same fucntion as the "Tab" key
CTRL_J Perform the same fucntion as the "Enter" key
CTRL_K Kill outgoing connection when connecting
CTRL_M Perform the same fucntion as the "Enter" key
CTRL_N Display the next command from the history buffer
CTRL_T Function as a question mark
CTRL_P Display the previous command from the history buffer
CTRL_W Delete the word left of the cursor
CTRL_X Delete all characters up to the cursor
CTRL_Y Delete all characters after the cursor
CTRL_Z Return to the user view
CTRL_] Kill incoming connection or redirect connection
ESC_B Move the cursor one word back
ESC_D Delete remainder of word
ESC_F Move the cursor forward one word
3.1.10 quit
Function
The quit command returns from the current view to a lower-level view. If the
current view is the user view, this command exits from the system.
Format
quit

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
0: Visit level
Usage Guidelines
Usage Scenario
Three types of views are available and they are listed as follows from a lower level
to a higher level:
● User view
● System view
● Service view, such as route protocol view or interface view
Run the quit command to return to a lower-level command view from the current
view. If you are in the user view currently, after you run the quit command, you
quit from the system.
Example
# Return to the system view from the AAA view, and then return to the user view.
After this, quit the system.
[HUAWEI] aaa
[HUAWEI-aaa] quit
[HUAWEI] quit
<HUAWEI> quit
3.1.11 return
Function
The return command returns to the user view from other views except the user
view.
Format
return
Parameters
None
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
In other views, you can use the return command to return to the user view.
● Run this command to return to the user view if the current view is another
view except the user view.
● If the current view is the user view, no change occurs after running this
command.
● The shortcut keys<Ctrl+Z> have the same function as the return command.
Example
# Return to the user view from the user interface view.
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] return
<HUAWEI>
3.1.12 system-view
Function
The system-view command enables you to enter the system view from the user
view.
Format
system-view
Parameters
None
Views
User view
Default Level
Usage Guidelines
You must configure the device in the system view. Run this command in the user
view to enter the system view.
Example
# Enter the system view.

Fat AP and Cloud AP
Enter system view, return user view with Ctrl+Z.
[HUAWEI]
3.2 First Login Commands
3.2.1 clock datetime

Function
The clock datetime command sets the current date and time on the wireless
access point.
Format
clock datetime HH:MM:SS YYYY-MM-DD
Parameters
HH:MM:SS Specifies the current HH specifies the hour, which is an integer
time on the wireless ranging from 0 to 23. MM specifies the
access point. minute, which is an integer ranging from 0
to 59. SS specifies the second, which is an
integer ranging from 0 to 59.
YYYY-MM- Specifies the current YYYY specifies the year, which is an integer
DD date (year, month, ranging from 2000 to 2030. MM specifies
and day) on the the month, which is an integer ranging
wireless access point. from 1 to 12. DD specifies the day, which
is an integer ranging from 1 to 31.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
In the scenario where accurate absolute time is required, the current date and
time must be set on the wireless access point.
Prerequisite
The time zone and daylight saving time have been configured using the clock
timezone and clock daylight-saving-time commands. If the time zone and

Fat AP and Cloud AP
daylight saving time are not configured, the clock datetime command sets a UTC
time.
Precautions
● The specified time must be in 24-hour format. If you do not specify MM and
SS, their values are 0. You must enter at least one digit to specify HH. For
example, when you enter 0, the time is 00:00:00.
● The specified year must be a four-digit number and the specified month and
day can be a one-digit number. For example, when you enter 2012-9-1, the
time is 2012-09-01.
● If the device is configured to restart at a specified time and if the system time
is changed to be more than 10 minutes later than the specified restart time,
the scheduled restart function will be disabled.
● This configuration is not reset after the reset factory-configuration
command is executed.
Example
# Set the current time and date of the system to 0:0:0 2012-01-01.
<HUAWEI> clock datetime 0:0:0 2012-01-01
3.2.2 clock daylight-saving-time
Function
The clock daylight-saving-time command sets the name, start time, and end
time of the daylight saving time (DST).
The undo clock daylight-saving-time command cancels the DST settings.
By default, the DST is not used.
Format
clock daylight-saving-time time-zone-name one-year start-time start-date end-
time end-date offset
clock daylight-saving-time time-zone-name repeating start-time { { first |

second | third | fourth | last } weekday month | start-date1 } end-time { { first |
second | third | fourth | last } weekday month | end-date1 } offset [ start-year
[ end-year ] ]
undo clock daylight-saving-time
Parameters

time-zone- Specifies the name The value is a string of 1 to 32 characters.
name of the DST zone.

Fat AP and Cloud AP

one-year Specifies the -
absolute DST.
repeating Specifies the periodic -
DST.
start-time Specifies the start The start time is in the 24-hour format
time of the DST. HH:MM. HH specifies the hour, which is an
integer ranging from 0 to 23. MM specifies
the minute, which is an integer ranging
from 0 to 59. If MM is not specified, the
DST starts on the hour. You must enter at
least one digit to specify HH. For example,
when you enter 0, the start time is 00:00.
start-date Specifies the start The start date is in the format YYYY-MM-
date of the DST. DD. The value of YYYY ranges from 2000
to 2030, the value of MM ranges from 1 to
12, and the value of DD ranges from 1 to
31.
end-time Specifies the end The start time is in the 24-hour format
time of the DST. HH:MM. HH specifies the hour, which is an
DST starts on the hour. You must enter at
least one digit to specify HH. For example,
when you enter 0, the start time is 00:00.
end-date Specifies the end The end date is in the format YYYY-MM-
date of the DST. DD. The value of YYYY ranges from 2000
to 2030, the value of MM ranges from 1 to
12, and the value of DD ranges from 1 to
31.
first Specifies the first -
workday in a month.
second Specifies the second -
workday in a month.
third Specifies the third -
workday in a month.
fourth indicates the fourth -
workday in a month.
last Specifies the last -
workday in a month.
weekday Specifies a day of The value is Mon, Tue, Wed, Thu, Fri, Sat,
the week. or Sun.

Fat AP and Cloud AP

month Specifies a month. The value is Jan, Feb, Mar, Apr, May, Jun,
Jul, Aug, Sep, Oct, Nov, or Dec.
start-date1 Specifies the start The start date is in the format MM-DD.
date of the DST. The value of MM ranges from 1 to 12, and
the value of DD ranges from 1 to 31.
end-date1 Specifies the end The end date is in the format MM-DD. The
date of the DST. value of MM ranges from 1 to 12, and the
value of DD ranges from 1 to 31.
offset Specifies the DST The offset is in the 24-hour format
offset. HH:MM. HH specifies the hour, which is an
offset is the specified hours. You must
enter at least one digit to specify HH.
The offset should be shorter than or equal
to 2 hours.
start-year Specifies the start The value is in the format YYYY and ranges
year. from 2000 to 2030.
end-year Specifies the end The value is in the format YYYY and ranges
year. from 2000 to 2030.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Daylight Saving Time (DST), also referred to as summer time, is a convention

established by people for saving resources. In high latitude areas, it is earlier in
summer than in winter at sunrise. To reduce evening usage of incandescent
lighting and save energy, clocks are adjusted forward one hour.
Users can customize the DST zone according to their countries' or regions'
convention. In addition, users can set how long clocks are adjusted forward,
usually an hour. With DST enabled, when it is time to start DST, the system time is
adjusted according to the user-specified DST. When it is time to end DST, the
system time automatically returns to original time.
Configuration Impact
To configure the DST, note the following:

Fat AP and Cloud AP
● The time in logs and debugging information uses the local time adjusted
based on the time zone and the configured DST.
● The time in the output of the display commands uses the local time adjusted
based on the time zone and the configured DST.
To remove configurations for the DST, note the following:
● If the DST already takes effect when you remove the configurations, the
device will adjust its clock by subtracting the value of the offset parameter
from the current time.
● If the DST does not take effect, removing the configurations will not affect
the system time.
Precautions
● The DST is configured in the summer. The DST duration ranges from one day
to one year.
● You can configure the start time and end time for periodic DST in one of the
following modes: date+date, week+week, date+week, and week+date.
Example
# Set the periodic DST.
<HUAWEI> clock daylight-saving-time bj repeating 0 first sun jan 0 first sun apr 2 2009 2009
# Set the periodic DST by day.

<HUAWEI> clock daylight-saving-time bj repeating 12:11 1-1 1:0 3-4 1
# Set the absolute DST.

<HUAWEI> clock daylight-saving-time bj one-year 12:11 2010-10-2 1:00 2010-11-4 1
3.2.3 clock timezone

Function
The clock timezone command sets the local time zone.
The undo clock timezone command deletes the local time zone.
By default, the system uses Default Zone Name as the time zone name.
Format
clock timezone time-zone-name { add | minus } offset
undo clock timezone

Fat AP and Cloud AP
Parameters
time-zone- Specifies the time zone name. The name is a string of 1 to 32
name case-sensitive characters without
spaces.
add Specifies the offset from the -
UTC for the time zone
specified by time-zone-name.
That is, the sum of the
default UTC time zone and
offset is equal to the time
zone specified by time-zone-
name.
minus Specifies the offset from the -
UTC for the time zone
That is, the remainder
obtained by subtracting offset
from the default UTC time
zone is equal to the time zone
offset Specifies the offset from the Format: HH:MM:SS
UTC.
● HH specifies the hour.
– If the local time is earlier
than the UTC, the value is an
– If the local time is later than
the UTC, the value is an
● MM and SS specify the minute
and second respectively, and
both of them range from 0 to
59.
● When HH is set to the
maximum value, the MM and
SS values must be 0.
Views
User view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
The system clock is the time indicated by the system timestamp. Because the rules
governing local time differ in different regions, the system clock can be configured
to comply with the rules of any given region.
System clock = UTC + Time zone offset + DST offset
To ensure the normal communication between devices, set an accurate system

clock. You can run the clock timezone and clock daylight-saving-time
commands to set the time zone and DST offsets.
The time zone of Fat APs is set to Beijing time zone in factory settings.
Precautions
● The specified time must be in 24-hour format. If you do not specify MM and
SS, their values are 0. You must enter at least one digit to specify HH. For
example, when you enter 0, the time is 00:00:00.
● After configuring the local time zone, run the display clock command to view
the configuration. The time in logs and diagnostic information uses the local
time adjusted based on the time zone and DST.
Example
# Set the local time zone name for Beijing China to BJ.
If the default UTC is London time 2012-12-01 00:00:00, Beijing time is London
time plus 08:00 because the offset from UTC is 8 hours.
<HUAWEI> clock datetime 0:0:0 2012-12-01
<HUAWEI> clock timezone BJ add 08:00:00
3.2.4 display clock
Function
The display clock command displays the current date and clock setting.
Format
display clock
Parameters
None
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run the display clock command to view the system date and clock setting
and adjust the setting if necessary.
Precautions
The system clock is set using the clock datetime, clock timezone, and clock
daylight-saving-time commands.
● If the three commands are not used, the original system clock is displayed
after you run the display clock command.
● You can use any combination of the three commands to configure the system
time. Table 3-4 lists the formats of the configured time.
The table assumes that the original system time is 08:00:00 on January 1, 2010.
● 1: indicates that the clock datetime command is used, in which the current
time and date is date-time.
● 2: indicates that the clock timezone command is used, in which the time
zone parameter is set and the time offset is zone-offset.
● 3: indicates that the clock daylight-saving-time command is used, in which
the DST parameters are set and the time offset is offset.
● [1]: indicates that the clock datetime command is optional.
Table 3-4 System clock setting examples
Action Configured System Example

Time
1 date-time Command: clock datetime 8:0:0

2011-11-12
Configured system time:
2011-11-12 08:00:02
Saturday
Time Zone(Default Zone Name) : UTC+00:00:00
2 Original system time Command: clock timezone BJ add 8

± zone-offset Configured system time:
2010-01-01 16:00:27
Friday
Time Zone(BJ) : UTC+08:00:00
1, 2 date-time ± zone- Commands: clock datetime 8:0:0

offset 2011-11-12 and clock timezone BJ add 8
2011-11-12 16:00:17
Saturday

Fat AP and Cloud AP

Time
[1], 2, 1 date-time Commands: clock timezone NJ add 8 and

clock datetime 9:0:0 2011-11-12
2011-11-12 09:00:03
Saturday
Time Zone(NJ) : UTC+08:00:00
3 If the original system Command: clock daylight-saving-time BJ

time is not in the DST one-year 6:0 2011-8-1 6:0 2011-10-01 1
segment, the original Configured system time:
system time is
2010-01-01 08:00:51
displayed. Friday
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 08-01 06:00:00
End time : 10-01 06:00:00
Saving time : 01:00:00
If the original system Command: clock daylight-saving-time BJ

time is in the DST one-year 6:0 2010-1-1 6:0 2010-9-1 2
segment, the Configured system time:
configured system
2010-01-01 10:00:08 DST
time is the original Friday
system time plus Time Zone(BJ) : UTC+00:00:00
offset. Daylight saving time :
Name : BJ
Start year : 2010
End year : 2010
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
1, 3 If date-time is not in Commands: clock datetime 9:0:0

the DST segment, the 2011-11-12 and clock daylight-saving-
configured system time BJ one-year 6:0 2012-8-1 6:0
time is date-time. 2012-10-01 1
2011-11-12 09:00:26
Saturday
Name : BJ
Start year : 2012
End year : 2012
Start time : 08-01 06:00:00
End time : 10-01 06:00:00

Fat AP and Cloud AP

Time
If date-time is in the Commands: clock datetime 9:0:0

DST segment, the 2011-11-12 and clock daylight-saving-
configured system time BJ one-year 9:0 2011-11-12 6:0
time is date-time 2011-12-01 2
+offset. Configured system time:
2011-11-12 11:02:21 DST
Saturday
Name : BJ
Start year : 2011
End year : 2011
Start time : 11-12 09:00:00
End time : 12-01 06:00:00
[1], 3, 1 If date-time is not in Commands: clock daylight-saving-time BJ

the DST segment, the one-year 6:0 2012-8-1 6:0 2012-10-01 1
configured system and clock datetime 9:0 2011-11-12
time is date-time. Configured system time:
2011-11-12 09:00:02
Saturday
Name : BJ
Start year : 2012
End year : 2012
Start time : 08-01 06:00:00
End time : 10-01 06:00:00
If date-time is in the Commands: clock daylight-saving-time BJ

DST segment, the one-year 1:0 2011-1-1 1:0 2011-9-1 2 and
configured system clock datetime 3:0 2011-1-1
time is date-time. Configured system time:
2011-01-01 03:00:19 DST
Saturday
Name : BJ
Start year : 2011
End year : 2011
Start time : 01-01 01:00:00
End time : 09-01 01:00:00

Fat AP and Cloud AP

Time
2, 3 or 3, If the result of Commands: clock timezone BJ add 8 and

2 original system time clock daylight-saving-time BJ one-year
± zone-offset is not in 6:0 2011-1-1 6:0 2011-9-1 2
the DST segment, the Configured system time:
configured system
2010-01-01 16:01:29
time is equal to the Friday
original system time Time Zone(BJ) : UTC+08:00:00
± zone-offset. Daylight saving time :
Name : BJ
Start year : 2011
End year : 2011
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
If the result of Commands: clock daylight-saving-time BJ

original system time one-year 1:0 2010-1-1 1:0 2010-9-1 2 and
± zone-offset is in the clock timezone BJ add 8
DST segment, the Configured system time:
configured system
2010-01-01 18:05:31 DST
time is equal to the Friday
original system time Time Zone(BJ) : UTC+08:00:00
± zone-offset ± Daylight saving time :
Name : BJ
offset. Repeat mode : one-year
Start year : 2010
End year : 2010
Start time : 01-01 01:00:00
End time : 09-01 01:00:00
1, 2, 3 or If the value of date- Commands: clock datetime 8:0:0

1, 3, 2 time ± zone-offset is 2011-11-12, clock timezone BJ add 8, and
not in the DST clock daylight-saving-time BJ one-year
segment, the 6:0 2012-1-1 6:0 2012-9-1 2
configured system Configured system time:
time is equal to date-
2011-11-12 08:01:40
time ± zone-offset. Saturday
Name : BJ
Start year : 2012
End year : 2012
Start time : 01-01 06:00:00
End time : 09-01 06:00:00

Fat AP and Cloud AP

Time
If the value of date- Commands: clock datetime 8:0:0

time ± zone-offset is 2011-1-1, clock daylight-saving-time BJ
in the DST segment, one-year 6:0 2011-1-1 6:0 2011-9-1 2 and
the configured clock timezone BJ add 8
system time is equal Configured system time:
to date-time ± zone-
2011-01-01 10:00:43 DST
offset + offset. Saturday
Name : BJ
Start year : 2011
End year : 2011
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
[1], 2, 3, 1 If date-time is not in Commands: clock daylight-saving-time BJ

or [1], 3, the DST segment, the one-year 6:0 2012-1-1 6:0 2012-9-1 2,
2, 1 configured system clock timezone BJ add 8, and clock
time is date-time. datetime 8:0:0 2011-11-12
2011-11-12 08:00:03
Saturday
Name : BJ
Start year : 2012
End year : 2012
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
If date-time is in the Commands: clock timezone BJ add 8,

DST segment, the clock daylight-saving-time BJ one-year
configured system 1:0 2011-1-1 1:0 2011-9-1 2, and clock
time is date-time. datetime 3:0:0 2011-1-1
2011-01-01 03:00:03 DST
Saturday
Name : BJ
Start year : 2011
End year : 2011
Start time : 01-01 01:00:00
End time : 09-01 01:00:00
Example
# Display the current system date and time.
<HUAWEI> display clock

Fat AP and Cloud AP
2012-05-15 20:34:53
Tuesday
Name : BJ
Start year : 2012
End year : 2012
Start time : 08-01 06:00:00
End time : 10-01 06:00:00
Table 3-5 Description of the display clock command output

Item Description
Time Zone Time zone.
Daylight saving time DST.
Name DST name.
Repeat mode DST mode.

● one-year: absolute DST
● repeating: periodic DST
Start year Year from which the DST takes effect.
End year Year when the DST becomes ineffective.
Start time Time when the DST takes effect.
End time Time when the DST becomes ineffective.
Saving time Storage time.
3.2.5 sysname
Function
The sysname command sets the device host name.
The undo sysname command restores the default device host name.
By default, the device host name is HUAWEI.
Format
sysname host-name
undo sysname

Fat AP and Cloud AP
Parameters
host-name Specifies the host name. The value is a string of 1 to 246 case-
sensitive characters with spaces.
Views
System view
Default Level
Usage Guidelines
Changing the host name affects the prompt of the command interface. For
example, if the host name is HUAWEI, the prompt of the user interface is
<HUAWEI>.
Example
# Set the host name to HUAWEIA.
[HUAWEI] sysname HUAWEIA
[HUAWEIA]
3.2.6 ip domain-name
Function
The ip domain-name command sets the default domain name suffix.
The undo ip domain-name command deletes the default domain name suffix.
By default, no default domain name suffix is provided.
Format
ip domain-name domain-name
undo ip domain-name
Parameters
domain-name Specifies the domain name The value is a string of 1 to 255

suffix. characters.

Fat AP and Cloud AP
Views
For a central AP: system view, AP view, AP group view
For a command AP: system view
Default Level
Usage Guidelines
Usage Scenario
Devices with the same system name may exist in different domains. In this case,
you can configure a fully qualified domain name (FQDN) for a device to uniquely
identify it. The FQDN of a device consists of the default domain name suffix and
device name. You can run the ip domain-name command to set the default
domain name suffix and the sysname command to set the device name.
Running the ip domain-name command in the system view can set the default
domain name suffix for the device itself. When running this command in the AP or
AP group view, you can set the default domain name suffix for APs managed the
device.
Precautions
If you run the ip domain-name command multiple times, the latest configuration
overrides the previous configurations.
Example
# Set the domain name suffix to com.cn.
[HUAWEI] ip domain-name com.cn
3.3 UI Configuration Commands
3.3.1 acl (user interface view)

Function
The acl command uses an ACL to restrict login rights of users on a terminal.
The undo acl command cancels the configuration.
By default, login rights are not restricted.
Format
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }

Fat AP and Cloud AP
Parameters
acl-number Specifies the number of an ACL. The value is an integer ranging

from 2000 to 3999.
● 2000-2999: restricts the
source address using the basic
ACL.
● 3000-3999: restricts the
source and destination
addresses using the advanced
ACL.
inbound Restricts users with an address or -

within an address segment to log
in to the device.
outbound Restricts users who have logged -

in to the device from logging in
to other devices.
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command restricts the login rights of a user interface based on the source IP
address, destination IP address, source port, or destination port. You can use this
command to permit or deny access to a destination or from a source.
Prerequisites
Before running this command, run the acl (system view) in the system view and
run the rule (basic ACL view) or rule (advanced ACL view) command to
configure an ACL.
If no rule is configured, login rights on the user interface are not restricted when
the acl command is executed.
Precautions
After the configurations of the ACL take effect, all users on the user interface are
restricted by the ACL.
Only one ACL (an inbound or outbound ACL) can be configured on a user
interface.

Fat AP and Cloud AP
Example
# Restrict the Telnet login rights on user interface VTY 0.
[HUAWEI] acl 3001
[HUAWEI-acl-adv-3001] rule deny tcp source any destination-port eq telnet
[HUAWEI-acl-adv-3001] quit
[HUAWEI-ui-vty0] acl 3001 outbound
# Remove the restriction on the Telnet login rights on user interface VTY 0.
[HUAWEI-ui-vty0] undo acl outbound
3.3.2 authentication-mode (user interface view)

Function
The authentication-mode command configures an authentication mode for the
user interface login.
The undo authentication-mode command deletes the authentication mode
configured for the user interface login.
By default, aaa is used for console login authentication and aaa is used for VTY
login authentication.
Format
authentication-mode { aaa | password }
undo authentication-mode
Parameters
aaa Specifies the AAA authentication mode. -
password Specifies the password authentication mode. -
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
When a user needs to log in to the device through console, Telnet, or SSH, run this
command to configure the authentication mode for the user interface login. After
the configuration is complete, you can still run this command to change the
authentication mode for the user interface login as required.
The AAA authentication mode is more secure and therefore recommended.
Precautions
An authentication mode must be configured for the user interface login.

Otherwise, users cannot log in to the device.
● When password is used for the user interface login, you also need to run the
set authentication password command to configure the authentication
password. You need to enter the correct login password to log in to the
device. Therefore, keep the login password properly. The levels of commands
accessible to a user depend on the level configured for the user interface to
which the user logs in.
● When aaa is used for user interface login authentication, the passwords set
for the user interface are automatically deleted. You need to enter the correct
user name and password to log in to the device. Therefore, keep the login
user name and password properly. The levels of commands accessible to a
user depend on the priority of the local user specified in the AAA
configuration. If no user level is configured for a local AAA user, the user level
of the current user interface is used by default.
● When the undo authentication-mode command is run to delete the
authentication mode configured for the user interface login, you are
prompted to confirm whether to clear the password of the user interface.
Example
# Configure password for VTY login authentication.
[HUAWEI-ui-vty0] authentication-mode password
3.3.3 auto-execute command
Function
The auto-execute command command configures auto-run commands.
The undo auto-execute command command cancels auto-run commands.
By default, the auto-run function is disabled.
Format
auto-execute command command
undo auto-execute command

Fat AP and Cloud AP
Parameters
command Specifies an auto-run command. -
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the auto-execute command command to make the device run a
command automatically on the corresponding interface.
You can run the auto-execute command command to enable automatic
execution for the Telnet command.
Precautions
● The auto-execute command command is applicable to the VTY user
interface.
● When you log in to the device, the device automatically runs the commands
that are configured by the auto-execute command command. The user's
terminal disconnects from the device.
● Before saving the configuration of the auto-execute command command,
ensure that you can log in to the device in other ways so that you can cancel
the command configuration.
● If you use the auto-execute command command, you cannot configure the
device in the user interface view. Therefore, use this command with caution.
Example
# Configure the display version command to automatically run after a user logs
in to the device using the VTY0 interface.
[HUAWEI-ui-vty0] auto-execute command display version
Warning: The system will not be configured through ui-vty0.Continue? [Y/N]: y
3.3.4 databits
Function
The databits command sets the number of data bits of the user interface.
The undo databits command restores the default number of data bits.

Fat AP and Cloud AP
By default, the number of data bits of the user interface is 8.
Format
databits { 5 | 6 | 7 | 8 }
undo databits
Parameters
5 Indicates that the number of data bits is 5. -
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Use this command only when necessary. If the number of data bits of a device's
user interface is changed, ensure that the same number of data bits is set on the
HyperTerminal used for login.
This function takes effect for only serial interfaces.
NOTE
The data bit of the console user interface does not support 5 and 6.
Example
# Set the number of data bits to 7.
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] databits 7
3.3.5 display mib-index interface
Function
The display mib-index interface command displays the index value of an
interface in the MIB.

Fat AP and Cloud AP
Format
display mib-index interface [ interface-type [ interface-number ] ]
Parameters
interface-type Specifies the interface for which the index value is -
interface- displayed.
number
● interface-type: specifies the interface type, for
example, Ethernet.
If the interface type is not specified, the index values
of all interfaces are displayed.
● interface-number: specifies the number of an
interface. It is used with interface-type to specify an
interface.
If the interface number is not specified, the index
values of all interfaces of the type are displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display mib-index interface command as an NMS user to view
the index values of interfaces.
Example
# Display indexes of all interfaces.
<HUAWEI> display mib-index interface
IfName IfIndex PortIndex
--------------------------------------------------
GigabitEthernet0/0/0 8 0
NULL0 2 --
Vlanif1 13 --
Vlanif33 14 --
Vlanif2001 5 --
Wlan-Bss0 7 1
Wlan-Radio0/0/0 6 --
Table 3-6 Description of the display mib-index interface command output
Item Description
IfName Interface name.

Fat AP and Cloud AP
Item Description
IfIndex Index value of an interface.
PortIndex Index value of a port.
3.3.6 display user-interface

Function
The display user-interface command displays information about a user interface.
Format
display user-interface [ ui-type ui-number1 | ui-number ] [ summary ]
Parameters
ui-type Displays information about a The value can be Console or VTY.
specified user interface.
ui-number1 Displays information about a The minimum value is 0. The
user interface with a specified maximum value is smaller by 1
relative number. than the number of user interfaces
the system supports.
ui-number Displays information about a The value is an integer ranging
user interface with a specified from 0 to 25. The value varies
absolute number. according to the device type.
summary Displays the summary of a -

user interface.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Using the display user-interface command, you can view detailed configuration
information about all user interfaces or a specified user interface.
NOTE
Lower-level users cannot gain access to a user interface information about users of higher
levels.

Fat AP and Cloud AP
Example
# Display detailed information about the user interface with the absolute number
0.
<HUAWEI> display user-interface 0
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
+ 0 CON 0 9600 - 15 15 P -
+ : Current UI is active.
Idx : Absolute index of UIs.
Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Int : The physical location of UIs.
# Display detailed information about all user interfaces.

<HUAWEI> display user-interface
+ 0 CON 0 9600 - 15 15 P -
+ 129 VTY 0 - 0 15 A -
130 VTY 1 - 0 0 A -
131 VTY 2 - 0 0 A -
132 VTY 3 - 0 0 A -
133 VTY 4 - 0 0 A -
145 VTY 16 - 0 0 A -
146 VTY 17 - 0 0 A -
147 VTY 18 - 0 0 A -
148 VTY 19 - 0 0 A -
149 VTY 20 - 0 0 A -
150 Web 0 - 15 0 A -
151 Web 1 - 15 0 A -
152 Web 2 - 15 0 A -
153 Web 3 - 15 0 A -
154 Web 4 - 15 0 A -
155 XML 0 - 0 0 A -
156 XML 1 - 0 0 A -
157 XML 2 - 0 0 A -
+ 168 XML 0 - 15 15 N -
UI(s) not in async mode -or- with no hardware support:
1-128
Table 3-7 Description of the display user-interface command output

Parameter Description
+ Active user interface.
Idx Absolute number of a user interface.

Fat AP and Cloud AP
Type Type and relative number of a user interface.

● CON: Login through the console port
● VTY: Login through Telnet or SSH.
● Web: Login through the web platform
● XML: Login through the upper-layer NMS, which
communicates with the local device using
NETCONF
Tx/Rx Data transfer rate of the user interface.
Modem Type of the modem. The value - indicates that the

hardware does not support the modem.
Privi Authority configured on a user interface.
ActualPrivi Actual permission of a user interface. In the case of

the AAA authentication mode, the level of a local
user in AAA configuration is the actual permission.
Auth Authentication mode on a user interface.

● A: AAA authentication.
● N: No authentication on the current user
interface.
● P: Password authentication.
Int User interface.
UI(s) not in async mode - Interfaces numbered from 1 to 128 are UI interfaces
or- with no hardware that are working in synchronous mode or are not
support: 1-128 supported by the hardware. Currently, the WLAN
supports only the asynchronous mode.
3.3.7 display user-interface maximum-vty
Function
The display user-interface maximum-vty command displays the maximum
number of VTY users.
Format
display user-interface maximum-vty
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display user-interface maximum-vty command to view the
maximum number of users who connect to the device using Telnet or SSH. By
default, the total number of Telnet users and SSH users is five maximum.
Example
# Display the maximum number of VTY users.
<HUAWEI> display user-interface maximum-vty
Maximum of VTY user : 5
Table 3-8 Description of the display user-interface maximum-vty command output
Maximum of VTY user Maximum number of VTY users.

The maximum number of VTY users can be
configured using the user-interface maximum-
vty command.
3.3.8 display users
Function
The display users command displays login information for each user interface.
Format
display users [ all ]
Parameters
all Displays information about all users who log in to the device -
through user interfaces, including information about user
interfaces that are not used. If the all parameter is not used,
the command displays only information about user interfaces
that have been connected.

Fat AP and Cloud AP
Views
All views
Default Level
3: Management level
Usage Guidelines
You can run this command to view information about users who are connected to
the device. The information includes the user name, IP address, and authentication
and authorization information.
NOTE
Lower-level users cannot gain access to information about users of higher levels.
Example
# Run the display users command to view information about users who log in to
the device through the user interface.
<HUAWEI> display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
+ 130 VTY 1 00:00:00 TEL 10.164.6.15 pass
Username : user2
Network Address : 172.16.1.1
,
Table 3-9 Description of the display users command output
Item Description
+ Terminal line in use.
User-Intf The number in the first column indicates the absolute

number of the user interface, and the number in the second
column indicates the relative number of the user interface.
Delay Interval from the user's latest input to the current time, in
seconds.
Type Connection type.

● Console
● Telnet
● SSH
● Web
Network Indicates the initial connection location.

Address
Username User name for logging in to the device. If the user name is
not specified, Unspecified is displayed.

Fat AP and Cloud AP
Item Description
AuthenStatus Whether the authentication succeeds.
AuthorcmdFlag Command line authorization status.
3.3.9 display vty lines
Function
The display vty lines command lists the number of rows displayed on the VTY
screen.
Format
display vty lines
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# List the number of lines displayed on the VTY screen.
<HUAWEI> display vty lines
Current VTY lines is 24
3.3.10 display vty mode
Function
The display vty mode command displays the current VTY mode.
Format
display vty mode

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
VTY modes are classified into the man-to-machine mode and machine-to-machine
mode. You can run this command to check the current VTY mode.
Example
# Display the VTY mode.
<HUAWEI> display vty mode
Current user-interface mode is Human-Machine interface.
3.3.11 free user-interface

Function
The free user-interface command disconnects the device from a specified user
interface.
Format
free user-interface { ui-number | ui-type ui-number1 }
Parameters
ui-number Specifies the absolute The value is an integer ranging from 0
number of a user interface. to 25. The value varies according to the
device type.
ui-type Specifies the type of a user The value can be Console, or VTY.
interface.
ui-number1 Specifies the relative The minimum value is 0. The
number of a user interface. maximum value is smaller by 1 than
the number of user interfaces the
system supports.
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If a user logs in to the device and does not perform an operation or you want to
forbid a user from performing operations on the device, you can run the free
user-interface command to disconnect a specified user's terminal from the device.
After the command is executed, the device logs out the user.
Precautions
The free user-interface command cannot be executed on the current user
interface. For example, if the current user interface is VTY 2, the free user-
interface vty 2 command fails to be executed on VTY 2 and an error message is
displayed.
Example
# Disconnect the device from user-interface 0.
<HUAWEI> free user-interface 0
Warning: User interface Console0 will be freed. Continue? [Y/N]:y
3.3.12 history-command max-size

Function
The history-command max-size command sets the size of the historical
command buffer.
The undo history-command max-size command restores the default size of the
historical command buffer.
By default, a maximum of 10 previously-used commands can be saved in the
buffer.
Format
history-command max-size size-value
undo history-command max-size
Parameters
size-value Specifies the size of the historical The value is an integer ranging
command buffer. from 0 to 256.
Views
User interface view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
The CLI can automatically save the historical commands that you enter. This
function is similar to that of Doskey. You can invoke and run the historical
commands at any time.
Example
# Set the size of the historical command buffer to 20.
[HUAWEI-ui-console0] history-command max-size 20
3.3.13 idle-timeout
Function
The idle-timeout command sets the timeout duration for disconnection from a
user interface.
The undo idle-timeout command restores the default timeout duration.
By default, the timeout duration is 5 minutes.
Format
idle-timeout minutes [ seconds ]
undo idle-timeout
Parameters
minutes Specifies the idle timeout The value is an integer ranging from
duration, in minutes. 0 to 35791, in minutes.
seconds Specifies the idle timeout The value is an integer ranging from
duration, in seconds. 0 to 59, in seconds.
Views
User interface view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
If a user logs in to the device and does not perform an operation, the user
interface is occupied unnecessarily. You can run the idle-timeout command to
disconnect the user's terminal from the device.
Precautions
● To disable the user interface disconnection function, run the idle-timeout 0 0

command.
● If the user interface disconnection function is not configured, user connection
will never times out, bringing security risks, and other users may fail to log in
to the device.
● You are advised to set the timeout duration to 10-15 minutes.
NOTE
If AAA authentication is required for login users, the timeout duration configured by the
local-user idle-timeout command takes effect. If no timeout duration is configured or the
undo local-user idle-timeout command is executed in the AAA view, the timeout duration
configured by the idle-timeout command on the user interface takes effect.
Example
# Set the timeout duration to 1 minute and 30 seconds.
[HUAWEI-ui-console0] idle-timeout 1 30
3.3.14 mmi-mode enable
Function
The mmi-mode enable command enters the machine-to-machine mode.
The undo mmi-mode enable command enters the man-to-machine mode.
By default, a user is in man-to-machine mode.
Format
mmi-mode enable
undo mmi-mode enable
Parameters
None
Views
User view, system view

Fat AP and Cloud AP
Default Level
0: Visit level
Usage Guidelines
Usage Scenario
For example, to execute a series of commands that have been commissioned, you
can switch the VTY mode to the machine-to-machine mode.
Precautions
After you enter the machine-to-machine mode using the mmi-mode enable
command, commands that you need to use with caution can be used directly.
Therefore, in man-to-machine mode, do not use this command unless necessary.
Example
# Enter the machine-to-machine mode.
[HUAWEI] mmi-mode enable
3.3.15 parity
Function
The parity command sets the parity bit of a user interface.
The undo parity command disables the parity check.
By default, no parity check is configured.
Format
parity { even | none | odd }
undo parity
Parameters
even Specifies even parity check. -
none Specifies no parity check. -
odd Specifies odd parity check. -
Views
User interface view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Example
# Set the transmission parity bit on the console interface to odd parity.
[HUAWEI-ui-console0] parity odd
3.3.16 protocol inbound

Function
The protocol inbound command specifies the protocols that the VTY user
interface supports.
By default, the system supports SSH.
NOTE
If Telnet is enabled on a device before it is upgraded, Telnet and SSH are enabled by default
after the device is upgraded.
Format
protocol inbound { all | ssh | telnet }
Parameters
all Indicates that all protocols including SSH and Telnet are -
supported.
ssh Indicates that only SSH is supported. -
telnet Indicates that only Telnet is supported. -
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To manage and monitor login users, configure the VTY user interface for login
users and run the protocol inbound command to configure the protocols that the
VTY user interface supports.

Fat AP and Cloud AP
Prerequisites
If SSH is configured for the user interface using the protocol inbound command,
you must configure the authentication-mode aaa authentication mode to ensure
successful logins. If the password authentication mode is configured, the protocol
inbound ssh command cannot be executed.
Precautions
● The configuration takes effect at the next login.
● When SSH is specified for the VTY user interface, the SSH server function is
enabled, and the RSA key is not configured, a user cannot log in to the SSH
server using SSH.
Example
# Configure SSH for user interfaces VTY0 to VTY4.
[HUAWEI-ui-vty0-4] authentication-mode aaa
[HUAWEI-ui-vty0-4] protocol inbound ssh
3.3.17 screen-length
Function
The screen-length command sets the number of lines on each terminal screen
after you run a command.
The undo screen-length command restores the default configuration.
By default, the number of lines to be displayed on a terminal screen is 24.
Format
screen-length screen-length [ temporary ]
undo screen-length [ temporary ]
Parameters
screen-length Specifies the number of lines The value is an integer that

displayed on a terminal screen. ranges from 0 to 512. The
value 0 indicates that all
command output is
displayed on one screen.

Fat AP and Cloud AP
temporary Specifies the number of lines -

temporarily displayed on a terminal
screen.
In the user view, the temporary
parameter is mandatory.
Views
User interface view, User view
Default Level
3: Management level (User interface view)
0: Visit level (User view)
Usage Guidelines
If you run a command and its output is displayed in more lines than you can see
on one screen, you can reduce the number of lines displayed on each screen.
In general, you do not need to change the number of lines displayed on each
screen. Setting the number of lines to 0 is not recommended. The configuration
takes effect after you log in to the system again.
Example
# Set the number of lines on each screen of the terminal to 30.
[HUAWEI-ui-console0] screen-length 30
3.3.18 screen-width
Function
The screen-width command sets the number of columns displayed on a terminal
screen.
The undo screen-width command restores the default configuration.
By default, 132 columns are displayed on a terminal screen.
Format
screen-width screen-width [ temporary ]
undo screen-width [ temporary ]

Fat AP and Cloud AP
Parameters
screen-width Specifies the width of a terminal The value is an integer

screen. ranging from 60 to 512.
temporary Specifies the temporary width of a -

terminal screen.
Views
Console user interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When logging in to a device using the terminal tool, you can run this command to
adjust the screen width on the device to the same as that specified by the
terminal tool to prevent garbled lines.
Precautions
The configured number of columns displayed on a terminal screen takes effect
only on users logging in through the console port but does not affect those
logging in through VTY or other interfaces.
If you run the screen-width command multiple times, only the latest configuration
takes effect.
Example
# Set the screen width to 100.
[HUAWEI-ui-console0] screen-width 100
3.3.19 set authentication password

Function
The set authentication password command configures a local authentication
password.
By default, no local authentication password is configured.
Format
set authentication password cipher

Fat AP and Cloud AP
Parameters
cipher Indicates a password in ciphertext. -
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run this command to change the password for users requiring password
authentication.
Pre-configuration Tasks
Password authentication has been configured for the user interface.
Precautions
● The password must meet the following requirements:
– The local user password is a string of 8 to 128 case-sensitive characters.
– The password must contain at least two of the following characters:
upper-case character, lower-case character, digit, and special character.
The special characters include spaces and the following: `~!@#$%^&*()-
_=+\|[{}];:'",<.>/?
● A password entered in interactive mode is not displayed on the screen. The
configuration file displays only the password encrypted using an irreversible
encryption algorithm.
● You can press CTRL_C to cancel the password setting in interaction mode.
● If a password in ciphertext is configured, enter a ciphertext password contains
68 characters but users must obtain the clear text password. When logging in
to the system, you must enter the password in clear text.
● If password authentication is configured but no password is configured, the
user cannot log in to the device.
● If the set authentication password command is executed multiple times, the
latest configuration overrides the previous ones. You can run this command to
change the local authentication password. After the password is changed, a
user who wants to log in to the device must enter the latest password for
login authentication.
Example
# Set a local authentication password for the user interfaces VTY 0-4.

Fat AP and Cloud AP
[HUAWEI-ui-vty0-4] set authentication password cipher
Info: A plain text password is a string of 8 to 128 case-sensitive characters and must be a combination of at
least two of the follo
wing: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (including spaces and
the following :`~!@#$
%^&*()-_=+\|[{}];:'",<.>/?). A cipher text password contains 68 characters.
New Password:
Confirm New Password:
3.3.20 shell
Function
The shell command enables terminal services on a user interface.
The undo shell command disables terminal services on a user interface.
By default, terminal services are enabled on all user interfaces.
Format
shell
undo shell
Parameters
None
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To log in to a device through a console, or Virtual Type Terminal (VTY), you can
use the shell command to enable terminal services on the user interface.
Otherwise, you will fail in logging in to the device through the user interface.
To configure or maintain the parameters of a user interface, the undo shell
command can be used to disable terminal services on the user interface. During
this period, you cannot log in to the device using the interface. After completing
the configuration for the parameters of the user interface, the shell command
must be used to enable terminal services on the user interface. Otherwise,
authorized users may fail to log in to the device through the interface.
Implementation Procedure
When the undo shell command is executed, determine whether to disable
terminal services on the user interface when the system displays a message like

Fat AP and Cloud AP
Warning: ui-vty0-4 will be disabled. Continue? [Y/N]:. Users may fail to log in
to the device through the port after the terminal services are disabled. Exercise
caution before disabling terminal interfaces on a user interface.
Precautions
After the undo shell command is executed in the VTY user interface view to
disable terminal services on the VTY user interface, users cannot log in to the
device using Telnet, Stelnet, and SFTP through the VTY user interface.
The undo shell command cannot be used in the interface view through which the
user logs in.
The console user interface does not support this command.
Example
# Disable terminal services on VTY 0 to VTY 4.
[HUAWEI-ui-vty0-4] undo shell
Warning: ui-vty0-4 will be disabled. Continue? [Y/N]:y
3.3.21 speed (user interface view)

Function
The speed command sets the data transfer rate of a user interface.
The undo speed command restores the default data transfer rate of a user
interface.
By default, the data transfer rate is 9600 bit/s.
Format
speed speed-value
undo speed

Fat AP and Cloud AP
Parameters
speed-value Specifies the data The value is expressed in bit/s.
transfer rate of a
user interface. The asynchronous serial interface supports the
following data transfer rates:
● 600 bit/s
● 1200 bit/s
● 4800 bit/s
● 9600 bit/s
● 19200 bit/s
● 38400 bit/s
● 57600 bit/s
● 115200 bit/s
NOTE
The console user interface does not support 600 bit/s
and 1200 bit/s.
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Example
# Set the data transfer rate of a user interface to 115200 bit/s.
[HUAWEI-ui-console0] speed 115200
3.3.22 stopbits
Function
The stopbits command sets the stop bit of a user interface.
The undo stopbits command restores the default stop bit of a user interface.
By default, the stop bit is 1.

Fat AP and Cloud AP
Format
stopbits { 1.5 | 1 | 2 }
undo stopbits
Parameters
1.5 Sets the stop bit to 1.5. -
1 Sets the stop bit to 1. -
2 Sets the stop bit to 2. -
Views
User interface view
Default Level
3: Management level
Usage Guidelines
If the stop bit is 1, the corresponding data bit is 7 or 8.
If the stop bit is 1.5, the corresponding data bit is 5.
If the stop bit is 2, the corresponding data bit is 6, 7, or 8.
NOTE
On the console user interface, the stop bit 1.5 is not supported.
Example
# Set the stop bit of a user interface to 2.
[HUAWEI-ui-console0] stopbits 2
3.3.23 user privilege

Function
The user privilege command configures the user level.
The undo user privilege command restores the default user level.
By default, users who log in to the device using the console interface are at level
15 and other users are at level 0.

Fat AP and Cloud AP
Format
user privilege level level
undo user privilege level
Parameters
level level Specifies the user level. The value is an integer ranging from 0 to
15.
Views
User interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The system manages users at levels to control their access permissions. Users who
log in to the device can use only commands at the same or lower level than their
own levels.
Commands are classified into the visit level, monitoring level, configuration level,
and management level that map levels 0, 1, 2, and 3, as listed in Table 3-10.
Table 3-10 Introduction to command levels
User Comm Permiss Description

Level and ion
Level
0 0 Visit Commands at this level are diagnosis commands

such as ping and tracert commands and
commands that are used to access a remote
device such as STelnet clients.
1 0 and 1 Monitor Commands at this level are system maintenance

ing commands such as display commands.
NOTE
Some display commands are not at this level. For
example, the display current-configuration and
display saved-configuration commands are at level 3.
2 0, 1, Configu Commands at this level are service configuration

and 2 ration commands.

Fat AP and Cloud AP
User Comm Permiss Description

Level and ion
Level
3-15 0, 1, 2, Manage Commands at this level are system basic

and 3 ment operation commands that support services,
including file system, FTP, TFTP, user management
commands, command level configuration
commands, and debugging commands.
Precautions
If refined right management is required, run the command-privilege level

command to upgrade command levels.
Example
# Set the user level on the VTY0 user interface to 2.
[HUAWEI-ui-vty0] user privilege level 2
# Log in to the device using STelnet and view detailed information about the VTY0
user interface.
<HUAWEI> display user-interface vty0
+ 129 VTY 0 - 2 15 N -
F : Current UI is active and work in async mode.
Table 3-11 Description of the user privilege level command output.
Item Description
+ Current user interface is active.
F Current user interface is active and work is in

asynchronous mode.
Idx Absolute index of user interface.
Type Type and relative index of user interface.
Privi The privilege of user interface.
ActualPrivi The actual privilege of user interface.

Fat AP and Cloud AP
Item Description
Auth The authentication mode of user interface.
Int The physical location of UIs.
A Authenticate use AAA.
N The current user interface need not be

authenticated.
P Authenticates the user using the password

configured on the current user interface.
3.3.24 user-interface
Function
The user-interface command displays one or multiple user interface views.
Format
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
Parameters
ui-type Specifies the type of a user interface. The value can be console
or vty.
● If the user interface is specified,
the relative number is used.
● If the user interface is not
specified, the absolute number is
used.
first-ui- Specifies the number of the first user ● If ui-type is set to

number interface. console, the first-ui-
number value is 0.
● If ui-type is set to vty,
the first-ui-number
value ranges from 0 to
the maximum number
of VTY user interfaces.

Fat AP and Cloud AP

last-ui- Specifies the number of the last user -
number interface. When you select this
parameter, you enter multiple user
interface views at the same time.
This parameter is valid only when ui-
type is set to VTY. The last-ui-number
value must be larger than the first-
ui-number number.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When the network administrator logs in to the device using the console interface,
Telnet, or SSH, the system manages and monitors the session between the user
and the device on the corresponding user interface. Each user interface
corresponds a user interface view. The network administrator can set parameters
such as authentication and user level to manage sessions in a unified manner.
Precautions
The user interface varies according to the login mode. The user interface views can
be numbered using absolute numbers or relative numbers. Table 3-12 describes
absolute and relative numbers of user interfaces.
NOTE
● The relative numbering uniquely specifies a user interface or a group of user interfaces
of the same type.
● The absolute numbering specifies a user interface or a group of user interfaces.
Table 3-12 Absolute and relative numbers of user interfaces
User Description Absolute Relative Number

Interface Number
Console Manages and controls 0 0

user users that log in to the
interface device using the console
interface.

Fat AP and Cloud AP
User Description Absolute Relative Number

Interface Number
VTY user Manages and controls 5 to 19 The first one is VTY 0,

interface users that log in to the the second one is VTY
device using Telnet or 1, and so forth.
SSH. Absolute numbers 5 to
19 map relative
numbers VTY 0 to VTY
14.
After you log in to the device, you can run the display user-interface command
to view the supported user interfaces and the corresponding relative and absolute
numbers.
Example
# Enter the Console 0 user interface.
[HUAWEI-ui-console0]
# Enter the VTY 1 user interface.

[HUAWEI-ui-vty1]
# Enter the VTY 1 to VTY 3 user interfaces.

[HUAWEI-ui-vty1-3]
3.3.25 user-interface current
Function
The user-interface current command displays the current user interface view.
Format
user-interface current
Parameters
None
Views
System view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
To enter the current user interface view, run the display user-interface command
without the user interface number.
Example
# Enter the current user view.
[HUAWEI] user-interface current
[HUAWEI-ui-vty1]
3.3.26 user-interface maximum-vty
Function
The user-interface maximum-vty command configures the maximum number of
login users.
The undo user-interface maximum-vty command restores the default maximum

number of login users.
By default, the maximum number of Telnet and SSH users is 5.
Format
user-interface maximum-vty number
undo user-interface maximum-vty
Parameters
number Specifies the maximum number of The value is an integer ranging
Telnet and SSH users. from 0 to 15.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
The user-interface maximum-vty command configures the maximum number of

login users.
Precautions
● If the maximum number that you set is smaller than the number of current
online users, the system displays a configuration failure message.
● The maximum number of login users set by the user-interface maximum-vty
command is the total number of Telnet and SSH users.
● If the maximum number of login users is set to 0, no user is allowed to log in
to the device using Telnet or SSH.
Example
# Set the maximum number of Telnet users to 7.
[HUAWEI] user-interface maximum-vty 7
3.4 User Login Configuration Commands
3.4.1 config lock

Function
The config lock command locks the system configuration.
The undo config lock command unlocks the system configuration.
By default, the system configuration is unlocked.
Format
config lock
undo config lock
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
To prevent other users from modifying or deleting configured data, you can run
the config lock command to lock the configuration management plane before
data configuration. After completing data configuration, run the undo config lock
command to unlock the configuration management plan so that other users can
perform data configuration.
Precautions
The locked system configuration can be unlocked by only the user who locks it,
the super administrator (run the user privilege command to set the user level to
15), or the network management system (NMS) user.
Example
# Lock the system configuration.
[HUAWEI] config lock
The system config is locked
# Unlock the system configuration.

[HUAWEI] undo config lock
The system config is unlocked
3.4.2 config unlock interval
Function
The config unlock interval command configures the interval for unlocking a
device.
The default interval is 5 minutes.
Format
config unlock interval time
Parameters
time Specifies the interval for The value is an integer ranging from
unlocking a device. 1 to 255, in minutes.
Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
If the device configuration is clocked by the config lock command, other users
cannot modify the configuration. In this case, the config unlock interval
command can be used to configure the unlock interval, after which the device
configuration is unlocked automatically.
Precautions
This command can be used by only the super administrator (run the user
privilege command to set the user level to 15) and NMS user.
If you run the command multiple times, only the latest configuration takes effect.
The unlocking interval starts from the last time the current user configures the
system.
Example
# Set the unlock interval to 2 minutes.
<HUAWEI>system-view
[HUAWEI]config unlock interval 2
# The following message is displayed when the configured unlock interval arrives.
[HUAWEI]
The system config is unlocked
3.4.3 console ble-mode (system view)
Function
The console ble-mode command configures the mode of Bluetooth-based
console port login.
The undo console ble-mode command restores the default mode of Bluetooth-
based console port login.
By default, the mode of Bluetooth-based console port login on a Fat AP is

persistent, and the mode of Bluetooth-based console port login on a cloud AP is
dynamic.
This command is available only for Bluetooth-supported APs.
Format
Command format for Fat APs: console ble-mode { persistent | disable }
Command format for cloud APs: console ble-mode { dynamic | persistent |

disable }
undo console ble-mode

Fat AP and Cloud AP
Parameters
dynamic Sets the mode of Bluetooth-based console port login to -

dynamic. In this mode, when a cloud AP is disconnected from
the SDN controller, Bluetooth-based console port login is
automatically enabled; when the link between the AP and
SDN controller is normal, Bluetooth-based console port login
is disabled.
persistent Sets the mode of Bluetooth-based console port login to -

persistent. Bluetooth-based console port login remains
enabled in this mode.
disable Disables Bluetooth-based console port login. -
Views
System view
Default Level
Usage Guidelines
Usage Scenario
If Bluetooth-based console port login is enabled on an AP, STAs can be connected

to the AP through Bluetooth and use the CloudCampus APP to log in to the AP
through the console port, facilitating fault diagnosis and debugging of the AP.
Example
# Set the mode of Bluetooth-based console port login to persistent.
[HUAWEI] console ble-mode persistent
3.4.4 display config lock
Function
The display config lock command displays lock information about the system
configuration.
Format
display config lock

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
Usage Guidelines
The information includes whether the system configuration is locked and the lock
duration If you cannot configure the AP after login, run this command. The
command output helps you locate faults. If the system configuration is locked, the
command output includes the following: type, name, and IP address of the user
who locks the configuration. If no IP address is available, locked user IP address
is blank.
If the current system configuration is locks by a user (user A), only users at the
same level as or higher level than user A can query user A information. If users at
a lower level queries user A information, the system displays a message indicating
that the system configuration is locked by a user with a higher level.
Example
# Display lock information about the system configuration (when configuration is
not locked).
<HUAWEI> display config lock
------------------------------------------------------------------------------
automatically unlocked interval(minute): 5
locked state: unlocked
------------------------------------------------------------------------------
Table 3-13 Description of the display config lock command output
Item Description
automatically unlocked Interval after which the system

interval(minute) automatically unlocks the
configuration, in minutes.
locked state Whether the system configuration is

locked. The values are as follows:
● locked: indicates that the system
configuration is locked.
● unlocked: indicates that the system
configuration is not locked.

Fat AP and Cloud AP
# Display lock information about the system configuration (when configuration is

locked).
<HUAWEI> display config lock
------------------------------------------------------------------------------
automatically unlocked interval(minute): 5
locked state: locked
locked user type: telnet
locked user name: test
locked user IP address: 192.168.0.1
------------------------------------------------------------------------------
Table 3-14 Description of the display config lock command output
Item Description
automatically unlocked Interval after which the system

interval(minute) automatically unlocks the
locked state Whether the system configuration is

locked. The values are as follows:
● locked: indicates that the system
configuration is locked.
● unlocked: indicates that the system
configuration is not locked.
locked user type Type of the user who locks the system
configuration. The user can be any of
the following types: NMS user, serial
port user, Telnet user, and web user.
locked user name Name of the user who locks the system
configuration.
locked user IP address IP address of the user who locks the

system configuration. If no IP address is
available, locked user IP address is
blank.
3.4.5 display console ble-mode
Function
The display console ble-mode command displays the mode of Bluetooth-based
console port login.
This command is available only for Bluetooth-supported APs.
Format
display console ble-mode

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the mode of Bluetooth-based console port
login. To configure the mode of Bluetooth-based console port login, run the
console ble-mode command.
Example
# Display the mode of Bluetooth-based console port login.
<HUAWEI> display console ble-mode
Current ble console mode is persistent
Table 3-15 Description of the display console ble-mode command output
Item Description
Current ble console mode is persistent Displays the current mode of

Bluetooth-based console port login is
persistent mode.
3.4.6 display rsa local-key-pair public

Function
The display rsa local-key-pair public command displays information about public
keys in the local key pair.
Format
display rsa local-key-pair public
Parameters
None
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
You can run this command on the client and configure the client public key in the
command output to the SSH server. This ensures that the SSH client validity check
by the SSH server is successful and enables the secure data exchange between the
SSH server and client.
Example
# Display information about public keys in the local key pair.
<HUAWEI> display rsa local-key-pair public
=====================================================
Time of Key pair created: 2011-10-06 16:26:37+00:00

Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
D538B7FC 3AFE1F5B F6C921F9 3D8C5322
905F623A
F0123161 3DA61EEB F5E897CF DC126060
546CC84E
B2AB7424 3EFF5D71 D84C5FE2 3E2BF5B3
D82DD979
A22E4AA1
0203
010001
=====================================================
Time of Key pair created: 2011-10-06 16:26:53+00:00

Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
C51C2C01 56B06E6C EBF9055C F7AD9781
46B41A31
5FC87282 E53CFE30 8E6321D3 AC74E948
0A010339
E67C290E 2E0E8E40 BF5E1C97 F9C856EF
568DC159
1A6D28ED AFFB474B 43EFB632 CFB0875F
85420EEA
1919095B A5BC38D0 5FFF169E
0BDB3DC3
0203
010001

Fat AP and Cloud AP
Table 3-16 Description of the display rsa local-key-pair public command output
Item Description
Time of Key pair created Time and date when the public key was
created.
Key name Public key name. The value can be the

host or server public key. The server
public key is saved only when the key
type is RSA.
Key type Public key type.
Key code Public key code.
3.4.7 display rsa peer-public-key

Function
The display rsa peer-public-key command displays the peer public key saved on
the local host. If no parameter is specified, the command displays detailed
information about all peer public keys.
Format
display rsa peer-public-key [ brief | name key-name ]
Parameters
brief Displays the brief information -
about all peer public keys.
name key-name Specifies the key name. The value is a string of 1 to 30
case-insensitive characters
without spaces.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run this command to check detailed information about the RSA public key
and whether the local and peer public keys are the same.

Fat AP and Cloud AP
Precautions
You must complete the RSA public key configuration before running this
command.
Example
# Display the brief information about all RSA public keys.
<HUAWEI> display rsa peer-public-key brief
Name Bits
-------------------------------------
rsakey001 780
Table 3-17 Description of the display rsa peer-public-key brief command output
Item Description
Bits Bits in the public key.
Name Name of the public key.
# Display the detailed information about the RSA public key named rsakey001.
<HUAWEI> display rsa peer-public-key name rsakey001
=====================================
Key name: rsakey001
=====================================
Key Code:
3067
0260
A3158E6C F252C039 135FFC45 F1E4BA9B 4AED2D88 D99B2463 3E42E13A 92A95A37
45CDF037 1AF1A910 AAE3601C 2EB70589 91AF1BB5 BD66E31A A9150911 859CAB0E
1E10548C D70D000C 55A1A217 F4EA2F06 E44BD438 DA472F14 3FB7087B 45E77C05
0203
010001
Table 3-18 Description of the display rsa peer-public-key name command output
Item Description
Key name Name of the public key.
Key Code Code of the public key.
3.4.8 display ssh server

Function
The display ssh server command displays the SSH server information.
Format
display ssh server { status | session }

Fat AP and Cloud AP
Parameters
status Displays the global configuration on the SSH server. -
session Displays the current session connection information on the -

SSH server.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After configuring the SSH attributes, you can run this command to view the
configuration or session connection information on the SSH server to verify that
the SSH connection has been established.
Example
# Display the global configuration on the SSH server.
<HUAWEI> display ssh server status
SSH version :2.0
SSH connection timeout :120 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
Stelnet server :Enable
Table 3-19 Description of the display ssh server status command output
Item Description
SSH version SSH protocol version.
SSH connection timeout SSH connection timeout interval, in seconds.

To configure this parameter, run the ssh server
timeout command.
SSH server key generating Key update period of the SSH server.
interval To configure this parameter, run the ssh server
rekey-interval command.
SSH Authentication retries Number of times for retrying SSH authentication.

To configure this parameter, run the ssh server
authentication-retries command.

Fat AP and Cloud AP
Item Description
SFTP Server Whether the SFTP server is enabled.

To configure this parameter, run the sftp server
enable command.
Stelnet server Whether the STelnet server is enabled.

To configure this parameter, run the stelnet
server enable command.
# Display the current session connection information on the SSH server.

<HUAWEI> display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES128_CBC run password john
--------------------------------------------------------------------
Table 3-20 Description of the display ssh server session command output
Item Description
Conn VTY connection.
Ver Version number.
Encry Encryption mode: 3DES_CBC,

AES128_CBC, AES256_CBC,
AES128_CTR, and AES256_CTR
State Session status on the SSH server.
Auth-type Authentication mode for an SSH user.

The options are as follows:
● password
● rsa
● password-rsa (password and RSA)
● ecc
● password-ecc (password and ecc)
● all (password, ECC, or RSA)
To configure this parameter, run the ssh
user authentication-type command.
Username User name for SSH server

authentication.

Fat AP and Cloud AP
3.4.9 display ssh user-information
Function
The display ssh user-information command displays the configuration of all SSH
users.
Format
display ssh user-information [ username ]
Parameters
username Displays the SSH user The value is a string of 1 to 64 case-

name. insensitive characters without spaces.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command displays the SSH user name, bound RSA public key name, and
service type.
Example
# Display the configuration of all SSH users.
<HUAWEI> display ssh user-information
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
a password null
-------------------------------------------------------------------------------
Table 3-21 Description of the display ssh user-information command output
Item Description
Username SSH user name.

Fat AP and Cloud AP
Item Description
Auth-type Authentication mode for an SSH user. The options

are as follows:
● password
● rsa
● password-rsa (password and RSA)
● all (password or RSA)
Run the ssh user authentication-type command
to set this item.
User-public-key-name Peer RSA public key assigned to an SSH user.

Run the rsa peer-public-key command to set this
item.
3.4.10 display telnet server status

Function
The display telnet server status command displays the status and configuration
of the Telnet server.
Format
display telnet server status
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
● You can run this command to check whether the device functions as a Telnet
server.
● You can run this command to check the listening port number of the Telnet
server if you have set the port number by running the telnet server port
port-number command.
Example
# Display the status and configuration of the Telnet server.

Fat AP and Cloud AP
<HUAWEI> display telnet server status

TELNET IPV4 server :Enable
TELNET server port :23
Table 3-22 Description of the display telnet server status command output
Item Description
TELNET IPV4 server IPv4 Telnet server.
TELNET server port Listening port number of the Telnet

server.
3.4.11 display telnet-client
Function
The display telnet-client command displays the source parameters when the
device works as a Telnet client.
Format
display telnet-client
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After setting source parameters of the Telnet client, you can run this command to
check the setting result. If you have not set telnet client-source, the default
source IP address is 0.0.0.0.
Example
# Display the source parameters for the device that works as a Telnet client.
<HUAWEI> display telnet-client
The source address of telnet client is 1.1.1.1

Fat AP and Cloud AP
Table 3-23 Description of the display telnet-client command output

Item Description
The source address of telnet client is The source IP address of the Telnet
1.1.1.1 client is 1.1.1.1.
3.4.12 display ecc local-key-pair public

Function
The display ecc local-key-pair public command displays information about the
public key in the local Elliptic Curves Cryptography (ECC) key pair.
Format
display ecc local-key-pair public
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the display ecc local-key-pair public command to check information
about the public key in the local ECC key pair on a client and then copy the public
key to the server. The public key enables a server to authenticate users and
ensures the login of authorized users.
You must run the ecc local-key-pair create command to generate a local ECC
host key pair before using the command.
Example
# Display information about the public key in the local ECC key pair on a client.
<HUAWEI> display ecc local-key-pair public
=====================================================
Time of Key pair created:2016-10-19 11:50:20+00:00
Key name : HUAWEI_Host_ECC
Key modulus : 521
Key type : ECC encryption Key

Fat AP and Cloud AP
Key fingerprint:
=====================================================
Key code:
0401CE1E 5EF3B843 CD917648 1D70EF8F CECE8518 5B32ED5F 529E9DC4 D16EDF1A
5F6E6389 10AAE2D4 74FD9DA7 F05AB123 9AF3EE64 9F0BAF99 A0CBF55B E319B2D1
8EDEBB01 7C63469B C62A2256 3EAEA0BD 486F9524 8559C7EF 24D969D1 11093BBF
27F770E7 03E28ABA BB357E5B 28EF04CC EA931C81 C7D7EBD8 5797B1CD 05D9B497
56D91126 E9
Host public key for PEM format code:

---- BEGIN SSH2 PUBLIC KEY ----
AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHOHl7zuEPN
kXZIHXDvj87OhRhbMu1fUp6dxNFu3xpfbmOJEKri1HT9nafwWrEjmvPuZJ8Lr5mg
y/Vb4xmy0Y7euwF8Y0abxioiVj6uoL1Ib5UkhVnH7yTZadERCTu/J/dw5wPiirq7
NX5bKO8EzOqTHIHH1+vYV5exzQXZtJdW2REm6Q==
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :

ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHOHl7z
uEPNkXZIHXDvj87OhRhbMu1fUp6dxNFu3xpfbmOJEKri1HT9nafwWrEjmvPuZJ8Lr5mgy/Vb4xmy0Y7e
uwF8Y0abxioiVj6uoL1Ib5UkhVnH7yTZadERCTu/J/dw5wPiirq7NX5bKO8EzOqTHIHH1+vYV5exzQXZ
tJdW2REm6Q== ecdsa-key
Table 3-24 Description of the display ecc local-key-pair public command output
Item Description
Time of Key pair created Time when the public key in the local ECC
key pair is generated, in the format of
YYYY-MM-DD HH:MM:SS.
Key name Name of the public key in the local ECC

key pair.
Key modulus Length of the public key in the local ECC

key pair on a client.
Key type Type of the public key in the local ECC

key pair. "ECC encryption Key" indicates
an ECC public key.
Key code Code of the public key in the local ECC

key pair configured using the ecc local-
key-pair create command.
Host public key for PEM format PEM code of the public key in the local
code ECC key pair on a client.
Public key code for pasting into Public key in the local ECC key pair on a
OpenSSH authorized_keys file client that is used for OpenSSH
authorization. This information can be
used after being copied to the OpenSSH
authorized_keys file.

Fat AP and Cloud AP
3.4.13 display ecc peer-public-key

Function
The display ecc peer-public-key command displays information about the Elliptic
Curves Cryptography (ECC) public key configured on the remote end.
Format
display ecc peer-public-key [ brief | name key-name ]
Parameters
brief Displays the brief information about -
the ECC public key configured on the
remote end.
name key-name Displays information about an ECC The value is a string of 1
public key with a specified name to 30 case-sensitive
configured on the remote end. characters, spaces not
supported.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the display ecc peer-public-key command on a client to check
information about the public key configured on the remote end. The public key
enables a server to authenticate users and ensures the login of authorized users.
Example
# Display the information about the ECC public keys of 127.0.0.1.
<HUAWEI> display ecc peer-public-key
=====================================
Key name: 127.0.0.1
Encoding type: DER
=====================================
Key Code:
04013184 A3311697 89DF558B 7F67BF9D BD95DBD5 280D659F 0E29852C AEC2FFBA
1913AC2A 88247ADA 46BEBEBE 1829C0DA 3BABC8FC 8F6EAD28 2AE2C6A8 116BAA3A
540E6B00 34E033D8 9D84841B 0D33DAD8 DEDD1C09 2B70B3DB 5AF0FCB2 37DF1C82
C4C622A6 85B23698 195DA60F 06858ADB DD743937 B4A29C4C FB28B40B BCEEE036
1DE61BD2 24

Fat AP and Cloud AP
# Display the brief information about all the ECC public keys.
<HUAWEI> display ecc peer-public-key brief
Bits Name
----------------------
521 127.0.0.1
384 10.54.131.203
Table 3-25 Description of the display ecc peer-public-key command output

Item Description
Bits Length of the ECC public key configured

on the remote end.
Name Name of the ECC public key configured

on the remote end.
Key name Name of the ECC public key configured

on the remote end.
Encoding type Encoding type of the ECC public key

configured on the remote end.
● OPENSSH
If OpenSSH is specified, data is Base64
encoded.
OpenSSH is derived from PEM.
● PEM
If PEM is specified, data is Base64
encoded.
● DER
If DER is specified, data is Base16
encoded.
Key Code Code of the public key in the local ECC

key pair configured using the ecc local-
key-pair create command.
3.4.14 display wlan ble-link-info

Function
The display wlan ble-link-info command displays connection information about
the Bluetooth-based air interface on an AP.
Format
display wlan ble-link-info
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check connection information about the Bluetooth-
based air interface on an AP.
Example
# Display connection information about the Bluetooth-based air interface on an
AP.
<HUAWEI> display wlan ble-link-info
Info: This operation may take a few seconds. Please wait for a moment.done.
-------------------------------------------------------------------------------------
BLE access MAC : xxxx-xxxx-xxxx
Status : paired
Link status changed time : 2019-04-11 09:12:46
-------------------------------------------------------------------------------------
Table 3-26 Description of the display wlan ble-link-info command output

Item Description
BLE access MAC MAC address of a STA accessed

through Bluetooth. This address is
randomly generated when the STA
establishes a Bluetooth connection
with the AP.
Status Bluetooth connection status between a

STA and the AP.
● link established: The link is
established between the STA and
AP.
● paired: The STA and AP are
successfully paired.
Link status changed time Time when the connection status is

updated.
3.4.15 ecc local-key-pair create

Function
The ecc local-key-pair create command generates a local Elliptic Curves
Cryptography (ECC) host key pair.

Fat AP and Cloud AP
By default, no local ECC host key pair exists in the system.
Format
ecc local-key-pair create
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
A local key pair is a prerequisite to a successful SSH login. Compared with the RSA
algorithm used by the rsa local-key-pair create command, the ECC algorithm
shortens the key length, accelerates the encryption, and improves the security. The
length of the server key pair and the host key pair can be 256 bits, 384 bits and
521 bits. By default, the length of the key pair is 521 bits.
Follow-up Procedure
Perform other SSH configurations.
Precautions
● The generated ECC host key pair is named in the format of wireless access
point name_Host_ECC, such as HUAWEI_Host_ECC. The local DSA private key
is saved in PKCS#8 format to the hostkey_ecc file.
● The ecc local-key-pair create and ecc local-key-pair destroy commands are
not saved in the configuration file. They only need to be run once and take
effect even after the wireless access point restarts.
● Do not delete the ECC key file from the wireless access point. If the ECC key
file is deleted, the ECC key pair cannot be restored after the wireless access
point is restarted.
Example
# Generate a local ECC host key pair.
[HUAWEI] ecc local-key-pair create
Info: The key name will be: HUAWEI_Host_ECC.
Info: The ECC host key named HUAWEI_Host_ECC already exists.
Warning: Do you want to replace it ? [Y/N]: Y
Info: The key modulus can be any one of the following : 256, 384, 521.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=521]:521

Fat AP and Cloud AP
Info: Generating keys...

Info: Succeeded in creating the ECC host keys.
# Enter an incorrect key length and re-enters the key length for a maximum
number of retry attempts.
[HUAWEI] ecc local-key-pair create
Info: The key name will be: HUAWEI_Host_ECC.
Info: The ECC host key named HUAWEI_Host_ECC already exists.
Warning: Do you want to replace it ?[Y/N]: Y
Info: The key modulus can be any one of the following : 256, 384, 521.
Info: If the key modulus is greater than 512, it may take a few minutes.
Error: Invalid ECC key modulus.
Error: The maximum number of retries has reached, and the command has already been canceled.
3.4.16 ecc local-key-pair destroy

Function
The ecc local-key-pair destroy command deletes the local Elliptic Curves
Cryptography (ECC) keys.
Format
ecc local-key-pair destroy
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If you no longer need the local ECC key pairs, run the ecc local-key-pair destroy
command to delete them.
After the ecc local-key-pair destroy command is run, the ECC key files on the
master and slave main control boards are cleared. Exercise caution when running
the command.

Fat AP and Cloud AP
Precautions
● The ecc local-key-pair create and ecc local-key-pair destroy commands are
not saved in the configuration file. They only need to be run once and take
effect even after the wireless access point restarts.
● Do not delete the ECC key file from the wireless access point. If the ECC key
file is deleted, the ECC key pair cannot be restored after the wireless access
point is restarted.
Example
# Delete the local ECC host key pair and server key pair.
[HUAWEI] ecc local-key-pair destroy
Info: The name of the key which will be destroyed is HUAWEI_Host_ECC.
Warning: These keys will be destroyed. Continue? [Y/N]:Y
Info: Succeeded in destroying the ECC host keys.
3.4.17 ecc peer-public-key
Function
The ecc peer-public-key command creates an ECC public key and enters the
Elliptic Curves Cryptography (ECC) public key view.
The undo ecc peer-public-key command deletes an ECC public key.
By default, no ECC public key is created.
Format
ecc peer-public-key key-name encoding-type { der | openssh | pem }
undo ecc peer-public-key key-name
Parameters
key-name Specifies an ECC public key name. The value is a
string of 1 to 64
case-sensitive
characters, spaces
not supported.
encoding- Indicates the encoding type of an ECC public -
type key.
der Specifies DER as the encoding type of an -
ECC public key.
If DER is specified, data is encoded in
hexadecimal notation.

Fat AP and Cloud AP

openssh Specifies OpenSSH as the encoding type of -
an ECC public key.
If OpenSSH is specified, data is Base64
encoded.
OpenSSH is derived from PEM.
pem Specifies PEM as the encoding type of an -

ECC public key.
If PEM is specified, data is Base64 encoded.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When ECC public key authentication is used, a client's public key must be specified
on the server for an SSH user. When the client logs in to the server, the server
performs authentication on the client based on the public key of the SSH user.
After an ECC public key is created and the ECC public key view is displayed, run
the public-key-code begin command, then you can manually copy the client's
public key to the server.
The client's public key is randomly generated by the client software.
If an ECC public key has been assigned to an SSH client, delete the binding
between the public key and the SSH client before deleting the ECC public key.
Otherwise, the undo dsa peer-public-key command will fail to delete the ECC
public key.
Follow-up Procedure
After copying the client's ECC public key to the server, run the following
commands to quit the ECC public key view:
1. Run the public-key-code end command to return to the ECC public key view.
2. Run the peer-public-key end command to quit the ECC public key view and
return to the system view.
Precautions
A maximum of 20 ECC public keys can be created.

Fat AP and Cloud AP
Example
# Create an ECC public key and enter the ECC public key view.
[HUAWEI] ecc peer-public-key ecc-peer-key encoding-type pem
Info: Enter (ECC public key) view, return system view with (peer-public-key end).
[HUAWEI-ecc-public-key] public-key-code begin
Info: Enter (ECC key code) view, return the last view with (public-key-code end).
[HUAWEI-ecc-key-code] ---- BEGIN SSH2 PUBLIC KEY ----
[HUAWEI-ecc-key-code]
AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACDBL5J4v3pqi5S
[HUAWEI-ecc-key-code] ALI9lvLw4cdvtpD2AC6sEJXg9GDCD5vGBnkXlKmnOy6d1TyrXx57ZPNnrSdqVkHC
[HUAWEI-ecc-key-code] sMBa63vSwg1XsVW2qZgx8H57+FJiTPY61b1Vfst9GUif1ymfpB7XrbdYZDownoh0
[HUAWEI-ecc-key-code] FZNadZtIf2CRc0OeiKXbCSPP25dfoT/DTcc=
[HUAWEI-ecc-key-code] ---- END SSH2 PUBLIC KEY ----
[HUAWEI-ecc-key-code] public-key-code end
[HUAWEI-ecc-public-key] peer-public-key end
# Delete an ECC public key.

[HUAWEI] undo ecc peer-public-key ecc-peer-key
Warning: The public key named ecc-peer-key will be deleted. Continue? [Y/N]:Y
3.4.18 lock
Function
The lock command locks the current user interface to prevent unauthorized users
from operating the interface.
By default, the system does not automatically lock the current user interface.
Format
lock
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Lock the current user interface using this command to prevent other users from
operating the interface. The user interfaces consist of console ports, and Virtual
Type Terminals (VTYs).

Fat AP and Cloud AP
After using the lock command, you are prompted to input the password twice. If
you input the correct password for twice, the user interface is locked.
Precautions
● The passwords must meet the following requirements:
– The password is a string of 8 to 128 case-sensitive characters.
– The password must contain at least two of the following characters:
upper-case character, lower-case character, digit, and special character.
The special characters include spaces and the following:
`~!@#$%^&*()-_=+\|[{}];:'",<.>/?
● Password entered in interactive mode is not displayed on the screen.
● When you run the lock command to lock the user interface and set a locking
password, you can press CTRL_C to cancel the operation.
● To unlock the user interface, press Enter, and then input the correct password
as prompted by the system.
Example
# Lock the current user interface after logging in through the console port.
<HUAWEI> lock
Info: A plain text password is a string of 8 to 128 case-sensitive characters and must be a combination of at
least two of the follow
ing: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (including spaces and
the following :`~!@#$%
^&*()-_=+|[{}];:'",<.>/?).
Enter Password:
Confirm Password:
Info: The terminal is locked.
# To log in to the system after the system is locked, you must press Enter. The
following information is displayed:
Enter Password:
# Enter the correct password and return to the user view.

<HUAWEI>
3.4.19 matched upper-view

Function
The matched upper-view command allows the system to search for the undo
command in the upper view, and returns to the upper view.
The undo matched upper-view command prohibits the system from searching for
the undo command in the upper view.
By default, the system does not search for the undo command in the upper view.
Format
matched upper-view
undo matched upper-view

Fat AP and Cloud AP
Parameters
None
Views
System view
Default Level
Usage Guidelines
When you run the undo command in a view, which is not registered in the current
view, the system searches for the command in the upper view if the system is
allowed to search for the undo command in the upper view. If the system finds
the same undo command, the system executes this command in the upper view. If
the system does not find the same undo command in the upper view, the system
continues to search for this command in other upper views till the system view.
Running this command brings security risks. For example, if you run the undo
ospf command in the interface view, while this command is not registered in the
interface view, the system automatically searches for it in the upper view, that is,
the system view. In this manner, the system disables the OSPF feature globally.
The matched upper-view command is valid only for current login users who run
this command.
Example
# Allow the undo command to be searched for in the upper view.
[HUAWEI] matched upper-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo ftp server
Info: Succeeded in closing the FTP server.
[HUAWEI]
# Prohibit the undo command from being searched for in the upper view.
[HUAWEI] undo matched upper-view
[HUAWEI-GigabitEthernet0/0/1] undo ftp server
^
Error: Unrecognized command found at '^' position.
[HUAWEI-GigabitEthernet0/0/1]
3.4.20 peer-public-key end
Function
The peer-public-key end command returns to the system view from the public
key view and saves the configured public keys.

Fat AP and Cloud AP
Format
peer-public-key end
Parameters
None
Views
Public key view
Default Level
3: Management level
Usage Guidelines
You must save the public key generated on the remote host to the local host,
which ensures that the validity check on the remote end is successful. After editing
a public key in the public key view, you can run this command to return to the
system view.
Example
# Return to the system view from the public key view.
[HUAWEI] rsa peer-public-key rsakey001
[HUAWEI-rsa-public-key] public-key-code begin
[HUAWEI-rsa-key-code] 308188
[HUAWEI-rsa-key-code] B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
[HUAWEI-rsa-key-code] A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
[HUAWEI-rsa-key-code] 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
[HUAWEI-rsa-key-code] 40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
[HUAWEI-rsa-key-code] 1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
[HUAWEI-rsa-key-code] A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
[HUAWEI-rsa-key-code] 171896FB 1FFC38CD
[HUAWEI-rsa-key-code] public-key-code end
[HUAWEI-rsa-public-key] peer-public-key end
[HUAWEI]
3.4.21 public-key-code begin

Function
The public-key-code begin command displays the public key editing view.
Format
public-key-code begin
Parameters
None

Fat AP and Cloud AP
Views
Public key view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You must save the public key generated on the remote host to the local host,
which ensures that the validity check on the remote end is successful. Run the
public-key-code begin command to display the public key editing view, and enter
the key data. The key characters can contain spaces. You can press Enter to enter
data in another line.
Prerequisite
A key name has been specified by running the rsa peer-public-key command.
Precautions
● The public key must be a hexadecimal character string in the public key
encoding format, and generated by the client or server that supports SSH.
● The public keys displayed by running the display rsa local-key-pair public
command can be used as the key data to enter.
● You can successfully edit the public key in a public key pair by entering the
public key in the server key pair or client key pair. In SSH application, only the
public key in the client key pair can be entered as key data. If you enter the
public key in the server key pair, authentication fails during SSH login.
Example
# Display the public key editing view and enter the key data.
[HUAWEI]

Fat AP and Cloud AP
3.4.22 public-key-code end

Function
The public-key-code end command returns to the public key view from the public
key editing view and saves the configured public keys.
Format
public-key-code end
Parameters
None
Views
Public key editing view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
After this command is run, the process of editing the public key ends. Before
saving the public key, the system will check the validity of the key.
● If there are illegal characters in the public key character string configured by
the user, the system will display a relevant error prompt. The public key
previously configured by the user is discarded, thus the configuration fails.
● If the public key configured is valid, it is saved in the public key chain table of
the client.
Precautions
● Generally, in the public key view, only the public-key-code end command can
be used to exit. Thus, in this instance the quit command cannot be used.
● If the legal key coding is not input, the key cannot be generated after the
public-key-code end command is used. The system prompts that generating
the incorrect key fails.
● If the key is deleted in another window, the system prompts that the key does
not exist and returns to the system view directly after you run the public-key-
code end command.
Example
# Exit from the RSA public key editing view and saves the RSA key configuration.

Fat AP and Cloud AP
[HUAWEI]
3.4.23 rsa local-key-pair create

Function
The rsa local-key-pair create command generates local RSA host and server key
pairs.
By default, no local RSA host or server key pairs are generated.
Format
rsa local-key-pair create
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To implement secure data exchange between the server and client, run this
command to generate a local key pair.
Precautions
If the RSA key pair exists, the system prompts you to confirm whether to replace
the original key pair.
After you run this command, the system prompts you to enter the number of
digits in the host key. The difference between the bits in the server and host key
pairs must be at least 128 bits. The minimum length of the server key pair and
host key pair is 512 bits, the maximum length is 2048 bits, and the default length
is 2048 bits.

Fat AP and Cloud AP
NOTE
An RSA key pair with less than 1024 bits is insecure and not recommended.
The premise to log in to the SSH server successfully is to configure and generate a
local RSA key pair. Before performing other SSH configurations, you must use the
rsa local-key-pair create command to generate the local key pair.
After you run this command, the generated key pair is saved on the device and
will not be lost after the device restarts.
Example
# Configure a device to generate the local host and server key pairs.
[HUAWEI] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 2048]:3072
Generating keys...
......................++++++++
........................................................++++++++
........+++++++++
.....+++++++++
3.4.24 rsa local-key-pair destroy
Function
The rsa local-key-pair destroy command deletes all local RSA keys, including the
host and server key pairs.
Format
rsa local-key-pair destroy
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
To delete local key pairs, run the rsa local-key-pair destroy command. If the host
and server key pairs of an SSH server are deleted, run the rsa local-key-pair
create command to create a host key pair and server key pair for the SSH server.
After you run this command, verify that all local RSA keys are deleted. The
command configuration takes effect only once and is not saved into the
configuration file.
Prerequisites
The local RSA keys that can be deleted exist.
Example
# Delete all RSA server keys.
[HUAWEI] rsa local-key-pair destroy
The name for the keys which will be destroyed is Host.
Confirm to destroy these keys? (y/n)[n]:y
3.4.25 rsa peer-public-key

Function
The rsa peer-public-key command displays the view of the RSA public key, and
specifies an RSA public key name.
The undo rsa peer-public-key command deletes a rsa public key.
By default, no public key is configured.
Format
rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]
undo rsa peer-public-key key-name
Parameters
key-name Specifies the rsa public key name. The value is a string
of 1 to 30 case-
insensitive
characters without
spaces.
encoding-type Specifies an encoding format for an RSA -

public key.
der Specifies the DER format for an RSA public -

key.
DER encodes data in hexadecimal format.

Fat AP and Cloud AP
openssh Specifies the OpenSSH format for an RSA -

public key.
OpenSSH encodes data in base-64 format.
OpenSSH is an encoding format based on
PEM.
pem Specifies the PEM format for an RSA public -

key.
PEM encodes data in base-64 format.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When you use an RSA public key for authentication, you must specify the public
key of the corresponding client for an SSH user on the server. When the client logs
in to the server, the server uses the specified public key to authenticate the client.
You can also save the public key generated on the server to the client. Then the
client can be successfully authenticated by the server when it logs in to the server
for the first time.
Third-party software, such as PuTTY, OpenSSH, and OpenSSL, can be used to
generate RSA keys in different formats. The details are as follows:
● The PuTTY generates RSA keys in PEM format.
● The OpenSSH generates RSA keys in OpenSSH format.
● The OpenSSL generates RSA keys in DER format.
After you configure an encoding format for an RSA public key, the device
automatically generates an RSA public key in the configured encoding format and
enters the RSA public key view. Then you can run the public-key-code begin
command and manually copy the RSA public key generated on the peer device to
the local device.
Prerequisite
The rsa public key in hexadecimal notation on the remote host has been obtained
and recorded.
Follow-up Procedure
After you copy the RSA public key generated on the peer device to the local
device, perform the following operations to exit the RSA public key view:

Fat AP and Cloud AP
1. Run the public-key-code end command to return to the RSA public key view.
2. Run the peer-public-key end command to exit the RSA public key view and
return to the system view.
Precautions
If an RSA public key has assigned to an SSH client, release the binding relationship
between the public key and the SSH client. If you do not release the binding
relationship between them, the undo rsa peer-public-key command will fail to
delete the RSA public key.
Example
# Display the rsa public key view.
[HUAWEI-rsa-public-key]
# Configure an encoding format for an RSA public key and enter the RSA public
key view.
[HUAWEI] rsa peer-public-key RsaKey001 encoding-type openssh
[HUAWEI-rsa-public-key]
3.4.26 ssh client assign
Function
The ssh client assign command specifies the host public key of an SSH server on
an SSH client.
The undo ssh client assign command cancels the specified host public key of an
SSH server on the SSH client.
By default, no host public keys of servers are specified on SSH clients.
Format
ssh client servername assign { rsa-key | ecc-key } keyname
undo ssh client servername assign { rsa-key | ecc-key }
Parameters
servername Specifies the host name or IP The value is a string of 1 to

address of an SSH server. 64 characters without spaces.
rsa-key Specifies an RSA public key. -
ecc-key Specifies an ECC public key. -

Fat AP and Cloud AP
keyname Specifies the public key name of an The value is a string of 1 to

SSH server that has been configured 64 case-insensitive characters
on an SSH client. without spaces.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If an SSH client connects to an SSH server for the first time and first
authentication is not enabled on the SSH client using the ssh client first-time
enable command, the SSH client must determine whether the server is reliable. To
do so, run the ssh client assign command to specify the host public key of the
SSH server and the mapping between the key and SSH server on the SSH client.
The client then uses the correct public key to determine whether the server is
reliable based on the mapping.
Precautions
Ensure that the RSA or ECC public key to be assigned to an SSH server has been
configured on the SSH client using the rsa peer-public-key or ecc peer-public-
key command. If the key is not configured, the verification for the RSA or ECC
public key of the SSH server on the SSH client fails.
Example
# Assign an ECC public key to the SSH server.
[HUAWEI] ssh client 10.164.39.120 assign ecc-key sshecckey01
# Delete the ECC public key from the SSH server.

[HUAWEI] undo ssh client 10.164.39.120 assign ecc-key
3.4.27 ssh client first-time enable

Function
The ssh client first-time enable command enables the first authentication on the
SSH client.
The undo ssh client first-time enable command disables the first authentication
on the SSH client.
By default, first authentication is disabled on the SSH client.

Fat AP and Cloud AP
Format
ssh client first-time enable
undo ssh client first-time enable
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When the SSH client accesses the SSH server for the first time and the public key
of the SSH server is not configured on the SSH client, you can enable the first
authentication for the SSH client to access the SSH server and save the public key
on the SSH client. When the SSH client accesses the SSH server next time, the
saved public key is used to authenticate the SSH server.
Precautions
You can run the ssh client assign command to pre-assign the RSA public key to
the SSH server. In this manner, you can log in to the SSH server successfully at the
first time.
Example
# Enable the first authentication on the SSH client.
[HUAWEI] ssh client first-time enable
3.4.28 ssh client key-exchange

Function
The ssh client key-exchange command configures a key exchange algorithm list
on an SSH client.
The undo ssh client key-exchange command restores the default configuration.
By default, the key exchange list supported by an SSH client includes
dh_group14_sha1.
Format
ssh client key-exchange { dh_group_exchange_sha1 | dh_group14_sha1 } *

Fat AP and Cloud AP
undo ssh client key-exchange
Parameters
dh_group_exchange_sha1 Adds the diffie-hellman-group-exchange- -

sha1 algorithm to the key exchange
algorithm list configured on the SSH client.
dh_group14_sha1 Adds the diffie-hellman-group14-sha1 -

algorithm to the key exchange algorithm list
of an SSH client.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The client and server negotiate the key exchange algorithm used for packet
transmission. You can run the ssh client key-exchange command to configure a
key exchange algorithm list on the SSH client. The SSH server compares the
configured key exchange algorithm list with the counterpart sent by the client and
then selects the first matched key exchange algorithm for packet transmission. If
the key exchange algorithm list sent by the client does not match any algorithm in
the key exchange algorithm list configured on the server, the negotiation fails.
Precautions
The following key exchange algorithms are listed in descending order of security
level: dh_group_exchange_sha1 > dh_group14_sha1. It is recommended that the
dh_group_exchange_sha1 be used.
Example
# Configure a key exchange algorithm list to contain dh_group_exchange_sha1
and dh_group14_sha1 for the SSH client.
[HUAWEI] ssh client key-exchange dh_group_exchange_sha1 dh_group14_sha1

Fat AP and Cloud AP
3.4.29 ssh client secure-algorithms hmac
Function
The ssh client secure-algorithms hmac command configures an HMAC algorithm
list for an SSH client.
The undo ssh client secure-algorithms hmac command restores the default
HMAC algorithm list of an SSH client.
By default, an SSH client supports the SHA2_256 HMAC algorithm.
Format
ssh client secure-algorithms hmac { sha2_256 } *
undo ssh client secure-algorithms hmac
Parameters
sha2_256 Specifies the HMAC SHA2_256 algorithm. -
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
An SSH server and a client need to negotiate an HMAC algorithm for the packets
exchanged between them. You can run the ssh client secure-algorithms hmac
command to configure an HMAC algorithm list for the SSH client. After the list is
configured, the server matches the list of a client against the local list after
receiving a packet from the client and selects the first HMAC algorithm that
matches the local list. If no HMAC algorithms in the list of the client match the
local list, the negotiation fails.
Precautions
Example
# Configure the HMAC SHA2_256 algorithm for an SSH client.
[HUAWEI] ssh client secure-algorithms hmac sha2_256

Fat AP and Cloud AP
3.4.30 ssh client secure-algorithms cipher
Function
The ssh client secure-algorithms cipher command configures an encryption
algorithm list for an SSH client.
The undo ssh client secure-algorithms cipher command restores the default
encryption algorithm list of an SSH client.
By default, an SSH client supports two encryption algorithms: AES128_CTR and

AES256_CTR.
Format
ssh client secure-algorithms cipher { aes128_ctr | aes256_ctr } *
undo ssh client secure-algorithms cipher
Parameters
aes128_ctr Specifies the CTR AES128 encryption algorithm. -
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
An SSH server and a client need to negotiate an encryption algorithm for the
packets exchanged between them. You can run the ssh client secure-algorithms
cipher command to configure an encryption algorithm list for the SSH client. After
the list is configured, the server matches the encryption algorithm list of a client
against the local list after receiving a packet from the client and selects the first
encryption algorithm that matches the local list. If no encryption algorithms in the
list of the client match the local list, the negotiation fails.
Precautions
aes256_ctr provides the highest security, followed by aes128_ctr.

Fat AP and Cloud AP
Example
# Configure CTR encryption algorithms for an SSH client.
[HUAWEI] ssh client secure-algorithms cipher aes128_ctr aes256_ctr
3.4.31 ssh server authentication-retries

Function
The ssh server authentication-retries command sets the maximum number of
authentication retries for an SSH connection.
The undo ssh server authentication-retries command restores the default
maximum number of authentication retries for an SSH connection.
The default maximum number of authentication retries for an SSH connection is
3.
Format
ssh server authentication-retries times
undo ssh server authentication-retries
Parameters
times Specifies the maximum number of The value is an integer that
authentication retries for an SSH ranges from 1 to 5.
connection.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run this command to configure the maximum number of authentication
retries for an SSH connection, which prevents server overload due to malicious
access.
Precautions
The configured number of retries takes effect upon the next login.
The total number of RSA and password authentication retries on the SSH client
cannot exceed the maximum number that is set using this command.

Fat AP and Cloud AP
Example
# Set the maximum number of times for retrying login authentication to 4.
[HUAWEI] ssh server authentication-retries 4
3.4.32 ssh server key-exchange

Function
The ssh server key-exchange command configures a key exchange algorithm list
on an SSH server.
The undo ssh server key-exchange command restores the default configuration.
By default, the key exchange list supported by an SSH server includes
dh_group14_sha1.
Format
ssh server key-exchange { dh_group_exchange_sha1 | dh_group14_sha1 } *
undo ssh server key-exchange
Parameters
dh_group_exchange_sha1 Adds the diffie-hellman-group-exchange- -

sha1 algorithm to the key exchange
algorithm list of an SSH server.
dh_group14_sha1 Adds the diffie-hellman-group14-sha1 -

algorithm to the key exchange algorithm list
of an SSH server.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
An SSH server and a client need to negotiate a key exchange algorithm for the
packets exchanged between them. You can run the ssh server key-exchange
command to configure a key exchange algorithm list for the SSH server. After the
list is configured, the server matches the key exchange algorithm list of a client

Fat AP and Cloud AP
against the local list after receiving a packet from the client and selects the first
key exchange algorithm that matches the local list. If no key exchange algorithms
in the list of the client match the local list, the negotiation fails.
Precautions
The following key exchange algorithms are listed in descending order of security
level: dh_group_exchange_sha1 > dh_group14_sha1. It is recommended that the
dh_group_exchange_sha1 be used.
Example
# Configure a key exchange algorithm list to contain dh_group_exchange_sha1
and dh_group14_sha1 for the SSH server.
[HUAWEI] ssh server key-exchange dh_group_exchange_sha1 dh_group14_sha1
3.4.33 ssh server permit interface
Function
The ssh server permit interface command specifies physical interfaces on the
SSH server to which clients can connect.
The undo ssh server permit interface command restores the default physical
interfaces on the SSH server to which clients can connect.
By default, clients can connect to all the physical interfaces on the SSH server.
Format
ssh server permit interface { interface-type interface-number } &<1-5>
undo ssh server permit interface
Parameters
interface-type interface-type specifies the interface type. -

interface-number
interface-number specifies the interface number.
interface-number and interface-type specify an
interface.
Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
To prevent a client from connecting to the SSH server through an unauthorized

physical interface or attacking the SSH server by sending a large number of SSH
packets, you can run the ssh server permit interface command to specify physical
interfaces on the SSH server to which the client can connect.
Precautions
● By default, clients can connect to all the physical interfaces on the SSH server.
Once a physical interface is specified using the ssh server permit interface
command, a client cannot connect to the SSH server using other physical
interfaces (excluding MEth interfaces).
● This command can be used only on a Layer 2 physical interface but not on a
Layer 3 physical interface, logical interface, or a non-Ethernet interface.
● A physical interface specified using this command cannot be added to an Eth-
Trunk. If it is added to an Eth-Trunk, a client cannot connect to the SSH server
through this physical interface.
Example
# Specify physical interfaces on the SSH server to which clients can connect.
[HUAWEI] ssh server permit interface gigabitethernet 0/0/1
Info: Succeeded in setting ssh permit interface.
# Restore the default physical interfaces on the SSH server to which clients can
connect.
[HUAWEI] undo ssh server permit interface
3.4.34 ssh server port
Function
The ssh server port command changes the listening port number of the SSH
server.
The undo ssh server port command restores the default listening port number of
the SSH server.
The default listening port number of the SSH server is 22.
Format
ssh server port port-number
undo ssh server port

Fat AP and Cloud AP
Parameters
port-number Specifies the listening port The value is 22 or an integer
number of the SSH server. ranging from 1025 to 55535.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Configure the listening port number of the SSH server to prevent from malicious
access to the SSH service standard port and ensure security.
Precautions
The SSH client can log in successfully with no port specified only when the server
is listening on port 22. If the server is listening on another port, the port number
must be specified upon login.
Before changing the current port number, disconnect all devices from the port.
After the port number is changed, the server starts to listen on the new port.
Example
# Set the listening port number of the SSH server is 1025.
[HUAWEI] ssh server port 1025
3.4.35 ssh server rekey-interval

Function
The ssh server rekey-interval command sets the interval for updating the SSH
server key pair.
The undo ssh server rekey-interval command restores the default interval for
updating the SSH server key pair.
The default interval for updating the SSH server key pair is 0, indicating that the
key pair is never updated.
Format
ssh server rekey-interval hours
undo ssh server rekey-interval

Fat AP and Cloud AP
Parameters
hours Specifies the interval for The value is an integer that ranges
updating the server key pair. from 1 to 24, in hours.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If the server key pair is not updated for a long time, the key is easy to decrypt and
the server is insecure. After the interval for updating the SSH server key pair is set
using this command, the system will automatically update the key pair at
intervals.
Precautions
If the client is connected to the server, the server public key on the client is not
updated immediately. This key is updated only when the client is reconnected to
the server.
Example
# Set the interval for updating the SSH server key pair to 2 hours.
[HUAWEI] ssh server rekey-interval 2
3.4.36 ssh server secure-algorithms hmac

Function
The ssh server secure-algorithms hmac command configures an HMAC
algorithm list for an SSH server.
The undo ssh server secure-algorithms hmac command restores the default
HMAC algorithm list of an SSH server.
By default, an SSH server supports the SHA2_256 HMAC algorithm.
By default, an SSH server supports the SHA2_256 HMAC algorithm.
Format
ssh server secure-algorithms hmac { sha2_256 } *

Fat AP and Cloud AP
undo ssh server secure-algorithms hmac
Parameters
sha2_256 Specifies the HMAC SHA2_256 algorithm. -
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
An SSH server and a client need to negotiate an HMAC algorithm for the packets
exchanged between them. You can run the ssh server secure-algorithms hmac
command to configure an HMAC algorithm list for the SSH server. After the list is
configured, the server matches the list of a client against the local list after
receiving a packet from the client and selects the first HMAC algorithm that
matches the local list. If no HMAC algorithms in the list of the client match the
local list, the negotiation fails.
Precautions
Example
# Configure the HMAC SHA2_256 algorithm for an SSH server.
[HUAWEI] ssh server secure-algorithms hmac sha2_256
3.4.37 ssh server secure-algorithms cipher

Function
The ssh server cipher command configures an encryption algorithm list for an
SSH server.
The undo ssh server cipher command restores the default encryption algorithm
list of an SSH server.
By default, an SSH server supports two encryption algorithms: AES128_CTR and
AES256_CTR.
Format
ssh server secure-algorithms cipher { aes128_ctr | aes256_ctr } *

Fat AP and Cloud AP
ssh server secure-algorithms cipher
Parameters
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
An SSH server and a client need to negotiate an encryption algorithm for the
packets exchanged between them. You can run the ssh server secure-algorithms
cipher command to configure an encryption algorithm list for the SSH server.
After the list is configured, the server matches the encryption algorithm list of a
client against the local list after receiving a packet from the client and selects the
first encryption algorithm that matches the local list. If no encryption algorithms
in the list of the client match the local list, the negotiation fails.
Precautions
aes256_ctr provides the highest security, followed by aes128_ctr.
Example
# Configure CTR encryption algorithms for an SSH server.
[HUAWEI] ssh server secure-algorithms cipher aes256_ctr aes128_ctr
3.4.38 ssh server timeout
Function
The ssh server timeout command sets the timeout interval for SSH connection
authentication.
The undo ssh server timeout restores the default timeout interval for SSH
connection authentication.
The default timeout interval for SSH connection authentication is 60 seconds.

Fat AP and Cloud AP
Format
ssh server timeout seconds
undo ssh server timeout
Parameters
seconds Specifies the timeout interval for The value is an integer ranging
SSH connection authentication. from 60 to 120, in seconds.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If you have not logged in successfully at the timeout interval for SSH connection
authentication, the current connection is terminated to ensure security. You can
run the display ssh server command to query the current timeout interval.
Precautions
The setting for the timeout interval takes effect upon next login.
If a very short timeout period is configured for SSH connection authentication,

user login may fail due to a connection timeout. Using the default timeout period
is recommended.
Example
# Set the SSH connection authentication timeout interval to 90 seconds.
[HUAWEI] ssh server timeout 90
3.4.39 ssh user assign
Function
The ssh user assign command assigns an existing public key to a user.
The undo ssh user assign command deletes the mapping between a user and a
public key.
By default, no public key is assigned to a user.

Fat AP and Cloud AP
Format
ssh user user-name assign { rsa-key | ecc-key } key-name
undo ssh user user-name assign { rsa-key | ecc-key }
Parameters
user-name Specifies the name of an SSH The value is a string of 1 to 64

user. case-insensitive characters without
spaces.
rsa-key Specifies an RSA public key. -
ecc-key Specifies an ECC public key. -
key-name Specifies the client public key The value is a string of 1 to 30

name. case-insensitive characters without
spaces.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When an SSH client needs to log in to the SSH server in RSA or ECC mode, run
this command to assign a public key to the client. If the client has been assigned
keys, the latest assigned key takes effect.
Precautions
The newly configured public key takes effect upon next login.
When a public key is assigned to an SSH user but user-name does not exist, an
SSH user named user-name is created. The authentication type of the new SSH
user is the configured one.
Example
# Assign key1 to the user john.
[HUAWEI] ssh user john assign ecc-key key1

Fat AP and Cloud AP
3.4.40 ssh user authentication-type

Function
The ssh user authentication-type command configures an authentication type
for an SSH user.
The undo ssh user authentication-type command restores the default
authentication mode for an SSH user.
By default, the password authentication mode is used for SSH users.
Format
ssh user user-name authentication-type { password | rsa | password-rsa | ecc |
password-ecc | all }
undo ssh user user-name authentication-type
Parameters
user-name Specifies the name of an SSH user. The value is a string of 1

to 64 case-insensitive
characters without
spaces.
password Specifies the password authentication -

mode.
rsa Specifies the RSA authentication mode. -
password-rsa Specifies the password-RSA -

authentication mode.
ecc Specifies the ECC authentication mode. -
password-ecc Specifies the password-ECC -

all Specifies the password, ECC, or RSA -

Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
A new SSH user cannot log in to the SSH server unless being configured with an
authentication mode. The newly configured authentication mode takes effect
upon next login.
When an authentication type is configured for an SSH user but user-name does
not exist, an SSH user named user-name is created. The authentication type of the
new SSH user is the configured one.
NOTE
To improve security, the ECC algorithm is recommended for login authentication.
Table 3-27 describes the application scenarios of various authentication modes.
Table 3-27 Application scenarios of various authentication modes
Authentication Mode Application Scenario
RSA authentication It is a public key encryption

architecture and an asymmetric
encryption algorithm. RSA is mainly
used to transmit the keys of the
symmetric encryption algorithm, which
improves encryption efficiency and
simplifies key management. The server
checks whether the SSH user, public
key, and digital user signature are
valid. If all of them are valid, user
authentication succeeds; if any of
them is invalid, user authentication
fails, and the user is denied access to
the server.
ECC authentication Like RSA authentication, ECC

authentication requires the server to
check whether the SSH user, public
key, and digital user signature are
valid. If all of them are valid, user
authentication succeeds; if any of
them is invalid, user authentication
fails, and the user is denied access to
the server. Compared with RSA
authentication, ECC authentication has
the following advantages:
● Provides the same security with a
shorter key length.
● Requires less computing and
achieves faster processing.
● Requires less storage space.
● Requires lower bandwidth.

Fat AP and Cloud AP
Authentication Mode Application Scenario
Password authentication On the server, the AAA module assigns

each authorized user a password for
login. The server has the mappings
between user names and passwords.
When a user requests to access the
server, the server authenticates the
user name and password. If either of
them fails to be authenticated, the
access request of the user is denied.
Password-RSA and password-ECC The SSH server authenticates a client

authentication by checking both the public key and
password. The client can be
authenticated only when both the
public key and password meet the
requirement.
All The server authenticates a client by

checking the public key or password,
and the client can be authenticated
when either the public key or
password meets the requirement.
NOTE
In all authentication mode, the user
priority depends on the authentication
mode selected.
● If password authentication is selected,
the user priority is the same as that
specified on the AAA module.
● If RSA or ECC authentication is selected,
the user priority depends on the priority
of the VTY interface used during user
access.
If all authentication is selected and an AAA
user with the same name as the SSH user
exists, user priorities may be different in
the preceding authentication modes. Set
relevant parameters as needed.
Precautions
A new SSH user cannot log in to the SSH server unless being configured with an
authentication mode. The newly configured authentication mode takes effect
upon next login.
Only one login user can be created on an AP. Therefore, user-name must be set to
the name of the current login user.
Example
# Configure password authentication for the SSH user john.

Fat AP and Cloud AP
3.4.41 stelnet
Function
The stelnet command enables you to use the STelnet protocol to log in to another
device from the current device.
Format
stelnet [ -a source-address ] host-ip [ port-number ] [ [ identity-key { rsa |
ecc } ] | [ user-identity-key { rsa | ecc } ] | [ prefer_kex prefer_key-exchange ] |
[ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher
prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac
prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]
Parameters
-a source-address Specifies the STelnet The value is in dotted

source IP address. decimal notation.
host-ip Specifies the IPv4 address The value is a string of 1 to

or host name of the 255 case-insensitive
remote IPv4 STelnet characters without spaces.
server.
port-number Specifies the port number The value is an integer that

that the SSH server is ranges from 1 to 65535. The
listening on. default value 22 is the
standard port number.
prefer_kex prefer_key- Indicates the preferred Preferred key exchange

exchange key exchange algorithm. algorithms supported
depend on the ssh client
key-exchange command
settings.
prefer_ctos_cipher Indicates the preferred Preferred encryption

prefer_ctos_cipher encryption algorithm for algorithms supported
packets sent from the depend on the ssh client
client to the server. secure-algorithms cipher
command settings.
prefer_stoc_cipher Indicates the preferred Preferred encryption

prefer_stoc_cipher encryption algorithm for algorithms supported
packets sent from the depend on the ssh client
server to the client. secure-algorithms cipher
command settings.

Fat AP and Cloud AP
prefer_ctos_hmac Indicates the preferred Preferred HMAC algorithms

prefer_ctos_hmac HMAC algorithm for supported depend on the
packets sent from the ssh client secure-
client to the server. algorithms hmac command
settings.
prefer_stoc_hmac Indicates the preferred Preferred HMAC algorithms

prefer_stoc_hmac HMAC algorithm for supported depend on the
packets sent from the ssh client secure-
server to the client. algorithms hmac command
settings.
-ki aliveinterval Specifies the interval for The value is an integer that
sending keepalive packets ranges from 1 to 3600, in
when no packet is seconds.
received.
-kc alivecountmax Specifies the number of The value is an integer that

times for no reply of ranges from 3 to 10. The
keepalive packets. default value is 5.
Views
System view
Default Level
0: Visit level
Usage Guidelines
Usage Scenario
Logins through Telnet bring security risks because Telnet does not provide any
authentication mechanism and data is transmitted using TCP in plain text.
Compared with Telnet, SSH guarantees secure file transfer on a traditional
insecure network by authenticating clients and encrypting data in bidirectional
mode. The SSH protocol supports STelnet. You can run this command to use
STelnet to log in to another device from the current device.
STelnet is a secure Telnet service. SSH users can use the STelnet service in the
same way as the Telnet service.
When a fault occurs in the connection between the client and server, the client
needs to detect the fault in real time and proactively release the connection. You
need to set the interval for sending keepalive packets and the maximum number
of times on the client that logs in to the server through STelnet.
● Interval for sending keepalive packets: If a client does not receive any packet
within the specified interval, the client sends a keepalive packet to the server.

Fat AP and Cloud AP
● Maximum number of times the server has no response: If the number of

times that the server does not respond exceeds the specified value, the client
proactively releases the connection.
Precautions
● Enable the STelnet service on the SSH server by stelnet server enable
command, before connecting the SSH server by using the stelnet command.
● The SSH client can log in to the SSH server with no port specified only when
the server is listening on port 22. If the server is listening on another port, the
port number must be specified upon login.
● To ensure security, you are advised to use an encryption algorithm with a
higher security level.
Example
# Set keepalive parameters when the client logs in to the server through STelnet.
[HUAWEI] stelnet 10.164.39.209 -ki 10 -kc 4
3.4.42 stelnet ap (Central AP)

Function
The stelnet ap command enables users to log in to a Fit AP through STelnet.
Format
stelnet ap { ap-name ap-name | ap-id ap-id }
Parameters
ap-name ap- Specifies an AP name. The AP name must

name already exist.
ap-id ap-id Specifies an AP ID. The AP ID must

already exist.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
You can run this command to log in to a Fit AP through STelnet on the AP. You
only need to specify the AP's name or ID but does not need to enter its IP address.
Prerequisites
First-time authentication has been enabled on the SSH client using the ssh client
first-time enable command on the AP.
Example
# Log in to a Fit AP through STelnet by specifying the name of the Fit AP on the
AP.
[HUAWEI] stelnet ap ap-name area_1
Trying 192.168.109.253 ...
Press CTRL+K to abort
Connected to 192.168.109.253 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.109.253. Please wait...
Info: Current mode: Fit .

Info: Change the password to ensure security.
<area_1>
3.4.43 stelnet server enable
Function
The stelnet server enable command enables the STelnet service on the SSH
server.
The undo stelnet server enable command disables the STelnet service on the
SSH server.
By default, the STelnet service is enabled on the SSH server.
Format
stelnet server enable
undo stelnet server enable
Parameters
None
Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
To connect a client to the SSH server through STelnet, you must enable the
STelnet service on the SSH server.
Precautions
After you disable the STelnet service on the SSH server, all clients that have logged
in through STelnet are disconnected.
Example
# Enable the STelnet service.
[HUAWEI] stelnet server enable
3.4.44 telnet
Function
The telnet command enables you to use the Telnet protocol to log in to another
device from the current device.
Format
# Log in to another device through Telnet based on IPv4.
telnet [ -a source-ip-address ] host-ip [ port-number ]
Parameters
-a source-ip- By specifying a source IP address, you The value is in dotted

address can use this address to communicate decimal notation.
with the server for high network
security. If no source address is
specified, the system will use the IP
address of the local outbound
interface to initiate a Telnet
connection.
host-ip Specifies the IPv4 address or host The value is a string of

name of the remote device. 1 to 255 case-
insensitive characters
without spaces.

Fat AP and Cloud AP
port-number Specifies the number of the TCP port The value is an integer
that is used by the remote device to that ranges from 1 to
provide the Telnet service. 65535. The default
value is 23.
Views
User view
Default Level
0: Visit level
Usage Guidelines
Usage Scenario
If one or multiple devices on the network need to be configured and managed,
you do not need to connect each device to your terminal for local maintenance. If
you have learned the IP address of the device, you can run this command to log in
to the device from your terminal for remote device configuration. By doing this,
you can use one terminal to maintain multiple devices on the network.
You can press Ctrl_K to terminate an active connection between the local and
remote devices.
Precautions
● Before you run the telnet command to connect to the Telnet server, the
Telnet client and server must be able to communicate through Layer 3 and
the Telnet service must be enabled on the Telnet server.
● Logins through Telnet bring security risks because Telnet does not provide any
authentication mechanism and data is transmitted using TCP in plain text.
The STelnet mode is recommended for the network that has the high security
requirement.
Example
# Connect to a remote device through Telnet.
<HUAWEI> telnet 10.1.1.1
3.4.45 telnet client-source

Function
The telnet client-source command specifies the source IP address and interface
for a Telnet client.
The undo telnet client-source command restores the default settings.
The default source IP address of the Telnet client is 0.0.0.0.

Fat AP and Cloud AP
Format
telnet client-source { -a source-ip-address | -i interface-type interface-number }
undo telnet client-source
Parameters
-a source-ip-address Specifies the IPv4 address of the local -
wireless access point.
-i interface-type interface- Specifies the outbound interface of the -
number local wireless access point.
Views
System view
Default Level
3: Management level
Usage Guidelines
If the source IP address and interface are not specified in the telnet command,
use the default settings specified by telnet client-source. If the source IP address
and interface are specified in the telnet command, use the specified settings.
Check the current Telnet connection on the server. The IP address displayed is the
specified source IP address or the primary IP address of the specified interface.
Example
# Set the source IP address of the Telnet client to 1.1.1.1.
[HUAWEI] telnet client-source -a 1.1.1.1
3.4.46 telnet server permit interface

Function
The telnet server permit interface command specifies physical interfaces on the
Telnet server to which clients can connect.
The undo telnet server permit interface command restores the default physical
interfaces on the Telnet server to which clients can connect.
By default, clients can connect to all physical interfaces on the Telnet server.
Format
telnet server permit interface { interface-type interface-number } &<1-5>

Fat AP and Cloud AP
undo telnet server permit interface
Parameters

interface-number
interface-number specifies the interface number.
interface-number and interface-type together
specify an interface.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To prevent a client from connecting to the Telnet server through an unauthorized

physical interface or attacking the Telnet server by sending a large number of
Telnet packets, you can run the telnet server permit interface command to
specify physical interfaces on the Telnet server to which the client can connect.
Precautions
● By default, clients can connect to all physical interfaces on the Telnet server.
Once a specific physical interface is specified, a client cannot connect to the
Telnet server using other physical interfaces.
Layer 3 physical interface, logical interface, or non-Ethernet interface.
Example
# Specify physical interfaces on the Telnet server to which clients can connect.
[HUAWEI] telnet server permit interface gigabitethernet 0/0/0
Info: Succeeded in setting telnet permit interface.
# Restore the default physical interfaces on the Telnet server to which clients can
connect.
[HUAWEI] undo telnet server permit interface

Fat AP and Cloud AP
3.4.47 telnet server port

Function
The telnet server port command configures the listening port number of a Telnet
server.
The default listening port of a Telnet server is 23.
Format
telnet server port port-number
Parameters
port-number Specifies the listening The value is an integer that is 23 or

port number of a Telnet ranges from 1025 to 55535. The default
server. value 23 is the standard Telnet server
port number.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To protect the Telnet standard port against attacks and ensure network security,
configure the listening port number of the Telnet server.
Precautions
A Telnet client can log in to the server with no port specified only when the server
is listening on port 23. If the server is listening on another port, the port number
must be specified upon login.
Before changing the current port number, disconnect all devices from the port.
After the port number is changed, the server starts to listen on the new port.
Example
# Configure the listening port number to 1026.
[HUAWEI] telnet server port 1026
Warning: After the command is executed, the current Telnet port number is disabled and all Telnet users
are disconnected. Continue? (Y/N):y

Fat AP and Cloud AP
3.4.48 telnet server enable

Function
The telnet server enable command starts a Telnet server.
The undo telnet server enable command stops a Telnet server.
By default, the Telnet server is disabled.
Format
telnet server enable
undo telnet server enable
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
You can run this command to enable and disable the Telnet server. A Telnet server
can be connected only when it starts.
When the undo telnet server enable command is executed to disable the Telnet
server, an online Telnet user goes offline because the Telnet service is disabled.
When a Telnet server stops, you can log in to the device only through the console
port or SSH.
NOTE
The Telnet protocol poses a security risk, and therefore the STelnet V2 mode is
recommended.
Example
# Start a Telnet server.
[HUAWEI] telnet server enable
Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.
# Stop a Telnet server.

[HUAWEI] undo telnet server enable

Fat AP and Cloud AP
3.5 File Management Commands

NOTE
The AD9430DN-12 supports both flash: and flash1:, while flash1: is used as the storage
space for the attack defense function.
3.5.1 ascii
Function
The ascii command sets the file transfer mode to ASCII on an FTP client.
The default file transfer mode is ASCII.
Format
ascii
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Files can be transferred in ASCII or binary modes.
The ASCII mode is used to transfer plain text files, and the binary mode is used to
transfer application files such as system software (files with name extension .cc,
and .pat.), images, video files, compressed files, and database files.
Example
# Set the file transfer mode to ASCII.
<HUAWEI> ftp 10.1.1.1
Trying 10.1.1.1 ...
Connected to 10.1.1.1.
220 FTP service ready.
User(10.1.1.1:(none)):admin
331 Password required for admin.
Enter password:
230 User logged in.
[HUAWEI-ftp] ascii
200 Type set to A.

Fat AP and Cloud AP
3.5.2 binary
Function
The binary command sets the file transmission mode to binary on an FTP client.
The default file transfer mode is ASCII.
Format
binary
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Files can be transferred in ASCII or binary modes.
The ASCII mode is used to transfer plain text files, and the binary mode is used to
transfer application files such as system software (files with name extension .cc,
and .pat.), images, video files, compressed files, and database files.
Example
# Set the file transmission mode to binary.
<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Connected to 10.137.217.201.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.
[HUAWEI-ftp] binary
200 Type set to I.
3.5.3 bye
Function
The bye command terminates the connection with the remote FTP server and
enters the user view.

Fat AP and Cloud AP
Format
bye
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
This command is equivalent to the quit command.
You can use the close and disconnect commands to terminate the connection
with the remote FTP server and retain the FTP client view.
Example
# Terminate the connection with the remote FTP server and enter the user view.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] bye
221 server closing.
<HUAWEI>
3.5.4 cd (FTP client view)

Function
The cd command changes the working directory of the FTP server.
Format
cd remote-directory

Fat AP and Cloud AP
Parameters
remote- Specifies the name of a The value is a string of 1 to 64
directory working directory on the FTP case-insensitive characters
server. without spaces.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
The FTP server authorizes users to access files in certain directories and their
subdirectories.
NOTE
If the new working directory of the FTP server is on the same file drive as the current
working directory, you do not need to specify the name of the file drive in the command
but only need to specify the differences between two working directories. For example:
● If the current working directory is flash:/ and you want to change it to flash:/temp/
subtemp, run the cd temp/subtemp command.
● If the current working directory is flash:/temp and you want to change it to flash:/temp/
subtemp, run the cd subtemp command.
● If the current working directory is flash:/temp/subtemp and you want to change it to
flash:/temp, run the cd /temp command.
● If the current working directory is flash:/temp and you want to change it to flash:/, run
the cd / command.
Example
# Change the working directory to d:/temp.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] cd d:/temp
250 "D:/temp" is current directory.
3.5.5 cd (SFTP client view)

Function
The cd command changes the working directory of the SFTP server.

Fat AP and Cloud AP
Format
cd [ remote-directory ]
Parameters
remote-directory Specifies the name of a The value is a string of 1 to 64

directory on the SFTP server. case-insensitive characters
without spaces.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
● The SFTP server authorizes users to access files in certain directories and their
subdirectories.
● The specified working directory must exist on the SFTP server. If the remote-
directory parameter is not included in the cd command, only the current
working directory of an SSH user is displayed as the command output.
Example
# Change the current working directory of the SFTP server to /bill.
[HUAWEI] sftp 10.1.1.1
Please input the username:admin
Trying 10.1.1.1 ...
Enter password:
sftp-client> cd bill
Current directory is:
/bill
3.5.6 cd (user view)
Function
The cd command changes the current working directory of a user.
By default, the current working directory is flash:.
Format
cd directory

Fat AP and Cloud AP
Parameters
directory Specifies the The value is a string of 1 to 64 case-sensitive

current working characters without spaces in the [ drive ] path
directory of a format.
user.
In the preceding parameter, drive specifies the
storage device name, and path specifies the
directory and subdirectory.
You are advised to add : and / between the
storage device name and directory. Characters ~,
*, /, \, :, ', " cannot be used in the directory name.
For example, a directory name is flash:/selftest/
test/.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The following describes the drive name.

● drive indicates the storage device and is named as flash:. On the
AD9430DN-12, the storage device can also be flash1: as the primary space to
store feature files required for the attack defense function. Startup files and
configuration files can be stored only in flash:, while other files can be flexibly
stored in flash: or flash1.
The path can be an absolute path or relative path.

● flash:/my/test/ is an absolute path.
● selftest/ is related to the current working directory and indicates the selftest
directory in the current working directory.
Precautions
● The directory specified in the cd command must exist; otherwise, the error
messages will be displayed.
You can perform the following operations to rectify faults:
a. Run the pwd command to view the current working directory.
b. Run the dir command to view the current working directory and verify
that the directory specified in the cd command exists.

Fat AP and Cloud AP
Example
# Change the current working directory from flash:/temp to flash:.
<HUAWEI> pwd
flash:/temp
<HUAWEI> cd flash:
<HUAWEI> pwd
flash:
# Change the current working directory from flash: to flash:/t1/t2.

<HUAWEI> pwd
flash:
<HUAWEI> cd flash:/t1/t2
<HUAWEI> pwd
flash:/t1/t2
# Change the current working directory from flash:/selftest to flash:/logfile.

<HUAWEI> pwd
flash:/selftest
<HUAWEI> cd /logfile/
<HUAWEI> pwd
flash:/logfile
# Change the current working directory from flash:/selftest to flash:/selftest/

test.
<HUAWEI> pwd
flash:/selftest
<HUAWEI> cd test/
<HUAWEI> pwd
flash:/selftest/test
3.5.7 cdup (SFTP client view)

Function
The cdup command changes the current working directory of an SSH user to its
parent directory.
Format
cdup
Parameters
None
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
You can run the cdup command to change the current working directory to its
parent directory.
Precautions
If the current working directory is the SFTP authorization directory, the command
cannot change the current working directory.
Example
# Change the current working directory to its parent directory.
Trying 10.1.1.1 ...
Enter password:
sftp-client> cd dhcp
/dhcp
sftp-client> cdup
/
sftp-client> cdup
Error: Failed to change the current directory.
sftp-client>
3.5.8 cdup (FTP client view)

Function
The cdup command enables you to return to the upper-level directory.
Format
cdup
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To exit from the current directory and return to the upper-level directory, run the
cdup command.
Precautions

Fat AP and Cloud AP
The accessible directories for an FTP user are restricted by the authorized directory
configured for the user.
Example
# Exit from the current directory and return to the upper-level directory.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] cd security
250 "D:\security" is current directory.
[HUAWEI-ftp] cdup
250 "D:\" is current directory.
3.5.9 close
Function
The close command terminates the connection with the remote FTP server and
retains the FTP client view.
Format
close
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command is equivalent to the disconnect command.
You can run the bye and quit commands to terminate the connection with the
remote FTP server and enter the user view.
Precautions
To enter the user view from the FTP client view, you can run the bye or quit
command.

Fat AP and Cloud AP
Example
# Terminate the connection with the remote FTP server and enters the FTP client
view.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] close
221 Server closing.
[HUAWEI-ftp]
3.5.10 copy
Function
The copy command copies a file.
Format
copy source-filename destination-filename
Parameters
Parameter Description Settings
source-filename Specifies the path and The value is a string of 1

the name of a source to 64 case-sensitive
file. characters without
spaces in the [ drive ]
[ path ] file name
format.
In the preceding
parameter, drive
specifies the storage
device name, and path
specifies the directory
and subdirectory.
You are advised to add :
and / between the
storage device name and
directory. Characters ~,
*, /, \, :, ', " cannot be
used in the directory
name.

Fat AP and Cloud AP
destination-filename Specifies the path and The value is a string of 1

the name of a to 64 case-sensitive
destination file. characters without
[ path ] file name
format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Precautions
● If the destination file name is not specified, the designation file and the
source file have the same name. If the source file and the destination file are
in the same directory, you must specify the destination file name. If the

Fat AP and Cloud AP
destination file name is not specified, you cannot copy the source file
successfully.
● If the destination file name is the same as that of an existing file, the system
prompts you whether to overwrite the existing file. The system prompt is
displayed only when file prompt is set to alert.
Example
# Copy the file config.cfg from the root directory of the flash card to flash:/temp.
The destination file name is temp.cfg.
<HUAWEI> copy flash:/config.cfg flash:/temp/temp.cfg
Copy flash:/config.cfg to flash:/temp/temp.cfg?(y/n)[n]:y
100% complete
Info: Copied file flash:/config.cfg to flash:/temp/temp.cfg...Done
# If the current directory is the root directory of the flash card, you can perform
the preceding configuration using the relative path.
<HUAWEI> pwd
flash:
<HUAWEI> dir
Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName

0 -rw- 6,721,804 Mar 19 2012 12:31:58 devicesoft.cc
1 -rw- 910 Mar 19 2012 12:32:58 config.cfg
2 drw- - Mar 05 2012 09:54:34 temp
...
1,927,220 KB total (1,130,464 KB free)
<HUAWEI> copy config.cfg temp/temp.cfg
Copy flash:/config.cfg to flash:/temp/temp.cfg?(y/n)[n]:y
100% complete
Info: Copied file flash:/config.cfg to flash:/temp/temp.cfg...Done
# Copy the file config.cfg from the root directory of the flash card to flash:/temp.
The destination file name is config.cfg.
<HUAWEI> pwd
flash:
<HUAWEI> dir

0 -rw- 6,721,804 Mar 19 2012 12:31:58 devicesoft.cc
1 -rw- 910 Mar 19 2012 12:32:58 config.cfg
2 drw- - Mar 05 2012 09:54:34 temp
...
1,927,220 KB total (1,130,464 KB free)
<HUAWEI> copy config.cfg temp
Copy flash:/config.cfg to flash:/temp/config.cfg?(y/n)[n]:y
100% complete
Info: Copied file flash:/config.cfg to flash:/temp/config.cfg...Done
# Copy the file backup.zip to backup1.zip in the test directory from the current
working directory flash:/test/.
<HUAWEI> pwd
flash:/test
<HUAWEI> copy backup.zip backup1.zip
Copy flash:/test/backup.zip to flash:/test/backup1.zip?(y/n)[n]:y
100% complete
Info: Copied file flash:/test/backup.zip to flash:/test/backup1.zip...Done

Fat AP and Cloud AP
3.5.11 debugging
Function
The debugging command enables the debugging function of the FTP client.
The undo debugging command disables the debugging function of the FTP client.
By default, the debugging function of the FTP client is disabled.
Format
debugging
undo debugging
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
You can run the debugging command to check the session information sent by
the FTP client to the FTP server.
Example
# Enable the debugging function of the FTP client.
Trying 10.1.1.1 ...
Press CTRL + K to abort
User(10.1.1.1:(none)):ftp
331 Password required for ftp.
Enter password:
230 User logged in.
[ftp] debugging
3.5.12 delete (user view)

Function
The delete command deletes a specified file in the storage device.
Format
delete [ /unreserved ] [ /force ] { filename | devicename }

Fat AP and Cloud AP
Parameters
/unreserved Deletes a specified file. -
The deleted file cannot be
restored.
/force Deletes a file directly -

without any confirmation.
filename Specifies the name of a The value is a string of 1 to 64 case-

file to be deleted. sensitive characters without spaces in
the [ drive ] [ path ] file name
format.
In the preceding parameter, drive
specifies the storage device name, and
path specifies the directory and
subdirectory.
You are advised to add : and /
between the storage device name and
directory. Characters ~, *, /, \, :, ', "
cannot be used in the directory name.
devicename Deletes all the files in the -

storage device.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
Like devicename, drive specifies the storage device name.

Precautions
● The wildcard (*) can be used in the delete command.
● If the parameter /unreserved is not included, the file is stored in the recycle
bin. To display all files including deleted files that are displayed in square
brackets ([ ]), run the dir /all command. To restore these files that are
displayed in square brackets ([ ]), run the undelete command. To clear these
files from the recycle bin, run the reset recycle-bin command.
NOTICE
If you delete a file using the /unreserved parameter, the file cannot be
deleted.
● If you delete a specified storage device, all files are deleted from the root
directory of the storage device.
● If you delete two files with the same name from different directories, the last
file deleted is kept in the recycle bin.
● If you attempt to delete a protected file, such as a configuration file, patch
file, or patch status file, a system prompt is displayed.
● You cannot delete a directory by running the delete command. To delete a
directory, run the rmdir (user view) command.
Example
# Delete the file test.txt from the flash:/test/ directory.
<HUAWEI> delete flash:/test/test.txt
Delete flash:/test/test.txt?(y/n)[n]:y
Info: Deleting file flash:/test/test.txt...succeed.
# Delete the file test.txt from the current working directory flash:/selftest.
<HUAWEI> delete test.txt
Delete flash:/selftest/test.txt?(y/n)[n]:y
Info: Deleting file flash:/selftest/test.txt...succeed.
3.5.13 dir (user view)

Function
The dir command displays information about files and directories stored on the
storage device.
Format
dir [ /all ] [ filename | directory ]

Fat AP and Cloud AP
Parameters
/all Displays all files and -

directories stored in the
current directory,
including files and
directories moved to the
recycle bin from the
current directory.
filename Specifies the file name. The value is a string of 1

to 64 case-sensitive
characters without
[ path ] file name
format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.
directory Specifies the file The value is a string of 1

directory. to 64 case-sensitive
characters without
path format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.

Fat AP and Cloud AP
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The wildcard (*) can be used in the dir command. If no parameter is specified, this
command displays information about the files and directories in the current
directory.
The following describes the drive name:
You can use the dir /all command to view information about all files and
directories of the storage device, including those stored in the recycle bin. The
name of a file in the recycle bin is placed in square brackets ([]), for example,
[test.txt].
Precautions
If the device name has been changed or the device generates logs during device
name restoration, the logs are recorded in log files with different device names.
With the dir command, you are advised to search for logs by timestamp instead of
by device name.
Example
# Display information about all files and directories stored in the current directory.
<HUAWEI> dir /all

0 -rw- 889 Feb 25 2012 10:00:58 private-data.txt
1 -rw- 6,311 Feb 17 2012 14:05:04 backup.cfg
2 -rw- 836 Jan 01 2012 18:06:20 rr.dat
3 drw- - Jan 01 2012 18:08:20 syslogfile
4 -rw- 836 Jan 01 2012 18:06:20 rr.bak
5 drw- - Feb 27 2012 00:00:54 security
6 -rw- 523,240 Mar 16 2011 11:21:36 53hib66.txt
7 -rw- 2,290 Feb 25 2012 16:46:06 vrpcfg.cfg
8 -rw- 812 Dec 12 2011 15:43:10 hostkey
9 drw- - Jan 01 2012 18:05:48 compatible

Fat AP and Cloud AP
10 -rw- 25,841,428 Nov 17 2011 09:48:10 basicsoft.cc

11 -rw- 540 Dec 12 2011 15:43:12 serverkey
12 -rw- 26,101,692 Dec 21 2011 11:44:52 devicesoft.cc
13 -rw- 6,292 Feb 14 2012 11:14:32 1.cfg
14 -rw- 6,311 Feb 17 2012 10:22:56 1234.cfg
15 -rw- 6,311 Feb 25 2012 17:22:30 [11.cfg]
1,927,220 KB total (1,130,464 KB free)
# Display information about file vrpcfg.cfg in the current directory.

<HUAWEI> dir vrpcfg.cfg

0 -rw- 2,290 Feb 25 2012 16:46:06 vrpcfg.cfg
1,927,220 KB total (1,130,464 KB free)
# Display information about all .txt files stored in the current directory.
<HUAWEI> dir *.txt

0 -rw- 889 Feb 25 2012 10:00:58 private-data.txt
1,927,220 KB total (1,130,464 KB free)
Table 3-28 Description of the dir command output

Item Description
d Indicates a directory. If there is no output for this parameter, the

command output indicates a file. For example, devicesoft.cc is a
file and security is a directory.
r Indicates that the file or directory can be read.
w Indicates that the file or directory is editable.
[] Indicates a file stored in the recycle bin.
3.5.14 delete (FTP client view)

Function
The delete command deletes a file from the FTP server.
Format
delete remote-filename

Fat AP and Cloud AP
Parameters
remote- Specifies the name of a file The value is a string of 1 to 64
filename to be deleted. case-insensitive characters
without spaces.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
A file deleted in the FTP client view cannot be restored.
Example
Delete the file temp.c.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] delete temp.c
Warning: The contents of file temp.c cannot be recycled. Continue? (y/n)[n]:y
250 File deleted from remote host.
3.5.15 dir/ls (FTP client view)

Function
The dir and ls commands display all files or specified files that are stored on the
FTP server, and save them to a local disk.
Format
dir [ remote-filename [ local-filename ] ]
ls [ remote-filename [ local-filename ] ]

Fat AP and Cloud AP
Parameters
remote- Specifies the name and The value is a string of 1 to 64

filename directory of a file stored on the case-insensitive characters
FTP server. without spaces.
local-filename Specifies the name of the local The value is a string of 1 to 64

file that saves the FTP server case-insensitive characters
file information. without spaces.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The following describes differences between the dir and ls commands.
● After you run the dir command, detailed file information is displayed,
including the file size, date when the file is created, whether the file is a
directory, and whether the file is editable. After you run the ls command, only
the file name is displayed.
● The dir command is used to save detailed file information, while the ls
command is used to save only the file name even if the file is specified and
saved in a local directory.
Precautions
The wildcard (*) can be used in commands dir and ls.
Example
# Display the name or detailed information about a file that is saved in the test
directory.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] cd test
250 CWD command successfully.
[HUAWEI-ftp] dir

Fat AP and Cloud AP
200 Port command okay.

150 File Listing Follows in ASCII mode
drwxrwxrwx 1 noone nogroup 0 Mar 24 10:48 . drwxrwxrwx 1 noone nogroup 0 Mar 26
15:52 .. drwxrwxrwx 1 noone nogroup 0 Mar 23 16:04 yourtest -rwxrwxrwx 1 noone
nogroup 5736 Mar 24 10:38 backup.txt -rwxrwxrwx 1 noone nogroup 5736 Mar 24 10:38
backup1.txt
226 Transfer finished successfully.
[HUAWEI-ftp] ls
yourtest
backup.txt
backup1.txt
FTP: 10 byte(s) received in 0.110 second(s) 90.90byte(s)/sec.
# Display the detailed information in file temp.c, and save the displayed
information in file temp1.
[HUAWEI-ftp] dir temp.c temp1
200 PORT command okay
\
FTP: 62 byte(s) received in 0.050 second(s) 1.24Kbyte(s)/sec.
[HUAWEI-ftp] quit
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
<HUAWEI> more temp1

-rwxrwxrwx 1 noone nogroup 3929 Apr 27 18:13 temp.c
# Display the name of file test.bat, and save the displayed information in file test.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] ls test.bat test
150 Opening ASCII mode data connection for test.bat.
226 Transfer complete.
[HUAWEI-ftp] quit
221 Server closing.

<HUAWEI> more test
test.bat
Table 3-29 Description of the dir/Is command output
d in the Indicates a directory. If there is no output for this parameter, the

command command output indicates a file.
output
r in the Indicates that the file or directory can be read.

command
output

Fat AP and Cloud AP
w in the Indicates that the file or directory is editable.

command
output
3.5.16 dir/ls (SFTP client view)

Function
dir and ls commands display a list of specified files that are stored on the SFTP
server.
Format
dir [ -l | -a ] [ remote-directory ]
ls [ -l | -a ] [ remote-directory ]
Parameters
-l Displays detailed information about -
all files and directories in a specified
directory.
-a Displays names of all files and -
directories in a specified directory.
remote-directory Specifies the name of a directory on The value is a string of
the SFTP server. 1 to 64 case-insensitive
characters without
spaces.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
The dir and ls commands are equivalent.
● If -l and -a parameters are not specified, detailed information about all files
and directories in a specified directory is displayed after you run the dir or ls
command. The effect is the same as the dir -l command output.
● By default, if the remote-directory parameter is not specified, the list of
current directory files is displayed after you run the dir or ls command.

Fat AP and Cloud AP
Example
# Displays a list of files in the test directory of the SFTP server.
Trying 10.1.1.1 ...
Enter password:
sftp-client> dir test
drwxrwxrwx 1 noone nogroup 0 Mar 24 18:48 .
drwxrwxrwx 1 noone nogroup 0 Mar 29 14:52 ..
-rwxrwxrwx 1 noone nogroup 0 Mar 24 00:04 yourtest
-rwxrwxrwx 1 noone nogroup 5736 Mar 24 18:38 backup.txt
-rwxrwxrwx 1 noone nogroup 5736 Mar 24 18:38 backup1.txt
sftp-client> dir -a test
.
..
yourtest
backup.txt
backup1.txt
sftp-client> ls test
-rwxrwxrwx 1 noone nogroup 0 Mar 24 00:04 yourtest
-rwxrwxrwx 1 noone nogroup 5736 Mar 24 18:38 backup1.txt
sftp-client> ls -a test
.
..
yourtest
backup.txt
backup1.txt
3.5.17 disconnect
Function
The disconnect command terminates the connection with the remote FTP server
and displays the FTP client view.
Format
disconnect
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
This command is equivalent to the close command.

Fat AP and Cloud AP
You can run the bye and quit commands to terminate the connection with the
remote FTP server and enter the user view.
To enter the user view from the FTP client view, you can run the bye or quit
command.
Example
# Terminate the connection with the remote FTP server and enter the FTP client
view.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] disconnect
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
[HUAWEI-ftp]
3.5.18 display ftp-server

Function
The display ftp-server command displays FTP server parameter settings.
Format
display ftp-server
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to display FTP server parameter settings.
Example
# Display FTP server parameter settings.
<HUAWEI> display ftp-server
FTP server is running

Fat AP and Cloud AP
Max user number 15

User count 1
Timeout value(in minute) 30
Listening port 21
Acl number 2010
FTP server's source address 10.1.1.1
Table 3-30 Description of the display ftp-server command output

FTP server is running The FTP server starts.

You can run the ftp server enable
command to start the FTP server.
Max user number Maximum number of users who can

access the FTP server.
User count Number of users who are accessing

the FTP server.
Timeout value(in minute) Idle timeout duration of FTP users.

You can run the ftp timeout
command to set the idle timeout
duration of FTP users.
Listening port Number of the listening port on the

FTP server. The default value is 21.
If the value is not 21, you can run the
ftp server port command to
configure the listening port number.
Acl number Number of the ACL of the FTP server.

The default value is 0. You can run the
ftp acl command to change the ACL
number.
FTP server's source address Source IP address for the FTP server to
send packets. The default value is
0.0.0.0.
You can run the ftp server-source
command to configure the source IP
address for the FTP server. Here, the
source IP address 10.1.1.1 is displayed.
If a source interface is configured, this
field displays "FTP server's source
interface LoopBack0."
3.5.19 display ftp-users

Function
The display ftp-users command displays FTP user parameters on the FTP server.

Fat AP and Cloud AP
Format
display ftp-users
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can check FTP user parameters on the FTP server, such as the FTP user name,
IP address of the client host, port number, idle duration, and the authorized
directory.
Example
# Display FTP user parameters.
<HUAWEI> display ftp-users
username host port idle topdir
test 10.137.217.159 51156 0 flash:
The preceding information indicates that two users are connected to the FTP
server.
Table 3-31 Description of the display ftp-users command output

username FTP user name.
host IP address of the client host.
port Port number of the client host.
idle Idle duration.
topdir Authorized directory of a user.

You can run the local-user ftp-directory command to
configure the authorized directory.

Fat AP and Cloud AP
3.5.20 display ftp-client
Function
The display ftp-client command displays the source IP address configured for the
FTP client.
Format
display ftp-client
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
The default source IP address is 0.0.0.0 if ftp client-source is not configured.
Example
# Display the source IP address of the FTP client.
<HUAWEI> display ftp-client
Info: The source address of FTP client is 10.1.1.1.
Table 3-32 Description of the display ftp-client command output
Info: The source address of FTP client is 10.1.1.1 is the source IP address of the
10.1.1.1. FTP client.
You can run the ftp client-source
address.
If the IP address is configured for the
source port, the message "The source
interface of FTP client is LoopBack0"
is displayed.

Fat AP and Cloud AP
3.5.21 display sftp-client
Function
The display sftp-client command displays the source IP address configured for
the SFTP client.
Format
display sftp-client
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display sftp client command to display the source IP address of
the SFTP client. By default, the source IP address is 0.0.0.0 if sftp client-source is
not configured.
Example
# Display the source IP address configured for the SFTP client.
<HUAWEI> display sftp-client
Info: The source address of SFTP client is 1.1.1.1
Table 3-33 Description of the display sftp-client command output
Info: The source address of SFTP client 1.1.1.1 is the source IP address of the
is 1.1.1.1 SFTP client.
You can run the sftp client-source
address for the SFTP client.
interface of SFTP client is LoopBack0"
is displayed.

Fat AP and Cloud AP
3.5.22 display tftp-client
Function
The display tftp-client command displays the source IP address configured for
the TFTP client.
Format
display tftp-client
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
You can run the display tftp client command to query source IP address of the
TFTP client. The default source IP address is 0.0.0.0 if tftp client-source is not
configured.
Example
# Display the source IP address configured for the TFTP client.
<HUAWEI> display tftp-client
Info: The source address of TFTP client is 1.1.1.1.
Table 3-34 Description of the display tftp-client command output
Info: The source address of TFTP client 1.1.1.1 is the source IP address of the
is 1.1.1.1. TFTP client.
You can run the tftp client-source
address for the TFTP client.
interface of TFTP client is LoopBack0"
is displayed.

Fat AP and Cloud AP
3.5.23 execute
Function
The execute command executes a specified batch file.
Format
execute batch-filename
Parameters
batch-filename Specifies the name of a The value is a string of 5 to 64 case-

batch file. sensitive characters without spaces.
The file name extension is .bat.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
If a series of commands are frequently executed, write these commands in a batch
file, and store this file in system. In this way, you can only execute this command
to run multiple commands which were manually entered before. This command
improves maintenance and management efficiency.
NOTE
● The batch file is edited in .txt format. When editing the file, ensure that one command
occupies one line. After editing the file, save the file and change the file name extension
to .bat.
● Transfer the batch file in file transmission mode to the device.
Prerequisites
Before running the execute command, ensure that the batch file to be processed
is in the current directory; otherwise, the system cannot find the batch file.
Precautions
● The commands in a batch file are run one by one. A batch file cannot contain
invisible characters (control characters or escape characters, such as \r, \n, and
\b). If any invisible character is detected, the execute command exits from the
current process and no rollback is performed.

Fat AP and Cloud AP
● The execute command does not ensure that all commands can be run. If the
system runs a wrong or immature command, it displays the error and goes to
next command. The execute command does not perform the hot backup
operation, and the command format or content is not restricted.
Example
# Execute the test.bat file in the directory flash:/. The test.bat file contains three
commands: system-view, aaa and local-user test service-type web.
[HUAWEI] execute test.bat
[HUAWEI] system-view
^
Error: Unrecognized command found at '^' position.
[HUAWEI] aaa
[HUAWEI-aaa] local-user test service-type web
[HUAWEI-aaa]
When the system runs the first command system-view in current system view, it
displays an error and continues to run the following commands.
The system displays the execution of a batch file in AAA view.
[HUAWEI-aaa] display this
local-user test service-type web
3.5.24 file prompt

Function
The file prompt command changes the prompt mode when you perform
operations on files.
The default prompt mode is alert.
Format
file prompt { alert | quiet }
Parameters
alert Display a prompt message before users perform an -
operation.
quiet Display no prompt message before users perform an -
operation.
Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
NOTICE
If the prompt mode is set to quiet, the system does not provide prompt messages
when data is lost because of misoperations such as the operation of deleting or
overwriting files. Therefore, this prompt mode should be used with caution.
Example
# Set the prompt mode to quiet. When you rename a copied file test.txt using an
existing file name test1.txt, no prompt message is displayed.
[HUAWEI] file prompt quiet
[HUAWEI] quit
<HUAWEI> copy test.txt test1.txt
Deleting file permanently from flash will take a long time if needed...Done.
100% complete
Info: Copied file flash:/test.txt to flash:/test1.txt...Done
# Set the prompt mode to alert.

[HUAWEI] file prompt alert
[HUAWEI] quit
<HUAWEI> copy test.txt test1.txt
Copy flash:/test.txt to flash:/test1.txt?(y/n)[n]:y
The file flash:/test1.txt exists. Overwrite it?(y/n)[n]:y
Deleting file permanently from flash will take a long time if needed...Done.
100% complete
Info: Copied file flash:/test.txt to flash:/test1.txt...Done
3.5.25 format
Function
The format command formats a storage device.
NOTE
Only the AD9430DN-24 and AD9430DN-12 support this command.
Format
format drive

Fat AP and Cloud AP
Parameters
drive Specifies the name of a The value is of the enumerated type:

storage device to be ● usb
formatted.
● sdcard
The value sdcard: is supported only by
the AD9430DN-12.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When the file system fault cannot be rectified or the data on the storage device is
no longer needed, the storage device can be formatted. When you run the format
command, all files and directories are cleared from the storage device.
Currently, only the USB flash drive and micro SD card of the device can be
formatted.
Precautions
NOTICE
After the format command is run, files and directories are cleared from the
specified storage device and cannot be restored. Therefore, this command should
be used with caution.
If the storage device is still unavailable after the format command is run, a
physical exception may have occurred.
Example
# Format the storage device.
<HUAWEI> format usb:
All data(include configuration and system startup file) on usb: will be lost , proceed with format? (y/n)[n]:y
%Format usb: completed.

Fat AP and Cloud AP
3.5.26 ftp
Function
The ftp command connects the FTP client to the FTP server and enters the FTP
client view.
Format
# Connect the FTP client to the FTP server based on the IPv4 address.
ftp [ [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-

number ] ]
Parameters
-a source-ip- Specifies the source IP address for The value is in dotted

address connecting to the FTP client. You are decimal notation.
advised to use a loopback interface
IP address as the source IP address.
-i interface-type Specifies the source interface type -

interface- and ID. You are advised to use a
number loopback interface as the source
interface.
The IP address configured for the
interface is the source IP address for
sending packets. If no IP address is
configured for the source interface,
the FTP connection cannot be set up.
host-ip Specifies the IP address or host The value is a string of

name of the remote IPv4 FTP server. characters. The value of
the IPv4 host name is a
string of 1 to 255 case-
without spaces.
port-number Specifies the port number of an FTP The value is an integer

server. that ranges from 1 to
65535. The default value
is the standard port
number 21.
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Before accessing the FTP server on the FTP client, you must run this command to
connect the FTP client to the FTP server.
Precautions
● You can set the source IP address to the source or destination IP address in
the ACL rule when the parameter -a or -i is specified on the IPv4 network.
This shields the IP address differences and interface status impact, and filters
incoming and outgoing packets, improving device security.
● If no parameter is set in this command, only the FTP view is displayed, and no
connection is set up between the FTP server and client.
● If the port number used by the FTP server is not a standard one, you must
specify a standard port number; otherwise, the FTP server and client cannot
be connected.
● When you run this command, the system prompts you to enter the user name
and password for logging in to the FTP server. You can log in to the FTP server
only when the user name and password are correct.
● If the number of login users exceeds the maximum value allowed by the FTP
server, new authorized users cannot log in to the FTP server. To allow new
authorized users to log in to the FTP server, users who have completed FTP
services need to disconnect their clients from the FTP server. You can run the
bye or quit command to disconnect the FTP client from the FTP server and
return to the user view, or run the close or disconnect command to
disconnect the FTP client from the FTP server and stay in the FTP client view.
● During the connection to the FTP server, you can press Ctrl+K to terminate
the current connection.
Example
# Connect to the remote FTP server whose address is 10.1.1.1.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp]
3.5.27 ftp acl

Function
The ftp acl command specifies an ACL number for the current FTP server so that
the FTP client with the same ACL number can access the FTP server.

Fat AP and Cloud AP
The undo ftp acl command deletes an ACL number of the current FTP server.
By default, no ACL is configured for FTP server.
Format
ftp acl acl-number
undo ftp acl
Parameters
acl-number Specifies the number of the The value is an integer that ranges
ACL. from 2000 to 2999.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To ensure the security of an FTP server, you need to configure an ACL for it to
specify FTP clients that can access the current FTP server.
Precautions
● The ftp acl command takes effect only after you run the rule command to
configure the ACL rule.
● The FTP only supports the basic ACL whose number ranges from 2000 to
2999.
Example
# Allow the client whose ACL number is 2000 to log in to the FTP server.
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 10.10.10.1 0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] ftp acl 2000
3.5.28 ftp client-source

Function
The ftp client-source command specifies the source IP address for the FTP client
to send packets.

Fat AP and Cloud AP
The undo ftp client-source command restores the default source IP address for
the FTP client to send packets.
The default source IP address for the FTP client to send packets is 0.0.0.0.
Format
ftp client-source { -a source-ip-address | -i interface-type interface-number }
undo ftp client-source
Parameters
-a source-ip- The value is
Specifies the source IP address. You are
address in dotted
advised to use the loopback interface IP
decimal
address.
notation.
-i interface-type Specifies the source interface. You are -
interface-number advised to use the loopback interface.
The IP address configured for the source
interface is the source IP address for sending
packets. If no IP address is configured for the
source interface, the FTP connection cannot
be set up.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If no source IP address is specified, the client uses the source IP address that the
router specifies to send packets. The source IP address must be configured for an
interface with stable performance. The loopback interface is recommended. Using
the loopback interface as the source interface simplifies the ACL rule and security
policy configuration. This shields the IP address differences and interface status
impact, and incoming and filters outgoing packets, and implements security
authentication.
Precautions
● You can also run the ftp command to configure the source IP address whose
priority is higher than that of the source IP address specified by the ftp client-
source command. If you specify the source IP addresses by running the ftp

Fat AP and Cloud AP
client-source and ftp commands, the source IP address specified by the ftp
command is used for data communication and is available only for the
current FTP connection, while the source IP address specified by the ftp
client-source command is available for all FTP connections.
● The IP address that a user displays on the FTP server is the specified source IP
address or source interface IP address.
Example
# Set the source IP address of the FTP client to 1.1.1.1.
[HUAWEI] ftp client-source -a 1.1.1.1
Info: Succeeded in setting the source address of the FTP client to 1.1.1.1.
3.5.29 ftp server enable
Function
The ftp server enable command enables the FTP server function to allow FTP
users to log in to the FTP server.
The undo ftp server command disables the FTP server function so that FTP users
cannot log in to the FTP server.
By default, the FTP function is disabled.
Format
ftp server enable
undo ftp server
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To manage FTP server files on a client, you must run the ftp server enable
command to enable the FTP server function to allow FTP users to log in to the
FTP server.
Precautions

Fat AP and Cloud AP
If the security FTP server function is disabled, no user can log in to the FTP server,
and users who have logged in to the FTP server can perform only the logout
operation.
NOTE
The FTP protocol will bring risk to device security. The SFTP V2 mode is recommended.
Example
# Enable the FTP server function.
[HUAWEI] ftp server enable
3.5.30 ftp server permit interface
Function
The ftp server permit interface command specifies physical interfaces on the FTP
server to which clients can connect.
The undo ftp permit interface command restores the default physical interfaces
on the FTP server to which clients can connect.
By default, clients can connect to all the physical interfaces on the FTP server.
Format
ftp server permit interface { interface-type interface-number } &<1-5>
undo ftp server permit interface
Parameters
interface-type interface-type: specifies the interface type. -

interface-number
interface-number: specifies the interface number.
interface-number and interface-type together
Views
System view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
To prevent a client from connecting to the FTP server through an unauthorized
physical interface or attacking the FTP server by sending a large number of FTP
packets, you can run the ftp server permit interface command to specify physical
interfaces on the FTP server to which the client can connect.
Precautions
● By default, clients can connect to all the physical interfaces on the FTP server.
Once a physical interface is specified using the ftp server permit interface
command, a client cannot connect to the FTP server through other physical
interfaces.
Layer 3 physical interface, logical interface, or non-Ethernet interface.
● A physical interface specified using this command cannot be added to an Eth-
Trunk. If it is added to an Eth-Trunk, a client cannot connect to the FTP server
through this physical interface.
Example
# Specify physical interfaces on the FTP server to which clients can connect.
[HUAWEI] ftp server permit interface gigabitethernet 0/0/0
Info: Succeeded in setting ftp permit interface.
# Restore the default physical interfaces on the FTP server to which clients can
connect.
[HUAWEI] undo ftp server permit interface
3.5.31 ftp server port

Function
The ftp server port command specifies the listening port number of the FTP
server.
The undo ftp server port command restores the default listening port number of
the FTP server.
The default listening port number of the FTP server is 21.
Format
ftp server port port-number

Fat AP and Cloud AP
Parameters
port port-number Specifies the listening port The value is 21 or an integer

number of the FTP server. that ranges from 1025 to
55535
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
By default, the listening port number of the FTP server is 21. Attackers may
frequently access the default listening port, which wastes bandwidth, deteriorates
server performance, and prevents authorized users from accessing the FTP server
through the listening port. You can run the ftp server port command to specify
another listening port number to prevent attackers from accessing the listening
port.
Prerequisites
Before running the ftp server port command to specify the listening port number,
you must first run the undo ftp server command to disable FTP services.
Precautions
● After the ftp server port command is executed, the FTP server disconnects all
FTP connections and uses the new listening port.
● If the current listening port number is 21, FTP client users do not need to
specify the port number for logging in to the FTP server. If the current
listening port number is not 21, FTP client users must use the FTP server's
listening port number to log in to the FTP server.
● After the listening port number is changed, you must run the ftp server
enable command to enable FTP services to make the configuration take
effect.
Example
# Change the port number of the FTP server to 1028.
[HUAWEI] undo ftp server
[HUAWEI] ftp server port 1028

Fat AP and Cloud AP
3.5.32 ftp server-source

Function
The ftp server-source command specifies the source IP address for the FTP server
to send packets.
The undo ftp server-source command restores the default source IP address for
the FTP server to send packets.
The default source IP address for the FTP server to send packets is 0.0.0.0.
Format
ftp server-source { -a source-ip-address | -i interface-type interface-number }
undo ftp server-source
Parameters
-a source-ip-address Specifies the source IP address. You are advised to -

use the loopback interface IP address.
-i interface-type Specifies the source interface. You are advised to -

interface-number use the loopback interface.
The IP address configured for the source interface
is the source IP address for sending packets. If no
IP address is configured for the source interface,
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If no source IP address (0.0.0.0 by default) is specified, the FTP server uses the
source IP address that the router specifies to send packets. The source IP address
must be configured for an interface with stable performance. The loopback
interface is recommended. Using the loopback interface as the source interface
simplifies the ACL rule and security policy configuration. This shields the IP
address differences and interface status impact, and incoming and filters outgoing
packets, and implements security authentication.

Fat AP and Cloud AP
Precautions
● After the source IP address is specified for the FTP server, you must use the
specified IP address to log in to the FTP server.
● If FTP services have been enabled, the FTP service restarts after the ftp
server-source command is executed.
Example
# Set the source IP address of the FTP server to the IP address of LoopBack0.
[HUAWEI] ftp server-source -i loopback0
Warning: To make the server source configuration take effect, the FTP server will be restarted. Continue?
(y/n)[n]: y
Info: Succeeded in setting the source interface of the FTP server to LoopBack0
3.5.33 ftp timeout

Function
The ftp timeout command configures the idle timeout duration of the FTP server.
The undo ftp timeout command restores the default idle timeout duration.
By default, the idle timeout duration of the FTP server is 30 minutes.
Format
ftp timeout minutes
undo ftp timeout
Parameters
minutes Specifies idle timeout The value is an integer that ranges from 1 to
duration. 35791, in minutes. By default, the idle
timeout duration is 30 minutes.
Views
System view
Default Level
3: Management level
Usage Guidelines
After a user logs in to the FTP server, a connection is set up between the FTP
server and the user's client. The idle timeout duration is configured to release the

Fat AP and Cloud AP
connection when the connection is interrupted or when the user performs no

operation for a specified time.
Example
# Set the idle timeout duration to 36 minutes.
[HUAWEI] ftp timeout 36
3.5.34 get (FTP client view)

Function
The get command downloads a file from the FTP server and saves the file to the
local device.
Format
get remote-filename [ local-filename ]
Parameters
remote- Specifies the name of the file The value is a string of 1 to 64
filename to be downloaded from the case-sensitive characters
local-filename Specifies the name of a The value is a string of 1 to 64
downloaded file to be saved to case-sensitive characters
the local device. without spaces.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the get command to download system software, backup
configuration files, and patch files from the FTP server to upgrade devices.
Precautions
● If the downloaded file name is not specified on the local device, the original
file name is used.
● If the name of the downloaded file is the same as that of an existing local
file, the system prompts you whether to overwrite the existing file.

Fat AP and Cloud AP
Example
# Download the system software devicesoft.cc from the FTP server.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] get devicesoft.cc
3.5.35 get (SFTP client view)

Function
The get command downloads a file from the SFTP server and saves the file to the
local device.
Format
get remote-filename [ local-filename ]
Parameters
filename to be downloaded from the case-sensitive characters
SFTP server. without spaces.
local-filename Specifies the name of a The value is a string of 1 to 64
downloaded file to be saved to case-sensitive characters
the local device. without spaces.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the get command to download files from the FTP server to upgrade
devices.
Precautions
● If the local-filename is not specified on the local device, the original file name
is used.

Fat AP and Cloud AP
● If the name of the downloaded file is the same as that of an existing local
file, the system prompts you whether to overwrite the existing file.
Example
# Download a file from the SFTP server.
Trying 10.1.1.1 ...
Enter password:
sftp-client> get test.txt
3.5.36 help (SFTP client view)
Function
The help command displays the help information in the SFTP client view.
Format
help [ all | command-name ]
Parameters
all Displays all commands in the SFTP client view. -
command-name Displays the format and parameters of a specified -

command in the SFTP client view.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
In the SFTP view, you can only enter the question mark (?) to obtain all
commands in the SFTP client view. If you enter a command keyword and the
question mark (?) to query command parameters, an error message is displayed,
as shown in the following:
sftp-client> dir ?
Error: Failed to list files.

Fat AP and Cloud AP
You can run the help command to obtain the help information and display all
commands or a command format in the SFTP client view.
Precautions
If you specify no parameter when running the help command, all commands in
the SFTP client view is displayed. This has the same effect as the help all
command or directly entering the question mark (?) in the SFTP client view.
Example
# Display the format of the command get.
Trying 10.1.1.1 ...
Enter password:
sftp-client> help get
get Remote file name STRING<1-64> [Local file name STRING<1-64>] Download file
Default local file name is the same with remote file.
# Display all commands in the SFTP client view.

sftp-client> help all
cd
cdup
dir
get
help
ls
mkdir
put
pwd
quit
rename
remove
rmdir
3.5.37 mkdir (FTP client view)
Function
The mkdir command creates a directory on the remote FTP server.
Format
mkdir remote-directory
Parameters

remote- Specifies the directory The value is a string of case-sensitive
directory to be created. characters without spaces. The
absolute path length ranges from 1 to
64

Fat AP and Cloud AP
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
● You can run the mkdir command to create a subdirectory in a specified
directory, and the subdirectory name must be unique.
● If no path is specified when you create a subdirectory, the subdirectory is
created in the current directory.
● The created directory is stored on the FTP server.
Example
# Create a directory test on the remote FTP server.
<HUAWEI> ftp 172.16.104.110
Trying 172.16.104.110 ...
Connected to 172.16.104.110.
User(172.16.104.110:(none)):huawei
331 Password required for huawei
Enter password:
230 User logged in.
[HUAWEI-ftp] mkdir test
257 "test" new directory created.
3.5.38 mkdir (SFTP client view)
Function
The mkdir command creates a directory on the remote SFTP server.
Format
mkdir remote-directory
Parameters
remote- Specifies the The value is a string of case-sensitive
directory directory to be characters without spaces. The absolute
created. path length ranges from 1 to 64, while the
directory name length ranges from 1 to 15.
Views
SFTP client view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
● You can run the mkdir command to create a subdirectory in a specified
directory, and the subdirectory name must be unique.
● If no path is specified when you create a subdirectory, the subdirectory is
created in the current directory.
● The created directory is stored on the SFTP server.
● After a directory is created, you can run the dir/ls (SFTP client view)
command to view the directory.
Example
# Create a directory on the SFTP server.
Trying 10.1.1.1 ...
Enter password:
sftp-client> mkdir ssh
Info: Succeeded in creating a directory.
3.5.39 mkdir (User view)

Function
The mkdir command creates a directory in the current storage device.
Format
mkdir directory

Fat AP and Cloud AP
Parameters
directory Specifies a directory or The value is a string of

directory and its path. case-sensitive characters
in the [ drive ] [ path ]
directory format. The
absolute path length
ranges from 1 to 64,
while the directory name
length ranges from 1 to
15.
In the preceding
parameter, drive
and subdirectory.
Characters such as ~, *, /,
\, :, ', " cannot be used in
the directory name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If you only the subdirectory name is specified, a subdirectory is created in the
current working directory. You can run the pwd command to query the current
working directory. If the subdirectory name and directory path are specified, the
subdirectory is created in the specified directory.

Fat AP and Cloud AP
Precautions
● The subdirectory name must be unique in a directory; otherwise, the message
"Error: Directory already exists" is displayed.
● A maximum of four directory levels are supported when you create a
directory.
Example
# Create the subdirectory new in the flash card.
<HUAWEI> mkdir flash:/new
Info: Create directory flash:/new......Done
3.5.40 lcd
Function
The lcd command displays and changes the local working directory of the FTP
client in the FTP client view.
Format
lcd [ local-directory ]
Parameters
local-directory Specifies the local working The value is a string of 1 to 64
directory of the FTP client. case-sensitive characters without
spaces.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the lcd command to display the local working directory of the FTP
client when uploading or downloading files, and set the upload or download path
to the path of the local working directory.
Precautions
The lcd command displays the local working directory of the FTP client, while the
pwd command displays the working directory of the FTP server. If you specify the
parameter local-directory in the lcd command, you can directly change the local
working directory in the FTP client view.

Fat AP and Cloud AP
Example
# Change the local working directory to flash:/test.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] lcd
The current local directory is flash:.
[HUAWEI-ftp] lcd flash:/test
The current local directory is flash:/test.
3.5.41 more
Function
The more command displays the content of a specified file.
Format
more [ /binary ] filename [ offset ] [ all ]
Parameters
/binary Displays the file -

content in the binary
mode.
filename Specifies the file The value is a string of 1 to 64 case-

name. sensitive characters without spaces in the
[ drive ] [ path ] file name format.
In the preceding parameter, drive specifies
the storage device name, and path specifies
the directory and subdirectory.
storage device name and directory.
Characters ~, *, /, \, :, ', " cannot be used in
the directory name.
offset Specifies the file The value is an integer that ranges from 0
offset. to 2147483647, in bytes.
all Displays all the file -

content on one screen.

Fat AP and Cloud AP
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the more command to display the file content directly on a device.
● The following describes the drive name.
– drive indicates the storage device and is named as flash:. On the
AD9430DN-12, the storage device can also be flash1: as the primary
space to store feature files required for the attack defense function.
Startup files and configuration files can be stored only in flash:, while
other files can be flexibly stored in flash: or flash1.
● The path can be an absolute path or relative path.
– flash:/my/test/ is an absolute path.
– selftest/ is related to the current working directory and indicates the
selftest directory in the current working directory.
Precautions
● You are not advised to use this command to display non-text files; otherwise,
the terminal is shut down or displays garbled characters, which is harmless to
the system.
● Files are displayed in text format.
● You can display the file content flexibly by specifying parameters before
running the more command:
– You can run the more filename command to view a specified text file.
The content of the specified text file is displayed on multiple screens. You
can press the spacebar consecutively on the current session GUI to
display all content of the file.
To display the file content on multiple screens, you must ensure that:
▪ The number of lines that can be displayed on a terminal screen is

greater than 0. (The number of lines that can be displayed on a
terminal screen is set by running the screen-length command.)
▪ The total number of file lines is greater than the number of lines
that can be displayed on a terminal screen. (The number of lines that
can be displayed on a terminal screen is set by running the screen-
length command.)
– You can run the more filename offset command to view a specified file.
The content of the specified text file starting from offset is displayed on
multiple screens. You can press the spacebar consecutively on the current
session GUI to display all content of the file.
To display the file content on multiple screens, you must ensure that:

Fat AP and Cloud AP
▪ The number of lines that can be displayed on a terminal screen is

greater than 0. (The number of lines that can be displayed on a
terminal screen is set by running the screen-length command.)
▪ The number of lines starting from offset in the file is greater than
the number of lines that can be displayed on a terminal screen. (The
number of lines that can be displayed on a terminal screen is set by
running the screen-length command.)
– You can run the more file-name all command to view a specified file.
The file content is displayed on one screen.
Example
# Display the content of the file test.bat.
<HUAWEI> more test.bat
authentication-mode aaa
protocol inbound ssh
quit
ssh user sftpuser authentication-type password
sftp server enable
# Display the content of the file test.bat and set the offset to 10.
<HUAWEI> more test.bat 10
quit
sftp server enable
# Display the content of the file test.bat.

<HUAWEI> more test.bat all
quit
sftp server enable
3.5.42 mount
Function
The mount command uploads a storage device.
By default, after being installed on the device, the storage device is automatically
uploaded to the device.
NOTE
This command is supported only by devices that support extended storage devices such as
USB.
Format
mount driver

Fat AP and Cloud AP
Parameters
driver Specifies the driver that The enumerated values

requires hot loading. are:
● usb:
● sdcard:
The value sdcard: is
supported only by the
AD9430DN-12.
Views
User view
Default Level
3: Management level
Usage Guidelines
After being installed on the device, the storage device is automatically uploaded to
the device. Therefore, you do not need to run this command to upload the storage
device. If you run the umount command to unload the storage device and the
storage device is not removed from the device, run the mount command to
upload the storage device again.
Example
# Upload a USB flash drive.
<HUAWEI> mount usb:
Info: Mount USB device success!
3.5.43 move
Function
The move command moves the source file from a specified directory to a
destination directory.
Format
move source-filename destination-filename

Fat AP and Cloud AP
Parameters
source-filename Specifies the directory The value is a string of 1

and name of a source to 64 case-sensitive
file. characters without
[ path ] file name
format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.
destination-filename Specifies the directory The value is a string of 1

and name of a to 64 case-sensitive
destination file. characters without
[ path ] file name
format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.
Views
User view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
Precautions
● If the destination file has the same name as an existing file, the system
prompts you whether to overwrite the existing file. The system prompt is
displayed only when file prompt is set to alert.
● This command cannot be used to move files between storage devices.
● The move and copy commands have different effects:
– The move command moves the source file to the destination directory.
– The copy command copies the source file to the destination directory.
Example
# Move a file from flash:/test/sample.txt to flash:/sample.txt.
<HUAWEI> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?(y/n)[n]: y
%Moved file flash:/test/sample.txt to flash:/sample.txt.
3.5.44 open
Function
The open command connects the FTP client and server.
Format
# Connect the FTP client to the FTP server based on the IPv4 address.
open [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-
number ]

Fat AP and Cloud AP
Parameters

address connecting to the FTP client. You are decimal notation.
advised to use the loopback interface
IP address.
-i interface-type Specifies the source interface type -

interface-number and ID. You are advised to use the
loopback interface.
The IP address configured for this
host-ip Specifies the IP address or host name The value is a string of

of the remote IPv4 FTP server. 1 to 255 case-
without spaces.
port-number Specifies the port number of the FTP The value is an integer
server. that ranges from 1025
to 55535, or 21. The
default value is the
standard port number
21.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the open command in the FTP client view to connect the FTP client to
the server to transmit files and manage files and directories of the FTP server.
Precautions
● You can run the ftp command in the user view to connect the FTP client and
server and enter the FTP client view.
the ACL rule when the -a or -i parameter is specified on the IPv4 network.

Fat AP and Cloud AP
This shields the IP address differences and interface status impact, and
incoming and filters outgoing packets, and implements security
authentication.
● If the port number that the FTP server uses is non-standard, you must specify
a standard port number; otherwise, the FTP server and client cannot be
connected.
● When you run the open command, the system prompts you to enter the user
name and password for logging in to the FTP server. You can log in to the FTP
client and enter the FTP client view if the user name and password are
correct.
Example
# Connect the FTP client with the FTP server whose IP address is 10.137.217.204.
<HUAWEI> ftp
[HUAWEI-ftp] open 10.137.217.204
Trying 10.137.217.204 ...
Connected to 10.137.217.204.
User(10.137.217.204:(none)):test
331 Password required for test.
Enter password:
230 User logged in.
[HUAWEI-ftp]
3.5.45 passive
Function
The passive command sets the data transmission mode to passive.
The undo passive command sets the data transmission mode to active.
By default, the data transmission mode is active.
Format
passive
undo passive
Parameters
None
Views
FTP client view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
The device supports the active and passive data transmission modes. In active
mode, the server initiates a connection request, and the client and server need to
enable and monitor a port to establish a connection. In passive mode, the client
initiates a connection request, and only the server needs to monitor the
corresponding port. This command is used together with the firewall function.
When the client is configured with the firewall function, FTP connections are
restricted between internal clients and external FTP servers if the FTP transmission
mode is active. If the FTP transmission mode is passive, FTP connections between
internal clients and external FTP servers are not restricted.
Example
# Set the data transmission mode to passive.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] passive
Info: Succeeded in switching passive on.
3.5.46 put (FTP client view)
Function
The put command uploads a local file to the remote FTP server.
Format
put local-filename [ remote-filename ]
Parameters
local-filename Specifies the local file name The value is a string of 1 to 64

of the FTP client. case-sensitive characters
without spaces.

filename to be uploaded to the remote case-sensitive characters
Views
FTP client view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the put command to upload a local file to the remote FTP server for
further check and backup. For example, you can upload the local log file to the
FTP server for other users to check, and upload the configuration file to the FTP
server as a backup before upgrading the device.
Precautions
● If the file name is not specified on the remote FTP server, the local file name
is used.
● If the name of the uploaded file is the same as that of an existing file on the
FTP server, the system overwrites the existing file.
Example
# Upload the configuration file vrpcfg.zip to the remote FTP server as a backup,
and save it as backup.zip.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] put vrpcfg.zip backup.zip
200 Port command successful.
150 Opening BINARY mode data connection for file transfer.
226 Transfer complete
FTP: 1098 byte(s) sent in 0.131 second(s) 8.38Kbyte(s)/sec.
3.5.47 put (SFTP client view)

Function
The put command uploads a local file to a remote SFTP server.
Format
put local-filename [ remote-filename ]

Fat AP and Cloud AP
Parameters

local-filename Specifies a local file The value is a case-sensitive character
name on the SFTP client. string without spaces. The file name
(including the absolute path) contains
1 to 64 characters.
remote- Specifies the name of the The value is a case-sensitive character
filename file uploaded to the string without spaces. The file name
remote SFTP server. (including the absolute path) contains
1 to 64 characters.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command enables you to upload files from the local device to a remote SFTP
server to view the file contents or back up the files. For example, you can upload
log files of a device to an SFTP server and view the logs in the server. During an
upgrade, you can upload the configuration file of the device to the SFTP server for
backup.
Precautions
● If remote-filename is not specified, the uploaded file is saved on the remote

SFTP server with the original file name.
● If the specified remote-filename is the same as an existing file name on the
SFTP server, the uploaded file overwrites the existing file on the server.
Example
# Upload a file to the SFTP server.
Trying 10.1.1.1 ...
Enter password:
sftp-client> put wm.cfg
local file: wm.cfg ---> Remote file: /wm.cfg
Info: Uploading file successfully ended.

Fat AP and Cloud AP
3.5.48 pwd (FTP client view)
Function
The pwd command displays the FTP client's working directory on the remote FTP
server.
Format
pwd
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
After logging in to the FTP server, you can run the pwd command to display the
FTP client's working directory on the remote FTP server.
If the displayed working directory is incorrect, you can run the cd command to
change the FTP client's working directory on the remote FTP server.
Example
# Display the FTP client's working directory on the remote FTP server.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] pwd
257 "/" is current directory.
3.5.49 pwd (SFTP client view)
Function
The pwd command displays the SFTP client's working directory on the remote FTP
server.

Fat AP and Cloud AP
Format
pwd
Parameters
None
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
After logging in to the SFTP server, you can run the pwd command to display the
SFTP client's working directory on the remote SFTP server.
If the displayed working directory is incorrect, you can run the cd command to
change the SFTP client's working directory on the remote SFTP server.
Example
# Display the SFTP client's working directory on the remote SFTP server.
Trying 10.1.1.1 ...
Enter password:
sftp-client> pwd
/
sftp-client> cd test
/test
sftp-client> pwd
/test
3.5.50 pwd (user view)
Function
The pwd command displays the current working directory.
Format
pwd
Parameters
None

Fat AP and Cloud AP
Views
User view
Default Level
3: Management level
Usage Guidelines
You can run the pwd command in any directory to display the current working
directory. To change the current working directory, you can run the cd command.
Example
# Display the current working directory.
<HUAWEI> pwd
flash:/test
3.5.51 quit (FTP client view)
Function
The quit command terminates the FTP session from the remote server and exit
from FTP view.
Format
quit
Parameters
None
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
By executing the quit command quits from the current view and return to
previous view.
If you execute the quit command in user view, you log out of the system.

Fat AP and Cloud AP
Example
# Disconnect from the remote FTP server and return to the user view using quit
command.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] quit
3.5.52 quit (SFTP client view)
Function
The quit command enables the system to disconnect from the remote SFTP server
and return to the SFTP client view.
Format
quit
Parameters
None
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can use this command to return to the system view from the SFTP client view.
Example
# Disconnect from SFTP server using quit command.
Trying 10.1.1.1 ...
Enter password:
sftp-client> quit

Fat AP and Cloud AP
3.5.53 remotehelp
Function
The remotehelp command displays the help information about an FTP command
when the FTP client and server are connected.
Format
remotehelp [ command ]
Parameters
command Specifies the FTP The value is a string of 1 to 16

command. characters.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
You can run the remotehelp command to display the help information about an
FTP command.
● The help information is provided by the remote server. Different remote
servers may provide different help information for an FTP command.
● The help information can be displayed for FTP commands user, pass, cwd,
cdup, quit, port, pasv, type, retr, stor, dele, rmd, mkd, pwd, list, nlst, syst,
help, xcup, xcwd, xmkd, xpwd, and xrmd.
Example
# Display the syntax of the command cdup.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] remotehelp
214-The following commands are recogized(*=>'s unimplemented). USER PASS ACCT*
CWD CDUP SMNT* QUIT REIN* PORT PASV TYPE STRU* MODE* RETR STOR
STOU* APPE* ALLO* REST* RNFR* RNTO* ABOR* DELE RMD

Fat AP and Cloud AP
MKD PWD LIST NLST SITE* SYST STAT* HELP NOOP* XCUP XCWD XMKD
XPWD XRMD 214 Direct comments to Huawei Tech.
[HUAWEI-ftp] remotehelp cdup

214 Syntax: CDUP <change to parent directory>.
3.5.54 remove (SFTP client view)
Function
The remove command deletes specified files from the remote SFTP server.
Format
remove remote-filename &<1-10>
Parameters

filename to be deleted from the remote case-insensitive characters
SFTP server. without spaces.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
● You can configure a maximum of 10 file names in the command and separate
them using spaces and delete them at one time.
● If the file to be deleted is not in the current directory, you must specify the file
path.
Example
# Delete the file 3.txt from the server and backup1.txt from the test directory.
Trying 10.1.1.1 ...
Enter password:
sftp-client> remove 3.txt test/backup1.txt
Warning: Make sure to remove these files? [y/n][n]:y
Info: Succeeded in removing the file /3.txt.
Info: Succeeded in removing the file /test/backup1.txt.

Fat AP and Cloud AP
3.5.55 rename (SFTP client view)
Function
The rename command renames a file or directory stored on the SFTP server.
Format
rename old-name new-name
Parameters
old-name Specifies the name of a file The value is a string of 1 to 64 case-
or directory. insensitive characters without spaces.
new-name Specifies the new name of The value is a string of 1 to 64 case-

the file or directory. insensitive characters without spaces.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
You can run the rename command to rename a file or directory.
Example
# Rename the directory yourtest on the SFTP server.
Trying 10.1.1.1 ...
Enter password:
sftp-client> rename test/yourtest test/test
Warning: Rename /test/yourtest to /test/test? [y/n][n]:y
Info: Succeeded in renaming file.
sftp-client> cd test
/test
sftp-client> dir
drwxrwxrwx 1 noone nogroup 0 Mar 24 00:04 test

Fat AP and Cloud AP
3.5.56 rename (user view)

Function
The rename command renames a file or folder.
Format
rename old-name new-name
Parameters
old-name Specifies the name of a The value is a string of 1

file or folder. to 64 case-sensitive
characters without
[ path ] filename
format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.

Fat AP and Cloud AP
new-name Specifies the new name The value is a string of 1

of the file or directory. to 64 case-sensitive
characters without
[ path ] filename
format.
In the preceding
parameter, drive
and subdirectory.
and / between the
*, /, \, :, ', " cannot be
name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The following describes the drive name:
Precautions
● You must rename a file or directory in its source directory.
● If the renamed file or directory has the same name as an existing file or
directory, an error message is displayed.

Fat AP and Cloud AP
● If you specify old-name or new-name without specifying the file path, the file
must be saved in your current working directory.
Example
# Rename the directory mytest to yourtest in the directory flash:/test/.
<HUAWEI> pwd
flash:/test
<HUAWEI> rename mytest yourtest
Rename flash:/test/mytest to flash:/test/yourtest ?(y/n)[n]:y
Info: Rename file flash:/test/mytest to flash:/test/yourtest ......Done
# Rename the file sample.txt to sample.bak.

<HUAWEI> rename sample.txt sample.bak
Rename flash:/sample.txt to flash:/sample.bak ?(y/n)[n] :y
Info: Rename file flash:/sample.txt to flash:/sample.bak .......Done
3.5.57 reset recycle-bin

Function
The reset recycle-bin command permanently deletes files from the recycle bin.
Format
reset recycle-bin [ filename | devicename ]
Parameters
filename Specifies the name The value is a string of 1 to 64 case-sensitive

of a file to be characters without spaces in the [ drive ]
deleted. [ path ] file name format.
storage device name and directory. Characters
~, *, /, \, :, ', " cannot be used in the directory
name.
The wildcard (*) character is supported.
devicename Specifies the -

storage device
name.
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If you run the delete command without specifying the /unreserved parameter,
the file is moved to the recycle bin and still occupies the memory. To free up the
space, you can run the reset recycle-bin command to permanently delete the file
from the recycle bin.
Precautions
● You can run the dir /all command to display all files that are moved to the
recycle bin from the current directory, and file names are displayed in square
brackets ([ ]).
● If you delete a specified storage device, all files in the root directory of the
storage device are deleted.
● If you run the reset recycle-bin command directly, all files that are moved to
the recycle bin from the current directory are permanently deleted.
Example
# Delete the file test.txt that is moved to the recycle bin from the directory test in
the root directory of flash:.
<HUAWEI> reset recycle-bin flash:/test/test.txt
Squeeze flash:/test/test.txt?(y/n)[n]:y
Clear file from flash will take a long time if needed...Done.
%Cleared file flash:/test/test.txt.
# Delete files that are moved to the recycle bin from the current directory.
<HUAWEI> pwd
flash:/test
<HUAWEI> reset recycle-bin
Squeeze flash:/test/backup.zip?(y/n)[n]:y
%Cleared file flash:/test/backup.zip.
Squeeze flash:/test/backup1.zip?(y/n)[n]:y
%Cleared file flash:/test/backup1.zip.

Fat AP and Cloud AP
3.5.58 rmdir (FTP client view)

Function
The rmdir command deletes a specified directory from the remote FTP server.
Format
rmdir remote-directory
Parameters
remote- Specifies a directory or The value is a string of 1 to 64
directory path on the FTP server. case-insensitive characters
without spaces.
Views
FTP client view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the rmdir command to delete a specified directory from the remote
FTP server.
Precautions
● Before running the rmdir command to delete a directory, you must delete all
files and subdirectories from the directory.
● If no path is specified when you delete a subdirectory, the subdirectory is
deleted from the current directory.
● The directory is deleted from the FTP server rather than the FTP client.
Example
# Delete the directory d:/temp1 from the remote FTP server.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] rmdir d:/temp1
250 'D:\temp1': directory removed.

Fat AP and Cloud AP
3.5.59 rmdir (SFTP client view)
Function
The rmdir command deletes a specified directory from the remote SFTP server.
Format
rmdir remote-directory &<1-10>
Parameters

remote- Specifies the name of a file The value is a string of 1 to 64
directory on the SFTP server. case-insensitive characters
without spaces.
Views
SFTP client view
Default Level
3: Management level
Usage Guidelines
● You can configure a maximum of 10 file names in the command and separate
them using spaces and delete them at one time.
● If the directory to be deleted is not in the current directory, you must specify
the file path.
Example
# Delete the directory 1 from the current directory, and the directory 2 from the
test directory.
Trying 10.1.1.1 ...
Enter password:
sftp-client> rmdir 1 test/2
Warning: Make sure to remove these directories? [Y/N]:y
Info: Succeeded in removing the directory /test/1.
Info: Succeeded in removing the directory /test/test/2.

Fat AP and Cloud AP
3.5.60 rmdir (user view)
Function
The rmdir command deletes a specified directory from the storage device.
Format
rmdir directory
Parameters
directory Specifies a The value is a string of case-sensitive characters
directory or in the [ drive ] [ path ] directory format. The
directory and its absolute path length ranges from 1 to 64, while
path. the directory name length ranges from 1 to 15.
Characters such as ~, *, /, \, :, ', " cannot be used
in the directory name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario


Precautions

Fat AP and Cloud AP
● A deleted directory and its files cannot be restored from the recycle bin.
Example
# Delete the directory test from the current directory.
<HUAWEI> rmdir test
Remove directory flash:/test?(y/n)[n]:y
%Removing directory flash:/test....Done!
3.5.61 set default ftp-directory

Function
The set default ftp-directory command configures the default FTP working
directory.
The undo set default ftp-directory command disables the default FTP working
directory.
By default, no default FTP working directory is configured.
Format
set default ftp-directory directory
undo set default ftp-directory
Parameters
directory Specify the default FTP The value is a string of 1 to 64 case-
working directory. sensitive characters without spaces.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the set default ftp-directory command to configure a default FTP
working directory for all FTP users at one time.
Precautions
● You can run the local-user ftp-directory command to configure an
authorized working directory for a local user.

Fat AP and Cloud AP
● If you have configured the FTP working directory by running the local-user
ftp-directory command, you must use this FTP working directory.
● If no FTP working directory is specified on the device, FTP users cannot log in
to the device.
Example
# Set the default FTP working directory to flash:/.
[HUAWEI] set default ftp-directory flash:/
3.5.62 sftp
Function
The sftp command connects the device to the SSH server so that you can manage
files that are stored on the SFTP server.
Format
sftp [ -a source-address | -i interface-type interface-number ] host-ip [ port ]
[ [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] |
[ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ]
| [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc
alivecountmax ] ]
Parameters
-a source-address Specifies the source IP The value is in dotted

address for connecting to the decimal notation.
SFTP client. You are advised
to use the loopback interface
IP address.
-i interface-type Specifies the source interface -

interface-number type and ID. You are advised
to use the loopback
interface.
The IP address configured for
this interface is the source IP
address for sending packets.
If no IP address is configured
for the source interface, the
SFTP connection cannot be
set up.

Fat AP and Cloud AP
host-ip Specifies the IP address or The value is a string of 1

host name of the remote to 255 case-insensitive
IPv4 SFTP server. characters without
spaces.
host-ipv6 Specifies the IPv6 address or The value is a string of 1

host name of the remote to 255 case-insensitive
IPv6 SFTP server. characters without
spaces.
-oi interface-type Specifies an outbound -

interface-number interface on the local device.
If the remote host uses an
IPv6 link-local address, you
must specify the outbound
interface on the local device.
port Specifies the port number of The value is an integer

the SSH server. that ranges from ranges
from 1 to 65535. The
default port number is
22.
prefer_kex prefer_key- Specifies the preferred key Preferred key exchange

exchange exchange algorithm. algorithms supported
depend on the ssh
client key-exchange
command settings.
prefer_ctos_cipher Specifies the preferred Preferred encryption

prefer_ctos_cipher encryption algorithm from algorithms supported
the client to the server. depend on the ssh
client secure-
algorithms cipher
command settings.
prefer_stoc_cipher Specifies the preferred Preferred encryption

prefer_stoc_cipher encryption algorithm from algorithms supported
the server to the client. depend on the ssh
client secure-
algorithms cipher
command settings.

Fat AP and Cloud AP
prefer_ctos_hmac Specifies the preferred Preferred HMAC

prefer_ctos_hmac HMAC algorithm from the algorithms supported
client to the server. depend on the ssh
client secure-
algorithms hmac
command settings.
prefer_stoc_hmac Specifies the preferred Preferred HMAC

prefer_stoc_hmac HMAC algorithm from the algorithms supported
server to the client. depend on the ssh
client secure-
algorithms hmac
command settings.
-ki aliveinterval Specifies the interval for The value is an integer

sending keepalive packets that ranges from 1 to
when no packet is received 3600, in seconds.
in reply.
-kc alivecountmax Specifies the times for The value is an integer

sending keepalive packets that ranges from 3 to
when no packet is received 10. The default value is
in reply. 5.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
SFTP is short for SSH FTP that is a secure FTP protocol. SFTP is on the basis of
SSH. It ensures that users can log in to a remote device securely for file
management and transmission, and enhances the security in data transmission. In
addition, you can log in to a remote SSH server from the device that functions as
an SFTP client.
When the connection between the SFTP server and client fails, the SFTP client
must detect the fault in time and disconnect from the SFTP server. To ensure this,
before being connected to the server in SFTP mode, the client must be configured
with the interval and times for sending the keepalive packet when no packet is
received in reply. If the client receives no packet in reply within the specified
interval, the client sends the keepalive packet to the server again. If the maximum
number of times that the client sends keepalive packets exceeds the specified

Fat AP and Cloud AP
value, the client releases the connection. By default, when no packet is received,
the function for sending keepalive packets is not enabled.
Precautions
● Enable the SFTP service on the SSH server by sftp server enable command,
before connecting the SSH server by using the SFTP command.
the ACL rule when the -a or -i parameter is specified. This shields the IP
address differences and interface status impact, and incoming and filters
outgoing packets, and implements security authentication.
● If the current listening port number is not 22, you must specify a listening
port number for logging in to the SFTP client.
● If you cannot run the sftp command successfully when you configured the
ACL on the SFTP client, or when the TCP connection fails, an error message is
displayed indicating that the SFTP client cannot be connected to the server.
● If multiple APs use the same IP address, you cannot log in to an AP using its
IP address using the stelnet command. In this case, you can run the sftp ap
command to log in to an AP using the AP ID or name.
Example
# Set keepalive parameters when the client is connected to the server in SFTP
mode.
[HUAWEI] sftp 10.164.39.223 -ki 10 -kc 4
Please input the username: client001
Trying 10.164.39.223 ...
Enter password:
sftp-client>
3.5.63 sftp ap (Central AP)
Function
The sftp ap command enables users to log in to a fit AP through SFTP.
Format
sftp ap { ap-name ap-name | ap-id ap-id }
Parameters
ap-name ap- Specifies the name of an AP. The AP name must

name exist.
ap-id ap-id Specifies the ID of an AP. The AP ID must

exist.

Fat AP and Cloud AP
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the sftp ap command to log in to a fit AP through SFTP on the AP.
You only need to specify the fit AP's name or ID but does not need to enter the fit
AP's IP address.
First-time authentication has been enabled on the SSH client using the ssh client
first-time enable command.
Example
# Use the name to log in to the fit AP through SFTP.
[HUAWEI] sftp ap ap-name area_1
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.109.253. Please wait...
sftp-client>
3.5.64 sftp client-source

Function
The sftp client-source command specifies the source IP address for the SFTP
client to send packets.
The undo sftp client-source command restores the default source IP address for
the SFTP client to send packets.
The default source IP address for the SFTP client to send packets is 0.0.0.0.
Format
sftp client-source { -a source-ip-address | -i interface-type interface-number }
undo sftp client-source

Fat AP and Cloud AP
Parameters
Specifies the source IP address. You are
address in dotted
advised to use the loopback interface IP
decimal
address.
notation.
-i interface-type Specifies the source interface. You are -
interface-number advised to use the loopback interface.
The IP address configured for the source
interface is the source IP address for sending
packets. If no IP address is configured for the
source interface, the FTP connection cannot
be set up.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
authentication.
Precautions
● You can query the source IP address or primary IP address of the source
interface for the SFTP connection on the SFTP server.
● The sftp command also configures the source IP address whose priority is
higher than that of the source IP address specified in the sftp client-source
command. If you specify source addresses in the sftp client-source and sftp
commands, the source IP address specified in the sftp command is used for
data communication. The source address specified in the sftp client-source
command applies to all SFTP connections. The source address specified in the
sftp command applies only to the current SFTP connection.
Example
# Set the source IP address of the SFTP client to 1.1.1.1.

Fat AP and Cloud AP
[HUAWEI] sftp client-source -a 1.1.1.1
Info: Succeeded in setting the source address of the SFTP client to 1.1.1.1
3.5.65 sftp server enable

Function
The sftp server enable command enables the SFTP service on the SSH server.
The undo sftp server enable command disables the SFTP service on the SSH
server.
By default, the SFTP service is disabled.
Format
sftp server enable
undo sftp server enable
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
To connect the client to the SSH server to transfer files in SFTP mode, you must
first enable the SFTP server on the SSH server.
Example
# Enable the SFTP service.
[HUAWEI] sftp server enable
Info: Succeeded in starting the SFTP server.
# Disable the SFTP service.

[HUAWEI] undo sftp server enable
3.5.66 tftp
Function
The tftp command uploads a file to the TFTP server or downloads a file to the
local device.

Fat AP and Cloud AP
Format
# Upload a file to the TFTP server or download a file to the local device based on
the IPv4 address
tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server { get |
put } source-filename [ destination-filename ]
Parameters
address connecting to the TFTP client. You decimal notation.
are advised to use the loopback
interface IP address.
-i interface-type Specifies the source interface used -
interface- by the TFTP client to set up
number connections. It consists of the
interface type and number. It is
recommended that you specify a
loopback interface.
The IP address configured for this
the TFTP connection cannot be set
up.
tftp-server Specifies the IPv4 address or host The value is a string of

name for the TFTP server. 1 to 255 case-insensitive
characters without
spaces.
get Download a file. -

put Upload a file. -
source-filename Specifies the source file name. The value is a string of
1 to 64 case-sensitive
characters without
spaces.
destination- Specifies the destination file name. The value is a string of
filename 1 to 64 case-sensitive
characters without
spaces. By default,
source and destination
file names are the same.
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When upgrading the system, you can run the tftp command to upload an
important file to the TFTP server or download a system software to the local
device.
Precautions
● When you run the tftp command to upload a file to the TFTP server in TFTP
mode, files are transferred in binary mode by default. The tftp does not
support the ASCII mode for file transfer.
● After specifying a source IP address, you can use this IP address to
communicate with the server and implement packet filtering to ensure data
security.
Example
# Download file vrpcfg.txt from the root directory of the TFTP server to the local
device. The IP address of the TFTP server is 10.1.1.1. Save the downloaded file to
the local device as file vrpcfg.bak.
<HUAWEI> tftp 10.1.1.1 get vrpcfg.txt flash:/vrpcfg.bak
# Upload file vrpcfg.txt from the root directory of the storage device to the
default directory of the TFTP server. The IP address of the TFTP server is 10.1.1.1.
Save file vrpcfg.txt on the TFTP server as file vrpcfg.bak.
<HUAWEI> tftp 10.1.1.1 put flash:/vrpcfg.txt vrpcfg.bak
3.5.67 tftp client-source
Function
The tftp client-source command specifies the source IP address for the TFTP
client to send packets.
The undo tftp client-source command restores the default source IP address for
the TFTP client to send packets.
The default source IP address for the TFTP client to send packets is 0.0.0.0.
Format
tftp client-source { -a source-ip-address | -i interface-type interface-number }
undo tftp client-source

Fat AP and Cloud AP
Parameters
Specifies the source IP address of the TFTP
address in dotted
client. You are advised to use the loopback
decimal
interface IP address.
notation.
-i interface-type Source interface type and ID. You are advised -
interface-number to use the loopback interface.
The IP address configured for this interface is
the source IP address for sending packets. If
no IP address is configured for the source
interface, the TFTP connection cannot be set
up.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
authentication.
Precautions
● The tftp command also configures the source IP address whose priority is
higher than that of the source IP address specified in the tftp client-source
command. If you specify source addresses in the tftp client-source and tftp
commands, the source IP address specified in the tftp command is used for
data communication. The source address specified in the tftp client-source
command applies to all TFTP connections. The source address specified in the
tftp command applies only to the current TFTP connection.
● You can query the source IP address or source interface IP address specified in
the TFTP connection on the TFTP server.
Example
# Set the source IP address of the TFTP client to 1.1.1.1.

Fat AP and Cloud AP
[HUAWEI] tftp client-source -a 1.1.1.1
Info: Succeeded in setting the source address of the TFTP client to 1.1.1.1.
3.5.68 tftp-server acl
Function
The tftp-server acl command specifies the ACL number for the local device so
that the device can access TFTP servers with the same ACL number.
The undo tftp-server acl command deletes the ACL number from the local device.
By default, no ACL number is specified on the local client.
Format
tftp-server acl acl-number
undo tftp-server acl
Parameters
acl-number Specifies the number of the The value is an integer that ranges
basic ACL. from 2000 to 2999.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To ensure the security of the local device, you need to run the tftp-server acl
command to specify an ACL to specify TFTP servers that the local device can
access.
Precautions
● The tftp-server acl command takes effect only after you run the rule
command to configure the ACL rule. If no ACL rule is configured, the local
device can access a specified TFTP server in TFTP mode.
● The TFTP supports only the basic ACL whose number ranges from 2000 to
2999.

Fat AP and Cloud AP
Example
# Allow the local device to the access the TFTP server whose ACL number is 2000.
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 10.10.10.1 0
[HUAWEI] tftp-server acl 2000
3.5.69 umount
Function
The umount command unloads a storage device.
NOTE
This command is supported only by devices that support extended storage devices such as
USB.
Format
umount driver
Parameters
driver Specifies the driver that The enumerated values

requires unloading. are:
● usb:
● sdcard:
The value sdcard: is
supported only by the
AD9430DN-12.
Views
User view
Default Level
3: Management level
Usage Guidelines
Run this command to unload the storage device before you remove the storage
device from the device. Otherwise, the storage device may be damaged.
Example
# Unload a USB flash drive.

Fat AP and Cloud AP
<HUAWEI> umount usb:

Info: Umount USB device success!
3.5.70 undelete
Function
The undelete command restores a file that has been has been temporally deleted
and moved to the recycle bin.
Format
undelete { filename | devicename }
Parameters
filename Specifies the name The value is a string of 1 to 64 case-sensitive
of a file to be characters without spaces in the [ drive ]
restored. [ path ] file name format.
name.
devicename Specifies the -

storage device
name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the undelete command to restore a file that has been temporally
deleted and moved to the recycle bin. However, files that are permanently deleted
by running the delete or reset recycle-bin command with the /unreserved
parameter cannot be restored.

Fat AP and Cloud AP

Precautions
● To display information about a temporally deleted file, run the dir /all
command. The file name is displayed in square brackets ([ ]).
● If the name of a file is the same as an existing directory, the file cannot be
restored. If the destination file has the same name as an existing file, the
system prompts you whether to overwrite the existing file. The system prompt
is displayed only when file prompt is set to alert.
Example
# Restore file sample.bak from the recycle bin.
<HUAWEI> undelete sample.bak
Undelete flash:/sample.bak ?(y/n)[n]:y
Undeleted file flash:/sample.bak.
# Restore a file that has been moved from the root directory to the recycle bin.
<HUAWEI> undelete flash:
Undelete flash:/test.txt?(y/n)[n]:y
Undeleted file flash:/test.txt.
Undelete flash:/rr.bak?(y/n)[n]:y
Undeleted file flash:/rr.bak.
3.5.71 unzip
Function
The unzip command decompresses a file.
Format
unzip source-filename destination-filename

Fat AP and Cloud AP
Parameters
source- Specifies the name The value is a string of 1 to 64 case-

filename of a source file to sensitive characters without spaces in the
be decompressed. [ drive ] [ path ] file name format.
the directory name.
destination- Specifies the name The value is a string of 1 to 64 case-

filename of a destination file sensitive characters without spaces in the
that is [ drive ] [ path ] file name format.
decompressed.
the directory name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can decompress files, especially log files that are stored on the storage device
and run the more command to query the file.


Fat AP and Cloud AP

Precautions
● If the destination file path is specified while the file name is not specified, the
designation file name is the same as the source file name.
● The source file persists after being decompressed.
● The compressed file must be a .zip file. If a file to be decompressed is not a
zip file, the system displays an error message during decompression.
● The source file must be a single file. If you attempt to decompress a directory
or multiple files, the decompression cannot succeed.
Example
# Decompress log file syslogfile-2012-02-27-17-47-50.zip that are stored in the
syslogfile directory and save it to the root directory as file log.txt.
<HUAWEI> pwd
flash:/syslogfile
<HUAWEI> unzip syslogfile-2012-02-27-17-47-50.zip flash:/log.txt
Extract flash:/syslogfile/syslogfile-2012-02-27-17-47-50.zip to flash:/log.txt?(y/n)[n]:y
100% complete
Decompressed file flash:/syslogfile/syslogfile-2012-02-27-17-47-50.zip flash
:/log.txt.
3.5.72 user
Function
The user command changes the current FTP user when the local device is
connected to the FTP server.
Format
user user-name [ password ]
Parameters
user-name Specifies the login The value is a string of 1 to 64 case-
password. insensitive characters without space.
password Specifies the login The value is a string of 1 to 16 case-sensitive
password. characters without space, single quotation
mark, or question mark.
Views
FTP client view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the user command to change the current user on the FTP server.
Precautions
After you run the user command to change the current user, a new FTP
connection is set up, which is the same as that you specify in the ftp command.
Example
# Log in to the FTP server using the user name tom.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] user tom
331 Password required for tom.
Enter password:
230 User logged in.
3.5.73 verbose
Function
The verbose command enables the verbose function on the FTP client.
The undo verbose command disables the verbose function.
By default, the verbose function is enabled.
Format
verbose
undo verbose
Parameters
None
Views
FTP client view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
After the verbose function is enabled, all FTP response messages are displayed on
the FTP client.
Example
# Enable the verbose function.
Trying 10.1.1.1 ...
Enter password:
230 User logged in.
[HUAWEI-ftp] verbose
Info: Succeeded in switching verbose on.
[HUAWEI-ftp] get h1.txt
150 Opening ASCII mode data connection for h1.txt.
226 Transfer complete.

# Disable the verbose function.

[HUAWEI-ftp] undo verbose
Info: Succeeded in switching verbose off.
[HUAWEI-ftp] get h1.txt
3.5.74 zip
Function
The zip command compresses a file.
Format
zip source-filename destination-filename

Fat AP and Cloud AP
Parameters
source- Specifies the The value is a string of 1 to 64 case-sensitive
filename name of a source characters without spaces in the [ drive ]
file to be [ path ] file name format.
compressed.
name.
destination- Specifies the The value is a string of 1 to 64 case-sensitive

filename name of a characters without spaces in the [ drive ]
destination file [ path ] file name format.
that is
compressed. In the preceding parameter, drive specifies the
name.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
Precautions
● If the destination file path is specified while the file name is not specified, the
designation file name is the same as the source file name.
● The source file persists after being compressed.
● Directories cannot be compressed.
Example
# Compress file log.txt that is stored in the root directory and save it to the test
directory as file log.zip.
<HUAWEI> dir

0 -rw- 155 Dec 02 2011 01:28:48 log.txt
1 -rw- 9,870 Oct 01 2011 00:22:46 patch.pat
2 drw- - Mar 22 2012 00:00:48 test
3 -rw- 836 Dec 22 2011 16:55:46 rr.dat
...
1,927,220 KB total (1,130,464 KB free)

<HUAWEI> zip log.txt flash:/test/log.zip
<HUAWEI> cd test
Zip flash:/log.txt flash:/test/log.zip? (y/n)[n]:y
100% complete
Compressed file flash:/log.txt flash:/test/log.zip.
<HUAWEI> dir
Directory of flash:/test/

0 -rw- 836 Mar 20 2012 19:49:14 test
1 -rw- 239 Mar 22 2012 20:57:38 test.txt
2 -rw- 1,056 Dec 02 2011 01:28:48 log.txt
3 -rw- 240 Mar 22 2012 21:23:46 log.zip
1,927,220 KB total (1,130,463 KB free)
3.6 Configuring System Startup Commands
3.6.1 autosave interval

Function
The autosave interval command sets the interval for automatically saving system
configuration data.
Format
autosave interval { value | time | configuration time }

Fat AP and Cloud AP
Parameters
value Configures the automatic save The value is an

function. The automatic save function enumerated value
is classified into two types: saving that can be on or off.
configuration data automatically and The default value is
saving modified data automatically. off.
When the value is on, the two save
functions are enabled. When the value
is off, the two save functions are
disabled and the data needs to be
saved manually.
time Indicates the interval for automatically The value is an integer

saving the configuration data. If an that ranges from 10 to
interval is configured, the 10080.
configuration data is saved regardless The unit is minute.
of whether it is modified.
The default value is
1440 minutes.
configuration Indicates the interval for automatically The value is an integer

time saving the modified data. When the that ranges from 2 to
configuration data is modified, it is 1440.
saved at the preset interval. The unit is minute.
The default value is 30
minutes.
Views
User view
Default Level
Usage Guidelines
Usage Scenario
Run this command to set configuration data at preset intervals. When the interval
is set, the system automatically saves the configuration data without requiring the
command delivered by the network management system. The modified data can
be saved in the storage device in real time and cannot be lost after system restart.
Precautions
● When the automatic save function is enabled, you can also run the save
command to save the system configuration data manually. When the
automatic save function is disabled, the system does not save data

Fat AP and Cloud AP
automatically and you need to run the save command to save the configured
data.
● The automatic save function is disabled by default.
● After you run the autosave interval command, the frequent data save
operation affects system performance. Do not set the automatic save interval
to less than 1 hour. The automatic save interval of 24 hours or greater is
recommended.
● The automatic save function specified by the autosave interval command
cannot be enabled together with that specified by the autosave time
command.
Example
# Enable the automatic save function.
<HUAWEI> autosave interval on
System autosave interval switch: on
Autosave interval: 1440 minutes
Autosave type: configuration file
System autosave modified configuration switch: on

# Set the automatic save interval to 120 minutes.

<HUAWEI> autosave interval 120
Table 3-35 Description of the autosave interval command output
Item Description
System autosave interval switch Whether the device is enabled to

automatically save system
configuration data at the specified
interval:
● on: The device is enabled to
interval.
● off: The device is disabled from
automatically saving system
interval.
Autosave interval Specifies the interval for automatically

saving configuration data. If an
interval is configured, the
configuration data is saved at intervals
regardless of whether the data is
changed.

Fat AP and Cloud AP
Item Description
Autosave type Indicates that the type of file saved

automatically is configuration file.
System autosave modified Indicates that the change to the

configuration switch configuration data is automatically
saved. When the value is on, the
function is enabled. When the value is
off, the function is disabled.
3.6.2 autosave time

Function
The autosave time command sets the automatic save time.
Format
autosave time { value | time-value }

Fat AP and Cloud AP
Parameters
value Configures the device to save configuration Enumerated

data at a preset time. value. The
options are as
follows:
● on: The
device is
enabled to
automatica
lly save
system
configurati
on data at
a preset
time.
● off: The
device is
disabled
from
automatica
lly saving
system
configurati
on data at
a preset
time.
The default
value is off.
time-value Indicates the automatic save time after the The value
device is enabled to automatically save system ranges from
configuration data. After this parameter is 00:00:00 to
configured, the system automatically saves the 23:59:59.
configuration data at intervals of the The default
automatic save time. value is
00:00:00.
Views
User view
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
The system can save configuration data at preset intervals or at the preset time.
Run this command to set the automatic save time. When the time is set, the
system automatically saves the configuration data without requiring the
command delivered by the network management system. The modified data can
be saved in the storage device in real time and cannot be lost after system restart.
Precautions
● When the device is enabled to automatically save system configuration data,
the modified configuration is saved at the preset time. When the device is
disabled from automatically saving system configuration data, the system
does not save data automatically and you need to run the save command to
save the configured data.
● The automatic save function specified by the autosave time command
cannot be used with that specified by the autosave interval command.
● If data is frequently read from or written into the storage device, the lifespan
of the storage medium is reduced. You are advised to disable the automatic
save function immediately after the modified data is saved.
Example
# Enable the device to automatically save system configuration data at intervals
of the automatic save time.
<HUAWEI> autosave time on
System autosave time switch: on
Autosave time: 00:00:00
# Set the automatic save time to 12:20:30.

<HUAWEI> autosave time 12:20:30
System autosave time switch: on
Table 3-36 Description of the autosave time command output

Item Description
System autosave time switch Whether the device is enabled to

time:
● on: The device is enabled to
time.
● off: The device is disabled from
automatically saving system
time.

Fat AP and Cloud AP
Item Description
Autosave time Automatic save time. The device saves

system configuration data at intervals
of the automatic save time no matter
whether the configuration data
changes.
Autosave type Type of the file saved automatically.
3.6.3 compare configuration
Function
The compare configuration compares whether the current configurations are
identical with the next startup configuration file.
Format
compare configuration [ configuration-file [ current-line-number save-line-
number ] ]
Parameters
configuration-file Specifies the name of the The value is a string of 5 to
configuration file to be 64 case-sensitive characters
compared with the current without spaces.
configurations.
current-line- Specifies the line number for The value is an integer that
number comparison in the current ranges from 0 to 65535.
configuration.
save-line-number Specifies the line number for The value is an integer that
comparison in the saved ranges from 0 to 65535.
configuration.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
If current-line-number and save-line-number are not specified, the configuration

files are compared from the first lines. The two parameters can be specified to skip
the differences that are found and continue the comparison.
When the difference is found using the compare configuration command, the
different content in the current and saved configuration files is displayed. By
default, 120 characters are displayed. If the different content from the start line to
the end line contains less than 120 characters, only these characters are displayed.
Precautions
● The configuration file name extension must be .cfg or .zip.
● If configuration-file is not specified, the system compares whether the current
configurations are identical with the next startup configuration file.
● If configuration-file is specified, the system compares whether the current
configurations are identical with the specified startup configuration file.
Example
# Compare whether the current configurations are identical with the next startup
configuration file.
<HUAWEI> compare configuration
The current configuration is not the same as the next startup configuration file.
====== configuration line 14 ======
undo http server enable
#
drop illegal-mac alarm
#
vlan batch 10 to 11
#
dot1x enable
#
set transceiver-monitoring disable
====== Configuration file line 14 ======
http server enable
#
drop illegal-mac alarm
#
vlan batch 10 to 11
#
dot1x enable
#
set transceiver-monitoring disable
3.6.4 display autosave configuration

Function
The display autosave configuration command displays the automatic save
parameters of the configuration data.
Format
display autosave configuration
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
Usage Guidelines
Usage Scenario
Run this command when you want to check whether the function for
automatically saving configuration data is enabled, enable or disable the
automatic save function, and modify the automatic save interval or time.
Precautions
● Run the autosave time command to set the time for automatically saving
system configuration data.
● Run the autosave interval command to set the interval for automatically
saving system configuration data.
● The frequent data save operation affects the lifespan of the system storage
device. Do not set the automatic save interval to less than 1 hour. The
automatic save interval of 24 hours or greater is recommended.
Example
# Display the automatic save parameters configured in the system.
<HUAWEI> display autosave configuration
System autosave modified configuration switch: on

System autosave time switch: off

Table 3-37 Description of the display autosave configuration command output
Item Description
System autosave interval switch State of the automatic save function.
Autosave interval Automatic save interval.
Autosave type Type of the file that is automatically

saved.
System autosave modified State of the function for automatically

configuration switch saving modified data.

Fat AP and Cloud AP
Item Description
System autosave time switch State of the function for saving

configuration data at the preset time.
Autosave time Automatic save time.
3.6.5 display current-configuration
Function
The display current-configuration command displays the currently running
configuration.
This command does not display parameters that use default settings.
Format
display current-configuration [ configuration [ configuration-type
[ configuration-instance ] ] | interface [ interface-name | interface-type
[ interface-number ] ] ] [ feature feature-name [ filter filter-expression ] | filter
filter-expression ]
display current-configuration [ all | inactive | [ simple ] [ section section ] ]
Parameters
configuration Specifies the configuration The value is determined by

configuration-type type. the current system
configurations.
configuration-instance Specifies a configuration The value is a string of 1 to

instance. 80 case-insensitive
characters without spaces.
interface [ interface- Specifies an interface -

name | interface-type name or an interface type.
[ interface-number ] ]
feature feature-name Specifies a feature name. -
filter filter-expression Displays the configuration The value is a string of 1 to

information that matches 255 case-insensitive
a regular expression. characters without spaces.

Fat AP and Cloud AP
all Displays all the -

configuration information.
inactive Displays the offline -

simple Displays the current simple -

configuration.
section section Specifies the The value is a string of 1 to

configurations to be 79 case-insensitive
obtained based on types. characters without spaces.
Views
All views
Default Level
3: Management level
Usage Guidelines
To check whether the configured parameters take effect, run the display current-
configuration command. The parameters that do not take effect are not
displayed.
The command output is relevant to user configuration. The command does not
display the default configuration.
You can use a regular expression to filter the command output. For the regular
expression rules, see Filtering Command Outputs in Configuration Guide.
If the configuration is in the offline state. The offline configuration is marked with
* in the display current-configuration all and display current-configuration
inactive command output.
Example
# Display all configurations that include vlan.
<HUAWEI> display current-configuration | include vlan
vlan batch 10 77 88
port trunk allow-pass vlan 10
3.6.6 display reset-reason

Function
The display reset-reason command displays device reset reasons.

Fat AP and Cloud AP
Format
display reset-reason
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If a device resets unexpectedly, you can run this command to view the device reset
reason for further fault locating.
Example
# Display device reset reasons.
<HUAWEI> display reset-reason
The MPU frame[0] board[0]'s reset total 1, detailed information:
-- 1. 2014-09-01 00:00:06, Reset No.: 1
Reason: Reset for power off
Table 3-38 Description of the display reset-reason command output
Item Description
frame Frame ID of a card.
board Slot ID of a card.
reset total Number of times a card is reset.
detailed information Detailed information about card resets.
2014-09-01 00:00:06 Time when a card resets.

NOTE
When the reset reason is displayed as Reset
for power off or Reset for others, the value
of this parameter is the system startup time
rather than the system reset time.
Reset No. Number of a reset.
Reason Reason for a reset. For details about

common reset reasons, see Table 3-39.

Fat AP and Cloud AP
Table 3-39 Common device reset reasons

Reason Description Handling Suggestion
Reset for others The device is reset for Contact technical support
other reasons. personnel.
Reset by user The device reset No action is required.

command command is run.
Reset for memory use The memory is used Check the memory usage.
out up.
Reset for power off The AP is powered off If the AP restarts repeatedly,
and then restarted, or check whether the AP power
the BT power supply supply mode matches the
mode is forcibly used. actual power supply.
Reset for kernel panic A kernel panic (KP) Contact technical support
occurs. personnel.
Reset for switch zone The AP is upgraded, No action is required.

after update version and the active and
standby areas are
switched.
Reset for update The AP is successfully No action is required.

version success upgraded.
Reset for update The AP fails to be Check why the AP fails to be

version failed upgraded. upgraded.
Reset for exception A VOS exception Contact technical support

occurs. personnel.
Reset for watchdog A watchdog exception Contact technical support

occurs. personnel.
Reset for reset-key The RESET button is No action is required.

pressed.
Reset for the radio The radio type is No action is required.

type is different from inconsistent with that
that specified by the in the configuration
configuration file file.
Reset for the radio The radio type is No action is required.

type is changed changed.
Reset for 11ac target The Wi-Fi chip Contact technical support
chip abnormal firmware is abnormal. personnel.
Reset for tx dma stop The TX DMA stops Contact technical support
and packet personnel.
transmission becomes
abnormal.

Fat AP and Cloud AP
Reset for restoration to The factory defaults No action is required.

factory defaults(by are restored through a
command) command.
Reset for MFPI detect The MFPI module Contact technical support
MSC module abnormal detects an MSC personnel.
module exception.
MSU module detects an MSU personnel.
abnormal module exception.
KAP module abnormal detects a KAP module personnel.
exception.
Reset for a country The country code is No action is required.

code change changed.
Reset for an AP MAC The MAC address or No action is required.

or SN change SN of the AP is
changed.
Reset for an AP The AP is upgraded. No action is required.

upgrade
Reset for the ap-reset The AP reset No action is required.

command command is executed.
Reset for the undo ap The AP deletion No action is required.

command command is executed.
Reset for license The license expires. Purchase and activate a new
expiration license.
Reset for the AP added The AP is blacklisted. No action is required.

to the blacklist
Reset for the CAPWAP The AP status is No action is required.

link and AP status inconsistent with the
mismatch CAPWAP link status.
Reset for a DTLS The DTLS status is No action is required.

configuration change changed.
Reset for a CAPWAP The CAPWAP link No action is required.

link fault status is abnormal.

factory defaults are restored.
Reset for a dual-link An active/standby link No action is required.

backup switch change switchover occurs on
the AC.

Fat AP and Cloud AP
Reset for the ap- The AP renaming No action is required.

rename command command is delivered.
Reset for the ap- The AP regrouping No action is required.

regroup command command is delivered.
Reset for an AP An AP status conflict No action is required.

conflict state change occurs.
Reset for an AP The management No action is required.

management VLAN VLAN of the AP is
change changed.
Reset for commands in The command for No action is required.

the provision-ap view setting AP onboarding
parameters is
delivered.
Reset for a country The country code is Check the country code
code mismatch not supported by the configuration.
AP.
Reset for a central AP The type of the central No action is required.

type change AP changes.
Reset for AP deleted by The AP is deleted by No action is required.

controller the AC.
Reset for abnormal Self-healing occurs Check the network port.

network port self- upon a network port
healing exception.
Reset for the radio A radio type mismatch No action is required.

type mismatch exists between the AC
between the AP and and AP.
AC
Reset for the DTLS The DTLS No action is required.

configuration change configuration of a
of the data link data link is changed.
Reset for AP self- The time during which Check the reason why the AP
healing (The time the AP is offline goes offline.
during which the AP is exceeds the specified
offline exceeds the timeout threshold for
specified timeout an AP reset triggered
period for an AP reset by self-healing.
triggered by self-
healing)

Fat AP and Cloud AP
Reset for a channel set The outdoor AP loads No action is required.

switching the country code
channel set
configuration for
indoor APs.
Reset for the online The device goes No action is required.

configuration offline due to
switching incorrect
configurations and is
reset for self-healing.
Reset for slow task The system runs Check the memory usage.
switching slowly.

factory defaults(by are restored through
button) the RESET button.
Reset for a A configuration Check the cause of the

configuration delivery delivery failure occurs. configuration delivery failure.
failure
CAP PBUF use out detects that the PBUF personnel.
for traffic forwarding
is used up.
Reset for The Redis-server Contact technical support

exception(redis-server process exits personnel.
exit) unexpectedly.
Reset for The Confd process Contact technical support

exception(confd exit) exits unexpectedly. personnel.
Reset for The Callhome process Contact technical support

exception(callhome exits unexpectedly. personnel.
exit)
Reset for an abnormal A process exception Contact technical support

process occurs. personnel.
Reset for a smart A smart upgrade is No action is required.

upgrade performed.
Reset for the branch The branch AP group No action is required.

group of AP change is changed.
Reset for the AC The AC license expires. Purchase and activate a new
license expires license.

Fat AP and Cloud AP
Reset for the version The AP does not go Check why the AP fails to go
rollback because the online after an online online.
AP does not go online upgrade, and rolls
after the online back to the earlier
upgrade version.
System initialized and The system is No action is required.

reset all initialized and all
cards are reset.
VRP reset selfboard The VRP resets the No action is required.

because of command MPU using a
command.
VRP reset selfboard The MPU is reset Contact technical support

because of Unexpected because an personnel.
State unexpected VRP status
exists.
VRP reset selfboard The VRP detects that Check the memory usage.
because of no memory the memory of the
MPU is insufficient.
VRP reset selfboard The batch backup is Contact technical support

because slave didn't not complete and the personnel.
finish Batch MPU does not
respond.
Reset selfboard The VRP detects an Contact technical support

because of find infinite loop. personnel.
deadloop
Reset selfboard The VRP detects an Contact technical support

because of find exception. personnel.
exception
Reset for patch get The patch status fails Contact technical support
state fail to be obtained. personnel.
Reset for patch load The patch file fails to Contact technical support
file fail be obtained. personnel.
Reset for patch The patch file fails to Contact technical support
synchronize file fail be synchronized. personnel.
Reset for CPLD self- The CPLD self-check Contact technical support
test fail fails. personnel.
Cold reset board for The CPU of a card is Contact technical support
CPU is not active not started, so the personnel.
card is cold reset.

Fat AP and Cloud AP
Reset slave board for The memory size of Check the memory usage.
memsize too little the standby card is
too small, so the card
is reset.
Reset for cfcard A CF card exception Contact technical support

storage exception occurs. personnel.
Reset for dangerous The card is reset due Contact technical support
temperature to high temperature. personnel.
Reset for mfpi detect The MFPI module Contact technical support
fwd abnormal detects a forwarding personnel.
exception.
Reset for MSC detect The MSC module Contact technical support
PKO module abnormal detects a PKO module personnel.
exception.
Reset for ap disturbed APs are located too Increase the distance
close, causing between APs.
interference.
Reset for disable The security engine is No action is required.

defence engine disabled.
Reset for an AC The Wideband status No action is required.

wideband status changes.
change
Reset for the forcible The AP is forcibly Contact technical support

AP disconnection in disconnected in personnel.
specific scenarios specific scenarios.
Reset for restore the The Ethernet port No action is required.

Ethernet port's mode mode is restored.
as configured
Reset for ap abnormal The Wi-Fi driver Contact technical support

self-healing abnormally receives personnel.
and transmits packets
for a long period of
time.
Reset for the proxy A radio switchover No action is required.

scanning mode occurs.
switching
Reset for a module An exception occurs in Contact technical support

exception the NP chip module. personnel.
Reset for a heartbeat A heartbeat fault Contact technical support

failure occurs on the NP chip. personnel.

Fat AP and Cloud AP
Reset for the number The number of soft or Contact technical support
of soft or hard failures hard failures on the personnel.
exceeding the NP chip reaches the
threshold threshold.
Reset for isolation of More than half of Contact technical support

more than half of ATOM threads on the personnel.
atom threads NP chip are isolated.
Reset for a fatal An exception occurs Contact technical support

exception on the NP. personnel.
3.6.7 display saved-configuration

Function
The display saved-configuration command displays the configuration file to be
used for the next startup.
Format
display saved-configuration [ last | time ]
Parameters
last Displays the system configurations saved last time. -
time Displays the recent time when the configurations are saved -
manually or automatically.
Views
All views
Default Level
3: Management level
Usage Guidelines
If the device has been started and is not working properly, run the display saved-
configuration command to check the device startup configuration in the file
specified by running the startup saved-configuration command.
Run the display saved-configuration last command to check the system
configurations saved last time in the configuration file loaded during the current
startup.

Fat AP and Cloud AP
Run the display saved-configuration time command to check the last time when
the system configurations are saved.
The command output is relevant to user configuration.
Example
# Display the configuration file for the next startup.
<HUAWEI> display saved-configuration
#
sysname HUAWEI
#
http timeout 3
#
dns resolve
#
pki realm default
enrollment self-signed
#
interface GigabitEthernet0/0/1
port link-type trunk
undo lldp enable
#
interface NULL0
#
user-interface maximum-vty 15
user-interface con 0
authentication-mode password
......
3.6.8 display schedule reboot

Function
The display schedule reboot command displays the configuration of the
scheduled restart of the device.
Format
display schedule reboot
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
After using the schedule reboot command to configure a scheduled restart, you
can use this command to view the configuration of the scheduled restart.

Fat AP and Cloud AP
Example
# Display the configuration of the scheduled restart of the device.
<HUAWEI> display schedule reboot
Info:System will reboot at 22:00:00 2013/09/17 (in 1 hours and 43 minutes).
Table 3-40 Description of the display schedule reboot command output
Item Description
System will reboot at Specific restart time.
in hours and minutes Time span between the restart time and the current
time.
3.6.9 display startup

Function
The display startup command displays the system software, configuration file and
patch file for the current and next startup.
Format
display startup
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Before upgrading or degrading a device, run this command to check whether the
files for next startup have been loaded. If the files have been loaded, the device
can be upgraded or degraded successfully after it is restarted. You can also run the
command to view the system software and files for current startup.
Example
# Display the names of system software for current and next startup. The
following information is displayed when the AP is a common AP.

Fat AP and Cloud AP
<HUAWEI> display startup

Current startup system software: V200R019C00SPC100(AP8130DN FAT)
Backup startup system software: V200R019C00SPC100(AP8130DN FAT)
Next startup system software: V200R019C00SPC100(AP8130DN FAT)
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup patch package: NULL
Next startup patch package: flash:/patch-v2.pat
# Display the names of system software for current and next startup. The
following information is displayed when the AP is a central AP.
<HUAWEI> display startup
Current startup system software: V200R019C00SPC200(AD9430DN-24 FAT)
Backup startup system software: V200R019C00SPC100(AD9430DN-24 FAT)
Next startup system software: V200R019C00SPC200(AD9430DN-24 FAT)
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup patch package: NULL
Next startup patch package: NULL
Table 3-41 Description of the display startup command output

Item Description
Current startup system software System software for the current startup
Backup startup system software Backup system software.
Next startup system software System software for the next startup
Startup saved-configuration file Configuration file for current startup.
Next startup saved-configuration file Configuration file for next startup.
Startup patch package Patch file for current startup.

"Null" indicates that no patch file is
specified.
Next startup patch package Patch file for next startup.

"Null" indicates that no patch file is
specified for next startup.
3.6.10 reset saved-configuration

Function
The reset saved-configuration command clears the next startup configuration
file and cancels the configuration file used for next startup.
Format
reset saved-configuration
Parameters
None

Fat AP and Cloud AP
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
● If the configuration file on the device is incompatible with the upgraded

software, run the reset saved-configuration command to clear the
configuration file and then run the startup saved-configuration command to
specify a new configuration file.
● If the device in use is applied to another scenario and the original
configuration file of the device does not meet requirements in the scenario,
run the reset saved-configuration command to clear the existing
configuration file and restart the device to restore its factory configurations.
Precautions
● Exercise caution and follow the instructions of the technical support personnel
when you run this command.
● If this command is run, the system checks the configuration file to be loaded
at the next startup and the existing configuration file to be deleted:
– If the two configuration files are consistent, running the reset saved-
configuration command clears the settings for both files. The default
configuration file will be used for the next startup.
– If the two configuration files are inconsistent, running the reset saved-
configuration command clears the settings for the configuration file for
the next startup, and the settings for the current configuration file are
not cleared.
– If the current configuration file is empty, and the configuration file for
the next startup is not empty, running the reset saved-configuration
command clears the settings for the configuration file for the next
startup.
– If the configuration file for the next startup is empty, and the current
configuration file is not empty, after the reset saved-configuration
command is run, the system prompts an error and no settings are
cleared.
● When a user is saving a configuration file, running the reset saved-
configuration command will not delete the existing configuration file.
● If you do not use the startup saved-configuration command to specify a
new configuration file containing correct configurations or do not save the
configuration file after running the reset saved-configuration command, the
device uses factory configurations for startup. If the device does not have
factory configurations, it uses default configurations for startup.

Fat AP and Cloud AP
Example
# Clear the next startup configuration file in the storage device and cancel the
configuration file used for next startup.
<HUAWEI> reset saved-configuration
This will delete the configuration in the flash memory.
The device configurations will be erased to reconfigure. Continue? (y/n)[n]:y
Clear the configuration in the device successfully.
3.6.11 reboot
Function
The reboot command restarts the device.
Format
reboot [ fast ]
Parameters
fast Fast restarts the device. In fast restart mode, the -

configuration file is not saved.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command functions in the same way as a power recycle operation (power off
and then restart the device). The command enables you to restart the device
remotely.
● After the reboot command is run, if the current configuration is modified, the
system displays a message asking you whether to save the configuration
before a restart.
Info: The system is comparing the configuration, please wait................
Warning: All the configuration will be saved to the next startup configuration. Continue ? [y/n]: y
● After the reboot fast command is run, the system restarts quickly without
displaying any message and the configuration is lost.
● After the reboot fast command is run, the system displays the following
message:
Info: system is sync data now, please wait ...

Fat AP and Cloud AP
The message indicates that the system is synchronizing internal data.

Precautions
● If you do not respond to the displayed message within the timeout period
after running this command, the system will return to the user view and the
device will not be restarted.
● This command interrupts services on the entire device. Therefore, do not use
this command when the device is running properly.
● Before restarting the device, ensure that the configuration file has been saved.
Example
# Restart the device.
<HUAWEI> reboot
# Restart the device quickly.

<HUAWEI> reboot fast
System will reboot! Continue ? [y/n]: y
3.6.12 reset factory-configuration

Function
The reset factory-configuration command resets the device to factory defaults.
Format
reset factory-configuration
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If an incorrect configuration that leads to a malfunction is performed, to restore
the device to factory settings, run the reset factory-configuration command.
Precautions
After being reset to factory settings, the device does not delete the original
configuration file. If you have saved the configuration file in advance, run the
startup saved-configuration configuration-file command to specify the saved

Fat AP and Cloud AP
one as the startup configuration file. Then restart the device again to restore the
original device configurations. If the configuration file is not saved before the
device is reset to factory defaults, the configuration information will be lost after
the reset is complete.
After you run the reset factory-configuration command, the configurations of
the following commands will not be reset:
● clock daylight-saving-time
● clock datetime
● clock timezone
Example
# Reset the device to factory defaults.
<HUAWEI> reset factory-configuration
Warning: All of configurations will restore to factory and restart. Continue? [y/n]:y
3.6.13 startup patch

Function
The startup patch command specifies the patch file for next startup.
Format
startup patch patch-name
Parameters
patch-name Specifies the name The value is a string of 4 to 64 case-sensitive

of the patch file for characters without spaces. It is in the format
next startup. of [ drive-name ] [ path ] [ file-name ]. If
drive-name is not specified, the name of the
default storage device is used.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To make the patch file take effect after the device restarts, run this command to
specify the patch file for next startup.

Fat AP and Cloud AP
Follow-up Procedure
Run the reboot or the schedule reboot command to restart the device.
Precautions
● A patch file uses .pat as the file name extension and must be saved in the
root directory.
● If you use this command to specify another patch for next startup, the
previous patch will be overridden.
● After the patch file is specified for next startup, run the display startup
command to view the patch file.
– If the patch file for next startup is not empty, the device load the patch
automatically after next startup.
– If the patch file for next startup is empty, the device cannot load the
patch after next startup.
● After the startup patch command is run, use either of the following methods
if you do not want the specified patch package to take effect after the system
restart:
– Run the patch delete command to delete the current patch.
– Run the reset patch-configure next-startup command to clear the
patch file to be used at the next startup.
Example
# Specify the patch file for next startup.
<HUAWEI> startup patch patch.pat
3.6.14 reset patch-configure

Function
The reset patch-configure command clears the patch settings.
Format
reset patch-configure next-startup
Parameters
next-startup Clears the patch status and settings for the next startup. -
Views
User view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
If you run the reset patch-configure next-startup command, the system clears
the settings for the next startup patch and sets the patch status to idle.
Example
# Clear the patch status and settings for the next startup.
<HUAWEI> reset patch-configure next-startup
The patch will be deleted. Continue? (y/n)[n]:y
Info: Succeeded in resetting the next-startup patch state.
3.6.15 save
Function
The save command saves the configurations to the default directory.
Format
save [ all ] [ configuration-file ]
Parameters
all Indicates that all configurations are -

saved, including the configurations
of the boards that are not running.
configuration-file Specifies the name of a The value is a string of 5

configuration file. to 64 case-sensitive
characters without
spaces.
Views
User view
Default Level
Usage Guidelines
Usage Scenario
You can run commands to modify the current configuration of the device, but the
modified configuration will be lost after the device restarts. To enable the new
configuration to take effect after a restart, save the current configuration in the
configuration file before restarting the device.

Fat AP and Cloud AP
When a series of configurations are complete and take effect, you must save the
current configuration file to the storage device.
The save configuration-file command saves the current configuration to a specific
file on the storage device. Generally, running the save configuration-file command
does not affect the current startup configuration file. If the configuration file
specified by configuration-file has the same name with the current configuration
file and the default directory is used, running the save configuration-file
command is equivalent to running the save command.
Run the save all command to save all the current configurations, including the
configurations of the boards that are not running, to the default directory.
The save all configuration-file command saves the current configuration to a
specific file on the storage device. Generally, running the save all configuration-
file command does not affect the current startup configuration file. If the
configuration file specified by configuration-file has the same name with the
current configuration file and the default directory is used, running the save all
configuration-file command is equivalent to running the save all command.
If you do not specify configuration-file when saving the configuration file for the
first time, the system asks you whether to save the configuration file as
vrpcfg.zip.
Precautions
● If you do not specify configuration-file, configurations are saved to the next
startup configuration file. You can run the display startup command to check
the name of the next startup configuration file.
● If the configuration file to be saved using this command has the same name
with the existing configuration file, the existing configuration file is rewritten.
● The configuration file name extension must be .zip or .cfg.
– .cfg: The file is saved in plain text mode. After the file is specified as the
configuration file, all commands in the file are recovered one by one
during startup.
– .zip: The .cfg file is compressed to a .zip file that occupies less space. After
being specified as the configuration file, the .zip file is decompressed to
the .cfg file and all commands in the .cfg file are recovered one by one
during startup.
Example
# Save the current configuration file to the default directory.
<HUAWEI> save
The current configuration will be written to the device. Continue?(y/n):y
It will take several minutes to save configuration file, please wait........
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated

Fat AP and Cloud AP
3.6.16 schedule reboot

Function
The schedule reboot command configures the scheduled restart of a device and
set the specific time when the device restarts or the delay time before the device
restarts.
The undo schedule reboot command disables the scheduled restart function.
By default, the scheduled restart is disabled.
Format
schedule reboot { at time | delay interval }
undo schedule reboot
Parameters
at time Specifies the The format of time is hh:mm YYYY-MM-DD. The
device restart restart time must be later than the current device
time. time by less than 720 hours.YYYY-MM-DD
indicates year, month, and date and is optional.
● hh indicates hour and the value ranges from 0
to 23.
● mm indicates minute and the value ranges
from 0 to 59.
● YYYY indicates year and the value ranges from
2000 to 2099.
● MM indicates month and the value ranges
from 1 to 12.
● DD indicates date and the value ranges from 1
to 31.
delay Specifies the The format of interval is hh:mm or mm. The
interval delay time delay time must be no more than 720 hours.
before the ● In hh:mm, hh indicates hour and the value
device restarts. ranges from 0 to 720 and mm indicates
minute and the value ranges from 0 to 59.
● mm indicates minute and the value ranges
from 0 to 43200.
Views
User view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
When upgrading or restarting the device, you can configure the device to restart
at time when few services are running to minimize the impact on services.
Precautions
● If the schedule reboot at command is used to set a specific date (YYYY-MM-
DD) and the date is a future date, the device restarts at the specified time,
with an error within 1 minute. If no date is set, two situations occur: If the
specified time is later than the current time, the device restarts at the
specified time of the day. If the specified time is earlier than the current time,
the device restarts at the set time next day.
● Note that the gap between the specified date and current date must be
shorter than or equal to 720 hours If the scheduled restart has been
configured, the latest configuration overrides the previous one.
● The scheduled restart function becomes invalid when you use the clock
datetime command to set the system time to over 10 minutes later than the
restart time set by the schedule reboot command. If the time difference is
equal to or less than ten minutes, the device immediately restarts and does
not save the configuration.
● This command restarts the device at the specified time, interrupting all
services on the device. Therefore, do not use this command when the device is
running properly.
● Before restarting the device, ensure that the configuration file has been saved.
Example
# Configure the device to restart at 22:00.
<HUAWEI> schedule reboot at 22:00
Info:Reboot system at 22:00:00 2012/07/25(in 10 hours and 10 minutes) confirm?[Y
/N]:y
3.6.17 startup saved-configuration

Function
The startup saved-configuration command specifies the system configuration file
for next startup.
Format
startup saved-configuration configuration-file

Fat AP and Cloud AP
Parameters
configuration-file Specifies the name of a The value is a string of 4 to 64

configuration file. Make case-sensitive characters without
sure that the file exists. spaces and %. The file name
extension can be .zip or .cfg.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When the original configuration file cannot be used due to the software upgrade,
run the startup saved-configuration command to specify another configuration
file for next startup. The startup configuration file must be saved in the root
directory of the storage device.
Follow-up Procedure
Precautions
● The configuration file specified for the next startup must exist.
● The configuration file name extension must be .zip or .cfg.
– A configuration file with the file name extension .cfg is a text file, and
you can view the file content in the text file. After the file is specified as
the configuration file for next startup, the system restores all commands
in the file one by one during a startup.
– A .cfg file is compressed to a .zip file that occupies less space. After being
specified as the configuration file, the .zip file is decompressed to the .cfg
file and the system restores all commands in the .cfg file one by one
during startup.
● Users at level 3 or higher can change the configuration file used for the next
startup.
Example
# Specify the system configuration file for the next startup.
<HUAWEI> startup saved-configuration vrpcfg.cfg
This operation will take several minutes, please wait.....
Info: Succeeded in setting the file for booting system

Fat AP and Cloud AP
3.6.18 startup system-software

Function
The startup system-software command specifies the system software for next
startup.
The AP5030DN, AP5130DN, AP3030DN, AP4030DN, AP4130DN, AP4050DN,

AP4051DN, AP4151DN, AP4050DN-S, AP1050DN-S, AP9131DN, AP9132DN,
AP5030DN-S, and AP4030DN-E do not support this command.
Format
startup system-software { backup | current }
Parameters
backup Specifies the backup system software for next startup. -
current Specifies the current system software for next startup. -
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To roll back to the backup system software, run the startup system-software
backup command to specify the backup system software for next startup. The
rollback will be complete after a device reset.
Follow-up Procedure
Example
# Specify the backup system software for next startup.
<HUAWEI> startup system-software backup
3.7 Upgrade Commands

Fat AP and Cloud AP
3.7.1 ap-mode-switch
Function
The ap-mode-switch command switches an AP's working mode.
Format
ap-mode-switch { fit | cloud }
NOTE
Only the AP5050DN-S, AP2051DN, AP2051DN-S, AP2051DN-E, AP1050DN-S,

AD9431DN-24X, AP2050DN, AP2050DN-S, AP2050DN-E, AP4050DN-HD, AP4050DN-E,
AP7050DN-E, AP7050DE, AD9430DN-12, AD9430DN-24, AP6150DN, AP6050DN,
AP8130DN, AP8030DN, AP4050DN, AP4051DN, AP4151DN, AP4050DN-S, AP8050DN,
AP8150DN, AP8050DN-S, AP4051TN, AP6052DN, AP7052DN, AP7152DN, AP7052DE,
AP8050TN-HD, AP8082DN, AP8182DN, AP4050DE-M, AP4050DE-M-S, AP4050DE-B-S,
AP3050DE, AP7060DN, AP2051DN-L-S, AP5510-W-GP, AP6750-10T, AirEngine 5760-10
support the ap-mode-switch { fit | cloud } command.
The AP4030TN does not support the cloud mode.
Parameters
fit Switches a Fat AP to the -

Fit mode.
cloud Switches a Fat AP to the -

cloud mode.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To switch a Fat AP to the Fit or cloud mode, run the ap-mode-switch command.
Example
# Switch a Fat AP to the Fit mode.
[HUAWEI] ap-mode-switch fit
Warning: All the configuration will be saved to the next startup configuration.

Fat AP and Cloud AP
Continue ? [y/n]: y
Warning: The system will reboot and start in fit mode of V200R019C00. Continue? [y/n]: y
3.7.2 ap-mode-switch check
Function
The ap-mode-switch check command checks whether an AP allows for switching
between a Fit AP and a Fat AP.
NOTE
Only the AP5030DN, AP5130DN, AP4030DN, AP4130DN, AP5030DN-S, AP3030DN, AP9131DN,

AP9132DN, AP4030DN-E, and AP3010DN-V2 support this command.
Format
ap-mode-switch check
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Before switching the working mode of an AP, run this command to check whether
the AP allows for switching between the Fit AP and Fat AP. The system software of
an AP can be changed or upgraded only after the check result shows that the AP
allows for mode switching.
NOTE
If the AP does not allow for mode switching from a Fit AP to a Fat AP, run the ap-mode-
switch prepare command to configure the file system to allow for such switching.
Example
# Check whether an AP allows for switching between a Fit AP and a Fat AP.
[HUAWEI] ap-mode-switch check
Info: Ap-mode-switch check ok.

Fat AP and Cloud AP
3.7.3 ap-mode-switch ftp
Function
The ap-mode-switch ftp command connects an AP to an FTP server to download
the system software package for AP mode switching.
Format
ap-mode-switch ftp filename server-ip-address user-name password [ port ]
ap-mode-switch { fit | cloud } ftp filename server-ip-address user-name

password [ port ]
Table 3-42 Mode switching-related commands supported by APs
AP Model Whether the ap-mode- Whether the ap-mode-

switch ftp Command Is switch { fitfat | cloud }
Supported ftp Command Is
Supported
AP5030DN/AP5130DN/ Yes No
AP4030DN/AP4130DN/
AP5030DN-S/
AP3030DN/AP9131DN/
AP9132DN/AP4030DN-
E/AP3010DN-V2
AP2051DN/AP2051DN- No Yes
S/AP2051DN-E/
AP5050DN-S/AP4030TN/
AP6050DN/AP6150DN/
AP2050DN/AP2050DN-
S/AP2050DN-E/
AP4050DN-E/
AP4050DN-HD/
AP7050DN-E/AP7050DE/
AP8050DN/AP8150DN/
AP8050DN-S/
AP4050DN/AP4051DN/
AP4151DN/AP4050DN-
S/AP4051DN-S/
AP8030DN/AP8130DN/
AD9430DN-24/
AD9430DN-12/
AP1050DN-S/
AD9431DN-24X/
AP4050DE-M/AP4050DE-
M-S/AP4050DE-B-S/
AP3050DE/AP7060DN/
AP2051DN-L-S/AP5510-
W-GP/AP6750-10T/
AirEngine 5760-10

Fat AP and Cloud AP

switch ftp Command Is switch { fitfat | cloud }
Supported ftp Command Is
Supported
Other AP models do not support the preceding commands.
Parameters
fit Switches a Fat AP to a -

Fit AP.
cloud Switches a Fat AP to a -

cloud AP.
filename Specifies the name of The value is a string of 1

the system software to 127 characters with
package used for mode no space but the file
switching on an FTP name suffix contained.
server.
server-ip-address Specifies the IP address The value is in dotted

of an FTP server. decimal notation.
port Specifies the port The value is an integer

number of an FTP server. that ranges from 0 to
is 21.
user-name Specifies the user name The value is a string of 1

used to log in to an FTP to 31 characters with no
server. space.
Keywords in a command
line such as ftp, tftp,
and sftp cannot be used
as user-name for the
device to log in to the
server.
password Specifies the password The value is a string of 1

server. space.
as password for the
server.

Fat AP and Cloud AP
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To use the FTP server to switch a Fat AP to a Fit AP or cloud AP, run this
command to switch the system software package of the AP.
Due to low security of the FTP mode, the SFTP mode (ap-mode-switch sftp) is
recommended.
Prerequisites
The system software package has been uploaded to the FTP server.
It has been confirmed that the AP allows for switching between a Fit AP and a Fat
AP by running the ap-mode-switch check command.
NOTE

Example
# Switch AP1 from a Fat AP to a Fit AP using the FTP server (192.168.1.1).
[HUAWEI] ap-mode-switch ftp AP1_V200R019C00.bin 192.168.1.1 admin admin
Warning: Switching to the upgrade-assistant-package will reboot the system. Continue? [Y/N]:y
# Switch AP2 from a Fat AP to a Fit AP using the FTP server (192.168.1.1).
[HUAWEI] ap-mode-switch fit ftp AP2_V200R019C00.bin 192.168.1.1 admin admin
Continue ? [y/n]: y
3.7.4 ap-mode-switch prepare
Function
The ap-mode-switch prepare command configures a Fit AP to get prepared for
switching to a Fat AP.
NOTE
Only the AP5030DN, AP5130DN, AP4030DN, AP4130DN, AP5030DN-S, AP3030DN,

AP9131DN, AP9132DN, AP4030DN-E, and AP3010DN-V2 support this command.

Fat AP and Cloud AP
Format
ap-mode-switch prepare
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Before switching a Fit AP to a Fat AP, run the ap-mode-switch check command to
check whether the Fit AP allows for switching to a Fat AP. If not, run the ap-
mode-switch prepare command to get the Fit AP prepared for switching to a Fat
AP. Then connect the Fit AP to an FTP, TFTP, or SFTP server and download the Fat
AP system software package from the server so that the Fit AP can switch to a Fat
AP.
NOTE
After the ap-mode-switch prepare command is executed, run the ap-mode-switch check
command again to ensure that the Fit AP allows for switching to a Fat AP.
Example
# Configure a Fit AP to allow for switching to a Fat AP.
[HUAWEI] ap-mode-switch prepare
Info: Prepare is ok, Use ap-mode-switch command to switch to fat ap.
3.7.5 ap-mode-switch sftp
Function
The ap-mode-switch sftp command connects an AP to an SFTP server to
download the system software package for AP mode switching.
Format
ap-mode-switch { fit | cloud } sftp filename server-ip-address user-name
password [ port ]

Fat AP and Cloud AP
Table 3-43 Mode switching-related commands supported by APs

switch sftp Command Is switch { fit | cloud }
Supported sftp Command Is
Supported
AD9430DN-24/ No Yes
AD9430DN-12/
AD9431DN-24X/
AP2051DN/AP2051DN-
S/AP2051DN-E/
AP5050DN-S/
AP4050DN/AP4051DN/
AP4151DN/AP4050DN-
S/AP4051DN-S/
AP1050DN-S/AP4030TN/
AP6050DN/AP6150DN/
AP2050DN/AP2050DN-
S/AP2050DN-E/
AP4050DN-E/
AP4050DN-HD/
AP7050DN-E/AP7050DE/
AP4051TN/AP6052DN/
AP7052DN/AP7152DN/
AP7052DE/AP8050DN/
AP8150DN/AP8050DN-
S/AP8030DN/
AP8130DN/AP8050TN-
HD/AP8082DN/
AP8182DN/AP4050DE-
M/AP4050DE-M-S/
AP4050DE-B-S/
AP3050DE/AP7060DN/
AP2051DN-L-S/AP5510-
W-GP/AP6750-10T/
AirEngine 5760-10
Parameters
fit Switches a Fat AP to a -

Fit AP.
cloud Switches a Fat AP to a -

cloud AP.

Fat AP and Cloud AP

the system software to 127 characters with
package used for mode no space but the file
switching on an SFTP name suffix contained.
server.

of an SFTP server. decimal notation.

number of an SFTP that ranges from 0 to
server. 65535. The default value
is 22.

used to log in to an SFTP to 31 characters with no
server. space.
server.

server. space.
as password for the
server.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To use the STP server to switch a Fat AP to a Fit AP or a cloud AP, run this
command to switch the system software package of the AP.
Prerequisites

Fat AP and Cloud AP
The system software package has been uploaded to the SFTP server.
It has been confirmed that the AP allows for switching between a Fit AP and a Fat
AP by running the ap-mode-switch check command.
NOTE

Example
# Switch AP1 from a Fat AP to a Fit AP using the SFTP server (192.168.1.1).
[HUAWEI]ap-mode-switch sftp AP1_V200R019C00.bin 192.168.1.1 admin admin
Warning: Switching to the upgrade-assistant-package will reboot the system. Continue? [Y/N]:y
# Switch AP2 from a Fat AP to a Fit AP using the SFTP server (192.168.1.1).
[HUAWEI] ap-mode-switch fit sftp AP2_V200R019C00.bin 192.168.1.1 admin admin
Continue ? [y/n]: y
3.7.6 display paf
Function
The display paf command displays information about the product adapter file
(PAF) in the system.
Format
display paf { all | { resource | service } item-name }
Parameters
all Displays all information -

about the PAF file.
resource Specifies the value set for a -

resource item in the PAF
file.
service Specifies the value set for a -

service item in the PAF file.
item-name Specifies the name of a The value is a string of 1 to

resource item or a service 64 characters.
item.

Fat AP and Cloud AP
Views
All views
Default Level
3: Management level
Usage Guidelines
A PAF file provides only required resources and features. This command can
display all the specification information about the PAF file.
Example
# Display the value set for a resource item in the PAF file.
<HUAWEI> display paf resource PAF_LCS_NQA_SPECS_NUM_ENTRY
PAF_LCS_NQA_SPECS_NUM_ENTRY = 0, 32, 32, 0
# Display the value set for a service item in the PAF file.
<HUAWEI> display paf service PAF_LCS_BFD_BASIC_SPECS_ENABLED
PAF_LCS_BFD_BASIC_SPECS_ENABLED = 0, 1
Table 3-44 Description of the display paf resource command output
Item Description
PAF_LCS_NQA_SPECS_NUM_ENTRY Resource item name in the PAF file.
0 Whether a resource item is controlled

by a license.
● 1: yes
● 0: no
32 Default value of the resource item in

the PAF file.
32 Maximum value of the resource item

in the PAF file.
0 Minimum value of the resource item in

the PAF file.
Table 3-45 Description of the display paf service command output
Item Description
PAF_LCS_BFD_BASIC_SPECS_ENABLED Service item name in the PAF file.

Fat AP and Cloud AP
Item Description
0 Whether a service item is controlled by

a license.
● 1: yes
● 0: no
1 Service status.
● 1: enabled
● 0: disabled
3.7.7 display patch-information

Function
The display patch-information command displays information about the patch
package in the system.
Format
display patch-information
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After a patch package is loaded or deleted, you can run this command to view
information about the patch package in the system, including the version and
name.
Example
# Display information about the patch package in the system.
<HUAWEI> display patch-information
Patch Package Name :flash:/AP6050DN_V200R019C00.pat
Patch Package Version :V200R019C00
The current state is:Running
******************************************************************
* The patch information, as follows *
******************************************************************

Fat AP and Cloud AP
Type State Count Time(YYYY-MM-DD HH:MM:SS)

------------------------------------------------------------------
VRP Running 1 2020-07-04 18:51:04+00:00
Table 3-46 Description of the display patch-information command output
Item Description
Patch Package Name Name of the running patch package.
Patch Package Version Version of the running patch package.
The current state is State of the running patch package.
Type Patch type.
State State of patches of each type in the system.

● Deactive
● Active
● Running
● Startup: After the patch package for
next startup is specified, the state of
patches will become Startup. If a new
state change occurs, the Startup state
will be overwritten.
● Idle: No patch is available in the system.
Count Number of patches of each type in the

system.
Time Activation time of patches of each type in

the system.
3.7.8 patch delete all
Function
The patch delete all command deletes patches on the current system.
Format
patch delete all
Parameters
None
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
● If you find errors in patches that have been loaded to the system, run this
command to delete the patches to prevent patch errors from affecting system
operating.
● Before loading a non-incremental patch, run this command to delete the
existing patches (if any). Otherwise, the non-incremental patch cannot be
loaded.
Example
# Delete all patches.
<HUAWEI> patch delete all
The patch will be deleted. Continue? (y/n)[n]:y
3.7.9 patch load
Function
The patch load command loads the patches to the patch areas in the system.
Format
patch load filename all run
Parameters
filename Specifies the path and The value is a string of 4

file name of a patch to 64 case-sensitive
package. The path can characters without
be an absolute path or a spaces. The file name
relative path. must have an extension
of .pat.
all Loads the patches of all -

boards.
run Runs loaded patches of -

all boards.
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When you load a patch to the current system, the system searches the patch
package for a matching patch file according to the attributes of the patch file.
● If a matching patch file is found in the patch package, the system loads the
patch.
● If no matching patch file is found in the patch package, the system does not
load any patch.
Prerequisites
The patch package has been uploaded to the root directory of the storage device.
Before loading a patch, the system must resolve the patch package, check the
validity of the patch files in the patch package, and obtain the attributes such as
the patch type and version of the patch file.
Precautions
The patch file cannot be reloaded. When you reload a patch, the system displays
an error message.
Example
# Load the patches to the patch area of the device and run the patches directly.
<HUAWEI> patch load patch.pat all run
3.7.10 pki-load houp-certificate
Function
The pki-load houp-certificate command loads a certificate to the
defaultPolicy_houp domain.
Format
pki-load houp-certificate
Parameters
None
Views
System view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command is used to load the local certificate from the preset certificates or
system software package to the defaultPolicy_houp domain to implement the
two-way authentication function of the HOUP.
Example
# Load a certificate to the defaultPolicy_houp domain.
[HUAWEI] pki-load houp-certificate
3.7.11 upgrade version check
Function
The upgrade version check command checks whether the upgrade assistant
package is available before a device upgrade.
NOTE
Only the AP5030DN, AP5130DN, AP4030DN, AP4130DN, AP5030DN-S, AP3030DN,

AP9131DN, AP9132DN, AP4030DN-E, and AP3010DN-V2 support this command.
Format
upgrade version check
Parameters
None
Views
System view
Default Level
3: Management level
Usage Guidelines
Before you upgrade a fat AP or fit AP (not by the AC), run this command to check
whether the upgrade assistant package is available. You can upgrade a fat AP or
fit AP using the available upgrade assistant package.

Fat AP and Cloud AP
NOTE
If the upgrade assistant package is not available, contact technical support personnel and
update the upgrade assistant package under their guidance.
Example
# Check whether the upgrade assistant package is available.
[HUAWEI] upgrade version check
Info: Upgrade version check ok.
3.7.12 upgrade version ftp

Function
The upgrade version ftp command connects an AP to an FTP server to download
the upgrade assistant package for AP software version upgrade.
Format
upgrade version ftp filename server-ip-address user-name password [ port ]
[ signature signature-name ]
Parameters

the upgrade assistant to 127 characters with
package on an FTP no space but the file
server. name suffix contained.

of an FTP server. decimal notation.

number of an FTP server. that ranges from 0 to
is 21.

server. space.
server.

Fat AP and Cloud AP

used to log in to an FTP to 128 characters with
server. no space.
as password for the
server.
signature signature- Checks the validity of the The value is a string of 1

name digital signature file of to 63 characters with no
the system software. space but the file name
extension .asc contained.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To use the FTP server to upgrade a Fat AP to a Fat AP of another version, run the
upgrade version check command to check whether the upgrade assistant
package is successfully loaded. If so, run the upgrade version ftp command to
upgrade the AP.
Due to low security of the FTP mode, the SFTP mode (upgrade version sftp) is
recommended.
Prerequisites
The upgrade assistant package has been uploaded to the FTP server.
It has been confirmed that the upgrade assistant package can be used by running
the upgrade version check command.
NOTE
You need to run the command to check whether the upgrade assistant package can be
used for the AP5030DN, AP5130DN, AP4030DN, AP4130DN, AP5030DN-S, AP3030DN,
AP9131DN, AP9132DN, AP4030DN-E, and AP3010DN-V2.
Example
# Upgrade the AP version using the FTP server (192.168.1.1).

Fat AP and Cloud AP
[HUAWEI] upgrade version ftp AP1_V200R019C00.bin 192.168.1.1 admin admin
3.7.13 upgrade version sftp

Function
The upgrade version sftp command connects an AP to an SFTP server to
download the upgrade assistant package for AP software version upgrade.
NOTE
The AP2051DN, AP2051DN-S, AP2051DN-E, AP5050DN-S, AP2050DN, AP2050DN-S, AP2050DN-

E, AP4050DN-HD, AP4050DN-E, AP7050DN-E, AP7050DE, AP6050DN, AP6150DN, AP4030TN,
AD9430DN-12, AD9430DN-24, AP8030DN, AP8050DN, AP8150DN, AP8050DN-S, AP4050DN,
AP4051DN, AP4151DN, AP4050DN-S, AP4051DN-S, AP4051TN, AP6052DN, AP7052DN,
AP7152DN, AP7052DE, AP8050TN-HD, AP8082DN, AP8182DN, AP1050DN-S, AD9431DN-24X,
AP8130DN, AP4050DE-M, AP4050DE-M-S, AP4050DE-B-S, AP3050DE, AP7060DN, AP2051DN-L-
S, AP5510-W-GP, AP6750-10T, AirEngine 5760-10, and AP9130DN support this command.
Format
upgrade version sftp filename server-ip-address user-name password [ port ]
[ signature signature-name ]
Parameters

the upgrade assistant to 127 characters with
package on an SFTP no space but the file
server. name suffix contained.

of an SFTP server. decimal notation.

number of an SFTP that ranges from 0 to
server. 65535. The default value
is 22.

server. space.
server.

Fat AP and Cloud AP

used to log in to an SFTP to 128 characters with
server. no space.
as password for the
server.
signature signature- Checks the validity of the The value is a string of 1

name digital signature file of to 63 characters with no
the system software. space but the file name
extension .asc contained.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To use the SFTP server to upgrade a Fat AP to a Fat AP of another version, run the
upgrade version check command to check whether the upgrade assistant
package is successfully loaded. If so, run the upgrade version sftp command to
upgrade the AP.
Prerequisites
The upgrade assistant package has been uploaded to the SFTP server.
It has been confirmed that the upgrade assistant package can be used by running
the upgrade version check command.
NOTE
You need to run the command to check whether the upgrade assistant package can be
used for the AP5030DN, AP5130DN, AP4030DN, AP4130DN, AP5030DN-S, AP3030DN,
AP9131DN, AP9132DN, AP4030DN-E, and AP3010DN-V2.
Example
# Upgrade the AP version using the SFTP server (192.168.1.1).
[HUAWEI] upgrade version sftp AP1_V200R019C00.bin 192.168.1.1 admin admin

Fat AP and Cloud AP
3.8 HTTP Server Commands
3.8.1 display http server

Function
The display http server command displays information about the current HTTP
server.
Format
display http server
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can view the HTTP server information, including the status of common and
security HTTP services, port number, maximum number of users allowed to access
the HTTP server, and number of current online users.
Example
# Display information about the current HTTP server.
<HUAWEI> display http server
HTTP server status : Enabled (default: enable)
HTTP server port : 80 (default: 80)
HTTP timeout interval : 10 (default: 10 minutes)
Current online users :0
Maximum users allowed :1
HTTPS server status : Enabled (default: enable)
HTTPS server port : 443 (default: 443)
HTTPS SSL Policy : default fit-ap server policy
Web package : web.7z (default)
HTTP server permit interface :

Fat AP and Cloud AP
Table 3-47 Description of the display http server command output

Item Description
HTTP server status Status of the common HTTP server.

● Enabled: The HTTP service is enabled.
● Disabled: The HTTP service is disabled.
To configure this parameter, run the http
server enable command.
HTTP server port Number of the listening port on the HTTP

server. The default port number is 80.
server port command.
HTTP timeout interval Idle timeout duration of the HTTP server.

The default value is 10 minutes.
timeout command.
Current online users Number of current online users.
Maximum users allowed Maximum number of users allowed to

access the HTTP server.
HTTPS server status Status of the security HTTP server.

● Enabled: The security HTTP service is
enabled.
● Disabled: The security HTTP service is
disabled.
secure-server enable command.
By default, the security HTTP service is
enabled.
HTTPS server port Port number of the security HTTP server.

The default value is 443.
secure-server port command.
HTTPS SSL Policy security HTTP SSL policy.

You can configure the security HTTP SSL
policy by running the ssl policy command.
Web package Web page file in use.

server load command.
HTTP server permit interface Interface through which users can access
the web system.
To configure this parameter, run http
server permit interface command.

Fat AP and Cloud AP
3.8.2 display http user

Function
The display http user command displays information about current online HTTP
users.
Format
display http user [ username username ]
Parameters
username Specifies the name of a The value is a string of 1 to 64

username current online HTTP user. case-sensitive characters, with no
space or wildcard.
Views
All views
Default Level
3: Management level
Usage Guidelines
If username is not specified, this command displays brief information about all
current online HTTP users.
If username is specified, this command displays detailed information about the
specified current online HTTP user.
Example
# Display brief information about all current online HTTP users.
<HUAWEI> display http user
---------------------------------------------------------------------------
User Name IP Address Login Date
---------------------------------------------------------------------------
admin 192.168.0.1 2011-10-13 11:11:12+00:00
---------------------------------------------------------------------------
Total online users is 1
# Display detailed information about the online HTTP user admin.

<HUAWEI> display http user username admin
Client IP Address : 192.168.0.1
Login Date : 2011-10-13 11:11:12+00:00
User timeouts : 3 minutes

Fat AP and Cloud AP
Table 3-48 Description of the display http user command output
Item Description
User Name User name.
Client IP Address/IP Address IP address of the HTTP client.
Login Date Login date and time of the HTTP user.
User timeouts Timeout duration of the online HTTP user.
3.8.3 http acl

Function
The http acl command configures an ACL number for the HTTP server.
The undo http acl command deletes the ACL number for the HTTP server.
By default, no ACL number is configured for the HTTP server.
Format
http acl acl-number
undo http acl
Parameters
acl-number Specifies the ACL number. The value is an integer that ranges from
2000 to 2999.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To ensure the security of an HTTP server, you need to configure an ACL for it to
specify clients that can log in to the current HTTP server.
Precautions
● The HTTP supports the ACL whose number ranges from 2000 to 2999.

Fat AP and Cloud AP
● The http acl command takes effect only after you run the rule command to
configure the ACL rule.
● After an ACL rule is modified, the HTTP server does not forcibly log out an
online user who matches the ACL rule until the user sends the next login
request.
● If the http acl command is configured several times, only the latest
Example
# Set the ACL number to 2000 for the HTTP server.
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule 1 permit source any
[HUAWEI] http acl 2000
3.8.4 http get

Function
The http get command detects whether the URL server is reachable.
Format
http get [ -a source-ip-address | -c count | -t timeout | -v http-version ] * url url
Parameters
-a source-ip- Specifies the source IP address of The value is in dotted

address outgoing HTTP request packets. decimal notation.
If this parameter is not specified, the
IP address of the outbound interface is
used as the source IP address of
outgoing HTTP request packets.
-c count Specifies the transmission count of The value is an integer

HTTP request packets. ranging from 1 to 100.
If the network works unstably, increase
the transmission count to detect
network quality based on the packet
loss ratio.

Fat AP and Cloud AP
-t timeout Specifies the timeout interval for an The value is an integer

HTTP response packet. that ranges from 1 to
65535, in milliseconds.
The http get command sends an The default value is
HTTP request packet to an address 5000 ms.
and waits for a response. If the
response is received within the timeout
interval, the destination is reachable. If
no response is received within the
timeout interval, the sender displays a
message indicating that the request
packet times out.
A response is received within 1 to 10
seconds after an HTTP request packet
is sent. If the transmission speed is
low, properly prolong the timeout
interval.
-v http-version Specifies the HTTP version number. The HTTP version

number is 1.0 or 1.1.
The default value is 1.0.
url url Specifies the destination URL. The value is a string of

1 to 256 characters.
Views
System view
Default Level
Usage Guidelines
The http get command detects whether the URL server is reachable. You can use
HTTP request packets to detect the following items:
● Whether the HTTP service is enabled on the URL server
● Round-trip delay in communication
● Packet loss
Example
# Check whether the HTTP service is enabled on the URL server with the URL of
http://www.example.com, and set the source IP address of outgoing HTTP packets
to 10.137.147.142, the transmission count to 5, the period for waiting for a
response packet to 100 ms, and the HTTP version number to 1.1.

Fat AP and Cloud AP
[HUAWEI] http get -a 10.137.147.142 -c 5 -t 100 -v 1.1 url http://www.example.com

Http getting http://www.example.com[10.82.55.199]:
1:packets interaction time 90 ms,the link reachable

--http get result statistics--
Http Get 5 time(s),succeed 5 time(s),failed 0 time(s).
round-trip min/avg/max = 90/96/100 ms
Table 3-49 Description of the http get command output

Item Description
Http getting x.x.x URL and IP address of the URL server.
x:packets interaction Response to each HTTP packet.

time x ms,the link ● Round-trip delay in communication
reachable
● Link reachability
If no response packet is received after the timeout
period, the message "Connect times out" is displayed.
http get result HTTP test statistics:

statistics ● Http Get x time(s): number of outgoing HTTP packets
● succeed x time(s): number of HTTP request packets of
which corresponding HTTP response packets are
received
● failed x time(s): number of HTTP request packets of
which corresponding HTTP response packets fail to be
received
● round-trip min/avg/max: minimum, average, and
maximum round-trip delay
3.8.5 http server enable

Function
The http server enable command enables the HTTP server.
The undo http server enable command disables the HTTP server.
By default, the HTTP server is enabled.
Format
http server enable
undo http server enable
Parameters
None

Fat AP and Cloud AP
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
After running the http server enable command to enable the HTTP server, you
can use the browser to access the web NMS to manage devices.
If the web page to load does not exist, the HTTP service cannot be enabled.
Precautions
After you run the http server enable command, HTTP and HTTPS services are
both enabled. If you log in to the web platform using HTTP, the user name and
password are encrypted and transmitted through the HTTPS protocol. After user
authentication is completed, data is still transmitted using the HTTP protocol.
After you run the undo http server enable command, you disable only the HTTP
server function but not the HTTPS server function.
Example
# Enable the HTTP server.
[HUAWEI] http server enable
3.8.6 http server load
Function
The http server load command loads a web file.
The undo http server load command cancels loading of a specified web page file.
By default, the system loads the default web file contained in the system software
when the HTTP or HTTPS service is enabled.
Format
http server load file-name
undo http server load

Fat AP and Cloud AP
Parameters
file-name Specifies the name of The value is a string of 5

the web file to load. to 64 characters without
spaces. The file name is
in the *.7z format.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If you need to manage and maintain devices on the graphical user interface (GUI),
configure the Web network management function. When you need to update web
file when using the Web network management function, run this command to
load web file.
Prerequisites
Before loading the web file using the http server load command, ensure that the
web file has been stored to the device; otherwise, file loading will fail.
Example
# Load the web file web_1.7z.
[HUAWEI] http server load web_1.7z
3.8.7 http server permit interface

Function
The http server permit interface command configures interfaces through which
users can access the web platform.
The undo http server permit interface command restores the default interfaces
through which users can access the web platform.
By default, users can access the web platform through all physical interfaces, and
radio interfaces.
Format
http server permit interface { interface-type interface-number } &<1-5>

Fat AP and Cloud AP
undo http server permit interface
Parameters

interface-number
interface-number specifies the number of an
interface. interface-number and interface-type
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To prevent unauthorized users from accessing the web platform through interfaces
on the device, run the http server permit interface command to configure
interfaces through which users can access the web platform.
Precautions
● By default, no interface is configured. Users can access the web platform
through all physical interfaces, and radio interfaces. Once a physical interface,
or a radio interface is specified, users can only access the web platform
through the specified interface.
Example
# Configure the interfaces through which users can access the web platform.
[HUAWEI] http server permit interface gigabitethernet 0/0/1
# Delete the configured interface and restore the default interfaces through which
users can access the web platform.
[HUAWEI] undo http server permit interface
3.8.8 http server port

Function
The http server port command sets the listening port number of the HTTP server.
The undo http server port command restores the default listening port number
of the HTTP server.

Fat AP and Cloud AP
By default, the listening port number of the HTTP server is 80.
Format
http server port port-number
undo http server port
Parameters
port-number Specifies the listening port The value is 80, or an integer that
number of the HTTP server. ranges from 1025 to 55535. The
default value is 80.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
By default, the listening port number of the security HTTP server is 80. Attackers
may frequently access the default listening port, which wastes bandwidth,
deteriorates server performance, and prevents authorized users from accessing the
HTTP server through the listening port. You can run the http server port
command to specify another listening port number to prevent attackers from
accessing the listening port.
Precautions
If the http server port command is configured several times, only the latest
Example
# Set the listening port number of the HTTP server to 1025.
[HUAWEI] http server port 1025
3.8.9 http timeout

Function
The http timeout command sets the idle timeout duration of the HTTP server.
The undo http timeout command restores the default idle timeout duration of
the HTTP server.

Fat AP and Cloud AP
By default, the idle timeout duration of the HTTP server is 10 minutes.
Format
http timeout timeout
undo http timeout
Parameters

timeout Specifies the idle timeout duration The value is an integer that
of the HTTP server for online ranges from 1 to 35791, in
users. minutes.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
A maximum of five web users are supported at present. When the fifth web user
logs in to the HTTP server, any other user cannot log in to the HTTP server even if
any of the five users does not perform operations for a long time. The idle timeout
duration is configured to release web resources in time. To occupy web channels
for a long time, you must set the idle timeout duration to the maximum value.
Precautions
● After you run the http timeout command, the idle timeout durations are the
same for all web users who log in to the HTTP server. If the idle timeout
duration expires, a user is disconnected from the HTTP server and the HTTP
server notifies the user only after the user sends the next login request.
● If the http timeout command is configured several times, only the latest
Example
# Set the idle timeout duration of the HTTP server to 6 minutes.
[HUAWEI] http timeout 6

Fat AP and Cloud AP 4 Cloud-based Management Configuration
Command Reference Commands
4 Cloud-based Management Configuration

Commands
About This Chapter
4.1 cloud-mng controller

4.2 cloud-mng register-center disable
4.3 display alarm active-to-cloud
4.4 display alarm active-to-cloud sync-record
4.5 display cloud-mng info
4.6 display cloud-mng execute-cli-list
4.7 display cloud-mng register-center status
4.8 display offline roll-back-config
4.9 display offline self-healing-reset configuration
4.10 management-vlan (WAN view)
4.11 offline roll-back interval
4.12 offline roll-back-certificate disable
4.13 offline save-online-config interval
4.14 offline self-healing-reset disable
4.15 offline self-healing-reset timeout
4.16 interface wan0
4.17 ip-address (WAN view)
4.18 dns-server (WAN view)
4.19 dhcp-client enable
4.20 pppoe-client (Cloud AP)

4.21 temporary-management psk (Cloud Central AP)

4.22 temporary-management psk (Cloud AP)
4.1 cloud-mng controller
Function
The cloud-mng controller command configures an IP address or URL for the SDN
controller on a device.
The undo cloud-mng controller command deletes the IP address or URL of the
SDN controller from a device.
By default, no IP address or URL is configured for the SDN controller on a device.
Format
cloud-mng controller { url url-string | ip-address ip-address } port port-number
undo cloud-mng controller
Parameters
url url-string Specifies the URL of the SDN The value is a string of 3 to
controller. Set this parameter 128 case-sensitive characters.
to the domain name To set this parameter to a
corresponding to southbound space or continuous spaces,
service IP address of the SDN enclose the value with double
controller. quotation masks (").
ip-address ip- Specifies the IPv4 address of The value is in dotted decimal
address the SDN controller. Set this notation.
parameter to the southbound
service IP address of the SDN
controller.
port port- Specifies the port number of The value is an integer that
number the SDN controller. ranges from 0 to 65535. In
most cases, the port number
of the SDN controller is
10020.
Views
System view

Default Level
3: Management level
Usage Guidelines
Usage Scenario
After a device is switched to the cloud mode, it needs to register with the SDN
controller for authentication. Before registration authentication, the device needs
to use the IP address of the SDN controller to communicate with it. The device can
use DHCP to obtain the IP address of the SDN controller. You can also run the
cloud-mng controller command to configure an IP address for the SDN
controller.
Precautions
● If the device obtains the IP address of the SDN controller using DHCP and this
command is also run, the IP address obtained using DHCP is preferentially
used.
● If a URL is configured, the device uses the resolved IP address to register with
the SDN controller.
Example
# On a device, configure an IP address and a port number for the SDN controller.
[HUAWEI] cloud-mng controller ip-address 10.1.1.1 port 10020
4.2 cloud-mng register-center disable
Function
The cloud-mng register-center disable command disables the device from
proactively querying the registration center.
The undo cloud-mng register-center disable command enables the device to

proactively query the registration center.
By default, the device working in cloud mode proactively sends query packets to
the registration center.
Format
cloud-mng register-center disable
undo cloud-mng register-center disable
Parameters
None

Views
System view
Default Level
3: Management level
Usage Guidelines
In cloud mode, the device sends query packets to the registration center by default
to obtain plug-and-play information such as the IP address and port number of
the SDN controller. If the plug-and-play function through the registration center is
not needed, run the cloud-mng register-center disable command to disable the
device from proactively querying the registration center.
Example
# Disable the device from proactively querying the registration center.
[HUAWEI] cloud-mng register-center disable
4.3 display alarm active-to-cloud

Function
The display alarm active-to-cloud command displays active alarms reported to
the SDN controller.
NOTE
Only cloud APs support this command.
Format
display alarm active-to-cloud [ esn esn-value ]
Parameters
esn esn-value Specifies the ESN of the central AP or The value is a string of 1
an RU managed by the central AP. to 31 characters.
Only cloud central APs support this
parameter.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
The display alarm active-to-cloud command displays active alarms reported to
the SDN controller.
For a cloud central AP:
● If the parameter esn is specified, alarms on the specified device are displayed.
● If the parameter esn is not specified, alarms on the central AP and all its
managed RUs are displayed.
Example
# Display active alarms reported to the SDN controller on the cloud central AP.
<HUAWEI> display alarm active-to-cloud
perceived-severity:
Indeterminate 2
Minor 3
Warning 4
Major 5
Critical 6
------------------------------------------------------------------------------------------------------------------------------
------
ESN:210235396810J2000001
Active alarm information:
------------------------------------------------------------------------------------------------------------------------------
------
resource : oid=1.3.6.1.4.1.2011.6.139.16.1.1.1.2 index=[58.f9.87.5f.9c.60 (hex)]_0
alarm-type-id : equipmentAlarm
alarm-type-qualifier: hwRadioSignalEnvDeteriorationTrap
alt-resource : 0xfff32006
event-time : 2019-06-24T15:31:22Z
perceived-severity : 3
alarm-text : Jun 24 2019 15:31:22.0.1+00:00 AirEngine9700S-S-55.201 WLAN/4/
RADIO_ENV_DETERIORATE:Slot=65535;OID 1.3.6.1.4.1
.2011.6.139.16.1.1.1.2 Radio signal environment deteriorates. (APMAC=[58.f9.87.5f.9c.60 (hex)],RadioID=0,
APName=58f9-875f-9c60, PER
=0%, ConflictRate=0%, APID=1, NoiseFloor=0dBm, Reason=BadChannel, BadChannel=11)
------------------------------------------------------------------------------------------------------------------------------
------
# Display active alarms reported to the SDN controller on a common cloud AP.
<HUAWEI> display alarm active-to-cloud
perceived-severity:
Indeterminate 2
Minor 3
Warning 4
Major 5
Critical 6
------------------------------------------------------------------------------------------------------------------------------
------
Active alarm information:
------------------------------------------------------------------------------------------------------------------------------
------
resource : oid=1.3.6.1.6.3.1.1.5.3 index=[58.f9.87.5f.9b.40 (hex)]_0
alarm-type-id : equipmentAlarm
alarm-type-qualifier: linkDown
alt-resource : 0xcff02001
event-time : 2019-04-12T01:31:25Z
perceived-severity : 4

alarm-text : Apr 12 2019 01:31:25.840.1+08:00 Huawei IFNET/1/IF_LINKDOWN:OID 1.3.6.1.6.3.1.1.5.3

Interface 3 turned into DO
WN state.(AdminStatus=1,OperStatus=2,InterfaceName=GigabitEthernet0/0/0)
------------------------------------------------------------------------------------------------------------------------------
------
Table 4-1 Description of the display alarm active-to-cloud command output

Item Description
resource ID of the instance that triggers an

alarm.
● oid: Alarm ID.
● index: Index used to match an
alarm.
alarm-type-id Alarm type.
alarm-type-qualifier Alarm summary.
alt-resource Flag indicating whether an alarm is

generated or cleared.
event-time Time when an alarm is generated.
perceived-severity Alarm severity.

● 2: Indeterminate
● 3: Minor
● 4: Warning
● 5: Major
● 6: Critical
alarm-text Alarm description.
4.4 display alarm active-to-cloud sync-record

Function
The display alarm active-to-cloud sync-record command displays the records of
active alarm synchronization between the device and SDN controller.
NOTE
Format
display alarm active-to-cloud sync-record
Parameters
None

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display alarm active-to-cloud sync-record command displays the records of
active alarm synchronization between the device and SDN controller.
You can run this command to check the latest three records of active alarm
synchronization on each device based on the ESN.
Example
# Display the records of active alarm synchronization between the device and SDN
controller.
<HUAWEI> display alarm active-to-cloud sync-record
Alarm sync record between device and controller:
Time Esn Result
2019-04-19 10:15:48 21500829222SGC900060 Success

2019-04-19 10:04:07 21500829222SGC900060 Success
2019-04-18 19:55:25 21500829222SGC900060 Success
2019-04-18 19:40:46 2102350KGF10G2000019 Success
Table 4-2 Description of the display alarm active-to-cloud sync-record

command output
Item Description
Time Time when the alarm is synchronized.
Esn ESN of the device where the alarm is

generated.
Result Alarm synchronization result.
4.5 display cloud-mng info

Function
The display cloud-mng info command displays the configuration of the SDN
controller.
Format
display cloud-mng info

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
you can run this command to view the IP address, port number, device online
status, and device online mode of the SDN controller.
Example
# Display the configuration of the SDN controller in the user view.
<HUAWEI> display cloud-mng info
------------------------------------------------------------
AP status : Online
Controller URL : -
Controller IP address : 10.1.1.1
Controller port : 10020
Controller address source: configuration
------------------------------------------------------------
Table 4-3 Description of the display cloud-mng info command output

Item Description
AP status Whether the current device has gone

online:
● Offline: The device fails to go
online.
● Online: The device goes online
successfully.
Controller URL URL of the SDN controller.
Controller IP address IP address of the SDN controller.
Controller port Port number of the SDN controller.

Item Description
Controller address source Mode of obtaining the SDN controller

address:
● configuration: configured through
the CLI.
● DHCP: delivered through a DHCP
option.
● register center: delivered by the
registration center.
● controller: delivered by the
controller.
● default: preset by the system.
4.6 display cloud-mng execute-cli-list

Function
The display cloud-mng execute-cli-list command displays the configuration
delivered by the SDN controller on the device.
Format
display cloud-mng execute-cli-list
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view the configuration delivered by the SDN
controller on the device.
Example
# Display the configuration delivered by the SDN controller on the device in the
user view.
<HUAWEI> display cloud-mng execute-cli-list
#

set cpu-usage threshold 50 restore 30

return
4.7 display cloud-mng register-center status

Function
The display cloud-mng register-center status command displays the status of
the registration center.
RUs do not support this command.
Format
display cloud-mng register-center status
Parameters
None
Views
All views
Default Level
Usage Guidelines
You can run this command to view the address, port, and status of the registration
center.
Example
# Display the status of the registration center in the user view.
<HUAWEI> display cloud-mng register-center status
------------------------------------------------------------------
Register center URL : register.naas.huawei.com

Register center IP : -
Register center port: 10020
Current status : sleeping
------------------------------------------------------------------
Table 4-4 Description of the display cloud-mng register-center status command

output
Item Description
Register center URL URL of the registration center.
Register center IP IP address of the registration center.

Item Description
Register center port Port number of the registration center.
Current status Current status of the query to the

registration center.
● disabled: The function of querying
the registration center is disabled.
● success: The query succeeds.
● connecting: querying.
● sleeping: sleeping.
4.8 display offline roll-back-config

Function
The display offline roll-back-config command displays the configuration for the
offline self-healing function of a cloud AP.
NOTE
Format
display offline roll-back-config
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The offline self-healing function of a cloud AP can prevent the AP from going
offline due to misconfigurations. The mechanism is as follows:
1. When a cloud AP stays online for a specified period of time (10 minutes by
default, which can be configured using the offline save-online-config
interval command), the cloud AP automatically saves the WAN configuration
and certificate.
2. When the cloud AP is offline for a certain period of time (10 minutes by
default, which can be configured using the offline roll-back interval

command), the AP rolls back to the saved WAN configuration and certificate
and attempts to go online again.
3. If you have applied for a CA certificate for the cloud AP, run the offline roll-
back-certificate disable command to disable certificate rollback. Upon
offline self-healing, the cloud AP continues to use the user-defined certificate
to perform two-way authentication with SDN controller.
4. To check the offline self-healing configuration, run the display offline roll-
back-config command.
Example
# Display the configuration for the offline self-healing function for a cloud AP.
Table 4-5 Description of the display offline roll-back-config command output
Item Description
Save-online-config interval Interval between the time when a

cloud AP goes online and the time
when the AP automatically saves its
configuration.
To configure this parameter, run the
offline save-online-config interval
command.
Roll-back interval Interval between the time when a

cloud AP goes offline and the time
when the AP rolls back its
configuration.
offline roll-back interval command.
Roll-back-certificate switch Whether to roll back the certificate

when the AP rolls back its
configuration.
offline roll-back-certificate disable
command.
4.9 display offline self-healing-reset configuration

Function
The display offline self-healing-reset configuration command displays the
configuration for the self-healing function for an offline AP.
Format
display offline self-healing-reset configuration

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display offline self-healing-reset configuration command displays the
configuration for the self-healing function for an offline AP.
Example
# Display the configuration for the self-healing function for an offline AP.
Table 4-6 Description of the display offline self-healing-reset configuration

command output
Item Description
Switch Whether the self-healing function for

an offline AP is enabled.
offline self-healing-reset disable
command.
Timeout(hours) Time threshold of self-healing for an

offline AP.
offline self-healing-reset timeout
command.
4.10 management-vlan (WAN view)

Function
The management-vlan command configures a management VLAN for a cloud AP.
The undo management-vlan command restores the management VLAN of a

cloud AP to VLAN 1.
By default, the management VLAN of a cloud AP is VLAN 1.

Format
management-vlan vlan-id
undo management-vlan
Parameters
vlan-id Specifies the ID of a The value is an integer that

management VLAN. ranges from 1 to 4094.
Views
WAN view
Default Level
Usage Guidelines
Usage Scenario
After a cloud AP goes online, its management VLAN is uniformly changed by the
SDN controller. If the cloud AP fails to go online or is not managed by the SDN
controller, you can run this command to change its management VLAN. Create a
VLAN before changing the management VLAN of a cloud AP.
Example
# Configure VLAN 100 as the management VLAN of a cloud AP.
[HUAWEI] interface wan0
[HUAWEI-WAN] management-vlan 100
4.11 offline roll-back interval

Function
The offline roll-back interval command sets the interval between the time when
a cloud AP goes offline and the time when the AP rolls back its configuration.
The undo offline roll-back interval command restores the default interval for a
cloud AP to roll back its configuration after it goes offline.
By default, a cloud AP rolls back its configuration 10 minutes later after it goes
offline.
NOTE

Format
offline roll-back interval interval
undo offline roll-back interval
Parameters
interval Specifies the interval between the The value is 0 or an integer

time when a cloud AP goes offline that ranges from 10 to 2880.
and the time when the AP rolls The value 0 indicates that the
back its configuration, in minutes. offline self-healing function is
disabled.
Views
System view
Default Level
Usage Guidelines
and certificate.
Example
# Set the interval between the time when a cloud AP goes offline and the time
when the AP rolls back its configuration to 15 minutes.

4.12 offline roll-back-certificate disable

Function
The offline roll-back-certificate disable command disables a cloud AP from
rolling back its certificate during offline self-healing.
The undo offline roll-back-certificate disable command enables a cloud AP to

roll back its certificate during offline self-healing.
By default, a cloud AP rolls back its certificate during offline self-healing.
NOTE
Format
offline roll-back-certificate disable
undo offline roll-back-certificate disable
Parameters
None
Views
System view
Default Level
Usage Guidelines
and certificate.

Example
# Disable a cloud AP from rolling back its certificate during offline self-healing.
4.13 offline save-online-config interval

Function
The offline save-online-config interval command sets the interval between the
time when a cloud AP goes online and the time when the AP automatically saves
its configuration.
The undo offline save-online-config interval command restores the default

interval between the time when a cloud AP goes online and the time when the AP
automatically saves its configuration.
By default, a cloud AP automatically saves its configuration 10 minutes later after

it goes online.
NOTE
Format
offline save-online-config interval interval
undo offline save-online-config interval
Parameters
interval Specifies the interval between the time The value is an integer
when a cloud AP goes online and the time that ranges from 10 to
when the AP automatically saves its 600.
Views
System view
Default Level

Usage Guidelines
and certificate.
Example
# Set the interval between the time when a cloud AP goes online and the time
when the AP automatically saves its configuration to 15 minutes.
4.14 offline self-healing-reset disable

Function
The offline self-healing-reset disable command disables the self-healing
function for an offline AP.
The undo offline self-healing-reset disable command enables the self-healing

function for an offline AP.
By default, the self-healing function is enabled for an offline AP.
NOTE
Format
offline self-healing-reset disable
undo offline self-healing-reset disable
Parameters
None

Views
System view
Default Level
3: Management level
Usage Guidelines
By default, after a cloud AP is offline from SDN controller for 24 hours, the AP will
self-heal and restart for fault recovery if no STA or administrator user is connected
to it.
To adjust the time threshold, run the offline self-healing-reset timeout

command. To disable this function, run the offline self-healing-reset disable
command.
Example
# Disable the self-healing function for an offline AP.
[HUAWEI] offline self-healing-reset disable
After reset for self-healing is disabled, if the device is offline for more than
24 hours, the device will not restart for self-healing. Continue? [Y/N]: y
4.15 offline self-healing-reset timeout

Function
The offline self-healing-reset timeout command configures the time threshold
for self-healing upon disconnection of a cloud AP.
The undo offline self-healing-reset timeout command restores the default time
threshold for self-healing upon disconnection of a cloud AP.
The default time threshold for self-healing upon disconnection of a cloud AP is 24

hours.
NOTE
Format
offline self-healing-reset timeout time
undo offline self-healing-reset timeout

Parameters
time Specifies the time threshold for The value is an integer ranging
self-healing upon disconnection, from 6 to 168. The default value
in hours. is 24.
Views
System view
Default Level
3: Management level
Usage Guidelines
By default, after a cloud AP is offline from SDN controller for 24 hours, the AP will
self-heal and restart for fault recovery if no STA or administrator user is connected
to it.
To adjust the time threshold, run the offline self-healing-reset timeout

command. To disable this function, run the offline self-healing-reset disable
command.
Example
# Set the time threshold for self-healing upon disconnection to 10 hours.
[HUAWEI] offline self-healing-reset timeout 10
Succeeded in setting the timeout period for an AP reset triggered by self-healing to 10 hours.
4.16 interface wan0

Function
The interface wan0 command switches from the system view to the WAN view.
Format
interface wan0
Parameters
None
Views
System view

Default Level
Usage Guidelines
To perform deployment configurations for a cloud AP, run this command to enter
the WAN view.
Example
# Display the WAN view.
[HUAWEI-WAN]
4.17 ip-address (WAN view)
Function
The ip address command configures the IP address, subnet mask, and default
gateway address for a cloud AP's management VLANIF interface.
The undo ip address command deletes the IP address, subnet mask, and default
gateway address of a cloud AP's management VLANIF interface.
By default, no IP address, subnet mask, or default gateway address is configured
for a cloud AP's management VLANIF interface.
Format
ip address ip-address { mask-length | mask } [ gateway gateway ]
undo ip-address
Parameters
ip-address Specifies a static IPv4 address of The value is in dotted

a cloud AP. decimal notation.
mask Specifies the IPv4 mask of a The value is in dotted

cloud AP. decimal notation.
mask-length Specifies the IPv4 mask length The value is an integer that
of a cloud AP. ranges from 0 to 32.
gateway gateway Specifies the egress gateway The value is in dotted

address of a cloud AP. decimal notation.

Views
WAN view
Default Level
Usage Guidelines
Usage Scenario
You can configure an IP address for a cloud AP's management VLANIF interface to
enable the cloud AP to communicate with the SDN controller. If the dhcp-client
enable command is also executed, the new configuration takes effect.
Example
# Set IPv4 address of a cloud AP's management VLANIF interface to
192.168.1.123/24 and the gateway address to 192.168.1.254.
[HUAWEI-WAN] ip address 192.168.1.123 255.255.255.0 gateway 192.168.1.254
4.18 dns-server (WAN view)

Function
The dns server command configures an IP address for a DNS server.
The undo dns server command deletes the IP address of a DNS server.
By default, no IP address is configured for a DNS server.
Format
dns-server ip-address1 [ ip-address2 ]
undo dns-server ip-address1 [ ip-address2 ]
Parameters
ip-address1 Specifies the IP address The value is in dotted

of the primary DNS decimal notation.
server.
ip-address2 Specifies the IP address The value is in dotted

of the secondary DNS decimal notation.
server.

Views
WAN view
Default Level
Usage Guidelines
Usage Scenario
A cloud AP sends a request to the primary DNS server to apply for a domain
name. If the AP does not receive any response within a specified period of time, it
sends the request again. If there is still no response from the primary DNS server
after it sends the request for a specified number of times, the cloud AP sends the
request to the secondary DNS server.
Example
# Configure IP addresses of the primary and secondary DNS servers to
192.168.1.11 and 192.168.1.147, respectively.
[HUAWEI-WAN] dns-server 192.168.1.11 192.168.1.147
4.19 dhcp-client enable
Function
The dhcp-client enable command enables a cloud AP to automatically obtain an
IP address in the management VLAN.
The undo dhcp-client enable command disables a cloud AP from automatically
obtaining an IP address in the management VLAN.
By default, a cloud AP automatically obtains an IP address in management VLAN
1.
Format
dhcp-client enable
undo dhcp-client enable
Parameters
None
Views
WAN view

Default Level
Usage Guidelines
Usage Scenario
You can run this command to enable a cloud AP to automatically obtain an IP

address in the management VLAN. If an IP address has been configured using the
ip address command, the newly obtained IP address overrides the configured one.
Example
# Enable a cloud AP to automatically obtain an IP address in management VLAN
100.
[HUAWEI] management-vlan 100
[HUAWEI-WAN] dhcp-client enable
4.20 pppoe-client (Cloud AP)
Function
The pppoe-client command enables the PPPoE dialup function and configures
account information.
The undo pppoe-client command disables the PPPoE dialup function and deletes
PPPoE dialup account information.
By default, the PPPoE dialup function is disabled and no PPPoE dialup account
information is configured.
Format
pppoe-client username user-name password cipher password
undo pppoe-client
Parameters
username user- Specifies the PPPoE The value is a string of 1 to 64 case-

name dialup user name. sensitive characters without spaces.

password cipher Specifies the PPPoE The value is a sting of case-sensitive

password dialup user password characters that support spaces. It can
displayed in be either a plaintext string of 1 to 32
ciphertext. characters or a ciphertext string of 24
to 68 characters.
Views
WAN view
Default Level
Usage Guidelines
Usage Scenario
In a scenario where a cloud AP is deployed, you can run the pppoe-client

command to enable the PPPoE dialup function, and configure the user name and
password. The cloud AP then can connect to the Internet through PPPoE dialup
and register with the Agile Controller-Campus.
Precautions
Only one PPPoE dialup account can be configured.
Example
# Enable the PPPoE dialup function, and configure the user name test and
password test@123.
[HUAWEI-WAN] pppoe-client username test password cipher test@123
4.21 temporary-management psk (Cloud Central AP)

Function
The temporary-management psk command configures the password for an
offline management VAP.
The undo temporary-management psk command restores the default password

of an offline management VAP.
The default username and password are available in WLAN Default Usernames
and Passwords (Enterprise Network or Carrier). If you have not obtained the
access permission of the document, see Help on the website to find out how to
obtain it.

Format
temporary-management psk psk-value
undo temporary-management psk
Parameters
psk-value Specifies the password for an offline The value is a string

management VAP. of 48 to 108
characters in
ciphertext, or a
string of 8 to 63
ASCII characters or
64 hexadecimal
characters.
Views
AP system profile view
Default Level
Usage Guidelines
Usage Scenario
Using the default password of an offline management VAP poses security risks.
You can run the temporary-management psk command to change the default
password.
Example
# Configure the password for an offline management VAP as a1234567.
[HUAWEI] wlan
[HUAWEI] ap-system-profile name default
[HUAWEI-wlan-ap-system-prof-default] temporary-management psk a1234567
4.22 temporary-management psk (Cloud AP)

Function
The temporary-management psk command configures the password for an
offline management VAP.
The undo temporary-management psk command restores the default password
of an offline management VAP.

The default username and password are available in WLAN Default Usernames
and Passwords (Enterprise Network or Carrier). If you have not obtained the
access permission of the document, see Help on the website to find out how to
obtain it.
Format
temporary-management psk psk-value
undo temporary-management psk
Parameters
psk-value Specifies the password for an offline The value is a string

management VAP. of 48 to 108
characters in
ciphertext, or a
string of 8 to 63
ASCII characters or
64 hexadecimal
characters.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
Using the default password of an offline management VAP poses security risks.
You can run the temporary-management psk command to change the default
password.
Example
# Configure the password for an offline management VAP as a1234567.
[HUAWEI] wlan
[HUAWEI-wlan-view] temporary-management psk a1234567

Fat AP and Cloud AP
Command Reference 5 Device Management Commands
5 Device Management Commands
About This Chapter
5.1 Device Status Checking Commands

5.2 Hardware Configuration Commands
5.3 Energy-saving Configuration Commands
5.4 Fault Management Commands
5.5 Information Center Configuration Commands
5.6 NTP Configuration Commands
5.7 PoE Configuration Commands
5.1 Device Status Checking Commands
5.1.1 display cpu-usage

Function
The display cpu-usage command displays CPU usage statistics.
Format
display cpu-usage
Parameters
None
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
CPU usage is an important index to evaluate device performance. A high CPU
usage will cause service faults. You can use the display cpu-usage command to
view CPU usage to check whether devices are working properly.
Example
# Display the CPU usage on the device.
<HUAWEI> display cpu-usage
CPU Usage Stat. Cycle: 30 (Second)
CPU Usage: 2.4% Max: 90.2%
CPU Usage Stat. Time : 2014-01-08 05:29:48
CPU Usage Max. Time : 2014-01-07 15:26:41
Table 5-1 Description of the display cpu-usage command output

Item Description
CPU Usage Stat. Cycle Interval for collecting CPU usage

statistics. The default interval is 30
seconds.
CPU Usage Stat. Time Time when the latest CPU usage
statistics are collected.
CPU Usage Current CPU usage
Max Maximum CPU usage within 30

minutes.
CPU Usage Max. Time Time when the CPU usage reaches the
maximum.
5.1.2 display cpu-usage configuration
Function
The display cpu-usage configuration command displays CPU usage
configuration.
Format
display cpu-usage configuration
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command displays the alarm threshold and recovery threshold.
● When CPU usage reaches the alarm threshold, the system generates a CPU
usage alarm.
● When CPU usage falls within the recovery threshold, the system generates a
clear alarm.
Example
# Display CPU usage configuration of the main control board.
<HUAWEI> display cpu-usage configuration
The CPU usage monitor is turned on.
The current monitor cycle is 10 seconds.
The current monitor warning threshold is 80%.
The current monitor restore threshold is 75%.
Table 5-2 Description of the display cpu-usage configuration command output
Item Description
The CPU usage monitor Whether the function of the CPU

usage monitor is enabled or disabled.
The current monitor cycle Cycle for monitoring the CPU.
The current monitor warning threshold Alarm threshold. To set the CPU usage
alarm threshold, use the set cpu-
usage threshold threshold-value
command.
The current monitor restore threshold Alarm recovery threshold. To set the
CPU usage alarm recovery threshold,
use the set cpu-usage threshold
threshold-value restore restore-
threshold-value command.
5.1.3 display cpu-usage history

Function
The display cpu-usage history command displays historical CPU usages on a
device.

Fat AP and Cloud AP
Format
display cpu-usage history [ 24hour | 72hour ]
Parameters
24hour Displays the CPU usages on a device -

during the last 24 hours.
72hour Displays the CPU usages on a device -

during the last 72 hours.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
CPU usage is an important indicator to evaluate device performance. A high CPU
usage will cause service faults. You can use this command to view historical CPU
usages on a device, which help you local service faults.
This command displays CPU usages in the latest 8640 monitoring cycles. You can
run the set cpu-usage cycle command in the diagnostic view to set the CPU
usage monitoring cycle.
When the parameter [ 24hour | 72hour ] is not specified, the CPU usages during
the last 1 hour is displayed.
Example
# Display historical CPU usages.
<HUAWEI> display cpu-usage history
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
35%|
30%|
25%|
20%|

Fat AP and Cloud AP
15%|
10%| * *
5%|*** ******************************* ************************************************************************************
--------------------------------------------------------------------------------------------------------------------------
0 15 30 45 60
(minutes)
5.1.4 display diagnostic-information
Function
The display diagnostic-information command displays diagnostic information on
the device, or stores diagnostic information to a specified file.
Format
Common AP:
display diagnostic-information [ ap | sta mac-address sta-mac ] [ saved-file

[ file-name ] ]
Central AP:
display diagnostic-information [ central-ap | ap { mac-address ap-mac | ip-

address ap-ip-address | ap-name ap-name } | sta mac-address sta-mac | engine
{ av | engine | file-frame | gpm | ips | sa | update | url-filter ] [ saved-file [ file-
name ] ]
Parameters
central-ap Displays diagnostic information -

on Central AP.
ap Displays diagnostic information -

on AP.
sta Displays diagnostic information -

on STA.
saved-file Stores diagnostic information -

into a file.
file-name Specifies the name of the file The value is a string of 5

where diagnostic information is to 64 characters. The file
stored. name extension must
be .txt. The default
directory where files are
stored is flash:/.

Fat AP and Cloud AP
mac-address ap- Specifies the MAC address of an The value is in H-H-H

mac AP. format. An H is a
hexadecimal number of 4
digits.
ip-address ap-ip- Specifies the IPv4 address of an The value is in dotted

address AP. decimal notation.
ap-name ap-name Specifies an AP name. The AP name must exist.
mac-address sta- Specifies the MAC address of a The value is in H-H-H

mac STA. format. An H is a
digits.
engine Displays diagnostic information -

about the Next-Generation
Engine (NGE).
av Displays diagnostic information -

about the antivirus module.
engine Displays diagnostic information -

about the security engine.
file-frame Displays diagnostic information -

about the file frame.
gpm Displays diagnostic information -

about the general pattern
matching.
ips Displays diagnostic information -

about the intrusion prevention
system (IPS) module.
sa Displays diagnostic information -

about the service awareness
(SA) module.
update Displays diagnostic information -

about the upgrade module.
url-filter Displays diagnostic information -

about the URL filtering module.

Fat AP and Cloud AP
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When a fault occurs in the system, you can use the display diagnostic-
information command to collect diagnostic information for fault location.
The display diagnostic-information command output includes the output for

multiple display commands. Running the display diagnostic-information
command is like running these display commands in batches.
If the saved-file parameter is not specified, diagnostic information is only

displayed on the screen. If the saved-file parameter is specified, diagnostic
information is only stored into a specified file but not displayed on the screen.
If the saved-file parameter is specified but file-name is not, the system

automatically stores diagnostic information into the diagnostic-information.txt
file.
If you do not specify the parameters ap, and sta, the command displays diagnostic
information about all devices. If you specify a parameter (ap, or sta), the
command displays diagnostic information about the specified parameter.
Precautions
● If this command displays a long output, press Ctrl+C to abort this command.
● This command displays diagnostic information, which helps locate faults but
may affect system performance. For example, CPU usage may become high.
Therefore, do not use this command when the system is running properly.
● Running the display diagnostic-information command simultaneously on
multiple terminals connected to the device is prohibited. This is because CPU
usage of the device may obviously increase and the device performance may
be degraded.
● When you run this command, the device obtains or uses some personal data
of users, such as the STA MAC address. Delete the personal data immediately
after the command is executed to ensure user data security.
● The command output does not support split-screen display.
Example
# Display diagnostic information about the device.
<HUAWEI> display diagnostic-information
===================================================
===============display version===============
===================================================
......

Fat AP and Cloud AP
5.1.5 display elabel
Function
The display elabel command displays the electronic label of a device.
Format
display elabel [ slot-id ] [ brief ]
Parameters
slot-id Displays the electronic The value is an integer

label of the specified card. and must be set
If this parameter is not according to the device
specified, all electronic configuration.
labels of the device are
displayed.
brief Indicates that the -

electronic label of a card
does not include optical
module information.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Electronic labels identify information about hardware components of a device. You
can use the display elabel command to view electronic label information.
Example
# Display brief information about the electronic label of the card in slot 0.
<HUAWEI> display elabel 0 brief
It is executing, please wait...
[Slot_0]
/$[Board Integration Version]
/$BoardIntegrationVersion=3.0
[Main_Board]
/$[ArchivesInfo Version]

Fat AP and Cloud AP
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=AP5030DN
BarCode=210235419610CB000473
Item=02354196
Description=Assembling Components,AP5030DN,AP5030DN Mainframe(11ac,General AP In
door,3x3 Double Frequency,Built-in Antenna,No AC/DC adapter)
Manufactured=2014-03-08
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=
# Display detailed electronic label information on the device.

<HUAWEI> display elabel
It is executing, please wait...
/$[System Integration Version]

/$SystemIntegrationVersion=3.3
[Rack_1]
[SubRack_0]
[Slot_0]
/$[Board Integration Version]
/$BoardIntegrationVersion=3.0
[Main_Board]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=AP5030DN
BarCode=210235419610CB000473
Item=02354196
Description=Assembling Components,AP5030DN,AP5030DN Mainframe(11ac,General AP In
door,3x3 Double Frequency,Built-in Antenna,No AC/DC adapter)
Manufactured=2014-03-08
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=
Table 5-3 Description of the display elabel command output

Item Description
BoardType Card model of the specified

component.
BarCode Barcode of the specified component.

Fat AP and Cloud AP
Item Description
Item BOM code of the specified

component.
For details, see the part number of
the component in Installation >
Appendix > Power Adaptation
Solution of the product
documentation.
Description Description of the specified

component.
Manufactured Manufacturing date of the specified

component.
VendorName Vendor name of the specified

component.
IssueNumber Issuing number of the specified

component.
CLEICode CLEI code of the specified component.
BOM Sales BOM code of the specified

component.
Model External model.
ElabelVersion Electronic label version.
5.1.6 display esn

Function
The display esn command displays the Equipment Serial Number (ESN) of a
device.
Format
display esn
Parameters
None
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
An ESN uniquely identifies a device.
Example
# Display the ESN of the device.
<HUAWEI> display esn
ESN of device: **********P0B4000046
5.1.7 display sn
Function
The display sn command displays serial number (SN) information of components
on a device.
Format
display sn [ license | all | interface [ interface-type interface-number ] |
[ interface ] abnormal ]
Parameters
license Displays the SN for -

applying for a license.
all Displays all SN -

information.
interface [ interface- Displays the SN of the -

type interface-number ] optical module on a
specified interface:
● interface-type
specifies the interface
type.
● interface-number
number.
abnormal Displays the SN of an -

abnormal module.
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
You can run the display sn command to view the SNs of the device, optical
module, and device components, which facilitates device management.
Example
# Display the SNs of all components on a device.
<HUAWEI> display sn all
Equipment SN(ESN): **********8SJ8002998
License ESN: --
Slot Sub Type SN P/N
---------------------------------------
0 - AP2051DN **********8SJ8002998 50083572N
# Display the SN of an abnormal subcard.

<HUAWEI> display sn abnormal
Slot Sub Type SN P/N State
---------------------------------------
- 4 POWER **********8NCB000175 02130983 ERROR
# Display the SN of an abnormal interface.

<HUAWEI> display sn interface abnormal
Port Type SN P/N State Description
--------------------------------------------
GE0/0/0 RTXM139-400 ********0690 - ERROR 155Mbps-1310nm--30000m
Table 5-4 Description of the display sn command output

Item Description
Equipment SN(ESN) Equipment serial number.
License ESN License SN.
Slot Slot ID of a component.
Sub Subcard ID.
Type Type of a component.
SN SN of a component.
P/N SBOM of a card.
Port Interface.
Description Interface description.

Fat AP and Cloud AP
Item Description
State Subcard status.

● ABNORMAL: The card status is
abnormal.
● ERROR: A registration error occurs.
● REMOVED: A card is removed.
Optical module status.
● ERROR: The optical module cannot
be identified.
● REMOVED: The optical module is
removed.
● UNAUTHORIZED: A non-Huawei-
certified optical module is used.
5.1.8 display fan
Function
The display fan command displays the fan status.
NOTE
This command is available only for the AD9431DN-24X and AD9430DN-24.
Format
display fan [ slot slot-id | verbose ]
Parameters
slot slot-id Specifies the The value of slot-id

slot ID of the depends on the running
device. fan.
verbose Displays -
detailed status
information
about the fan.
Views
All views

Fat AP and Cloud AP
Default Level
Usage Guidelines
Devices can run properly when fans are working properly. If proper heat
dissipation cannot be ensured for devices, devices may overheat, damaging the
hardware. You can use the display fan command to view the fan status.
Example
# Display the fan status of the device.
<HUAWEI> display fan
Slot 0: Fan 1 is normal.
NOTE
If no fan is installed, the following information is displayed: Slot 0: Fan 0 is absent.
# Display detailed status information about the fan.

<HUAWEI> display fan verbose
Slot # FAN # Status Speed Rate Mode Airflow Direction
-------------------------------------------------------------------------
0 0 Normal 70 % AUTO Back-to-Side
Table 5-5 Description of the display fan verbose command output

Item Description
Slot Slot ID of the device.
FAN Fan ID.
Status Fan status. The value can be Normal

or Abnormal.
Speed Rate Ratio of the current fan speed to the

full speed.
Mode Working mode of a fan.

● AUTO
● MANUAL
Airflow Direction Airflow direction of the fan.

● Back-to-Side: Air flows from the
rear to the left and right sides.
● Side-to-Back: Air flows from the left
and right sides to the rear.
● Side-to-Side: Air flows from one
side to the other side.
● Front-to-Back: Air flows from the
front to the rear.

Fat AP and Cloud AP
5.1.9 display health
Function
The display health command displays the health status of a device.
Format
display health
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
You can run this command to check the information about a device, including the
device temperature, CPU usage, memory usage, and storage medium usage.
Example
# Check the health status of a device.
<HUAWEI> display health
--------------------------------------------------------------------------------
Slot Card Sensor No. SensorName Status Upper Lower Temperature.(C)
--------------------------------------------------------------------------------
0 - 1 AP5030DN TEMP NORMAL 102 -13 48
--------------------------------------------------------------------------
PowerNo Present Mode State Current(A) Voltage(V) Power(W)
--------------------------------------------------------------------------
Info:The device does not support power display!
System CPU Usage Information:
System cpu usage at 2005-08-21 22:40:43 460 ms
-------------------------------------------------------------------------------
SlotID CPU Usage Upper Limit
-------------------------------------------------------------------------------
0 20% 80%
System Memory Usage Information:
System memory usage at 2005-08-21 22:40:43 480 ms
-------------------------------------------------------------------------------
SlotID Total Memory(MB) Used Memory(MB) Used Percentage Upper Limit
-------------------------------------------------------------------------------
0 91 50 55% 90%
System Disk Usage Information:
System disk usage at 2005-08-21 22:40:43 580 ms
-------------------------------------------------------------------------------
SlotID Device Total Memory(MB) Used Memory(MB) Used Percentage Upper Limit
-------------------------------------------------------------------------------
0 flash: 6 0 8% 90%

Fat AP and Cloud AP
Table 5-6 Description of the display health command output

Item Description
Slot ID of the slot where the temperature

sensor resides. The value is fixed as 0,
indicating the main control board
slot.
Card Card number. The device does not

support any card.
Sensor No. Temperature sensor number.
SensorName Temperature sensor name.
Status Device temperature status.

● NORMAL: The device temperature
is normal.
● ABNORMAL: The device
temperature is beyond the allowed
range.
Upper Upper threshold of the device

temperature.
Lower Lower threshold of the device

temperature.
Temperature.(C) Current device temperature.
PowerNo, Present, Mode, State, Power module parameters.

Current(A), Voltage(V), Power(W) NOTE
The AP has no power module and must
connect to an external power supply or
use PoE power supply. These parameters
are not supported.
System CPU Usage Information CPU usage statistics.
SlotID Slot ID of the card where the CPU

resides. The value is fixed as 0,
slot.
CPU Usage CPU usage.
Upper Limit Alarm threshold of the CPU usage. To

configure this parameter, run the set
cpu-usage threshold threshold-value
command.
System Memory Usage Information Memory usage statistics.

Fat AP and Cloud AP
Item Description
SlotID Slot ID of the card where the memory

resides. The value is fixed as 0,
slot.
Total Memory(MB) Total memory.
Used Memory(MB) Used memory.
Used Percentage Memory usage.
Upper Limit Alarm threshold of the memory

usage. To configure this parameter,
run the set memory-usage threshold
threshold-value command.
System Disk Usage Information Storage medium usage statistics.
SlotID Slot ID of the card where the storage

medium resides. The value is fixed as
0, indicating the main control board
slot.
Device Storage medium name.
Total Memory(MB) Total memory of the storage medium.
Used Memory(MB) Used memory of the storage medium.
Used Percentage Storage medium usage.
Upper Limit Alarm threshold of the storage

medium usage. To configure this
parameter, run the set disk-usage
threshold threshold-value command.
5.1.10 display memory-usage
Function
The display memory-usage command displays the memory usage of a device.
Format
display memory-usage
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Memory usage is an important metric to evaluate device performance. High
memory usage may cause service faults. You can run the display memory-usage
command to view the real-time memory usage to check whether the device is
running properly.
The memory usage displayed in the command output indicates the proportion of
the memory actually occupied by running processes to the total available memory
of system processes.
Example
# Check the memory usage on the current active MPU.
<HUAWEI> display memory-usage
Memory utilization statistics at 2013-02-26 11:03:59 413 ms
System Total Memory Is: 14749912 kbytes
Total Memory Used Is: 649924 kbytes
Memory Using Percentage Is: 4%
Table 5-7 Description of the display memory-usage command output
Item Description
Memory utilization statistics Memory usage statistics.
System Total Memory Total available memory of system processes.

Only part of physical memory is allocated to
the system processes.
Total Memory Used Total used memory.
Memory Using Percentage Memory usage.
5.1.11 display memory-usage threshold

Function
The display memory-usage threshold command displays the memory usage
threshold on the device.
Format
display memory-usage threshold

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
Usage Guidelines
You can view the memory usage alarm threshold to learn about the conditions for
triggering alarms.
● When memory usage reaches the alarm threshold, the system generates an
alarm.
● When memory usage falls within the alarm threshold, the system generates a
clear alarm.
Example
# Display the memory usage threshold of the device.
<HUAWEI> display memory-usage threshold
Current memory threshold of the main board is 83%.
Table 5-8 Description of the display memory-usage threshold command output
Item Description
Current memory threshold of The memory usage threshold of the main

the main board is x%. control board is x%. To set the memory usage
threshold of the main control board, use the
set memory-usage threshold threshold-
value command.
5.1.12 display power
Function
The display power command displays the power supply status of the device.
This command is available only for the AD9431DN-24X and AD9430DN-24.
Format
display power

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can use this command to check the status of all power supply units and their
voltage and current.
Example
# Display the power module status of the device.
<HUAWEI> display power
--------------------------------------------------------------------------
PowerNo Present Mode State Current(A) Voltage(V) Power(W)
--------------------------------------------------------------------------
PWRI YES AC Normal N/A 12 500
Table 5-9 Description of the display power command output

Item Description
PowerNo Number of a power supply.
Present Whether a power supply is working:

● YES: The power supply is working.
● NO: The power supply is not working.
Mode Power mode:

● DC
● AC
State Power supply status:
Current(A) Current of the power supply, in Ampere. It is displayed as

N/A.
Voltage(V) Rated voltage, in V.
Power(W) Rated power, in wattage.

Fat AP and Cloud AP
5.1.13 display temperature
Function
The display temperature command displays the device temperature.
Format
display temperature { all | slot slot-id }
Parameters
all Displays the temperature of all -

cards on the device.
slot slot-id Displays the temperature of the The value is an integer and must
specified card. be set according to the device
configuration.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
A proper temperature range is the prerequisite for the device to run stably. A high
or low device temperature may damage the hardware. You can run this command
to view the current device temperature. When the device temperature exceeds the
upper threshold or falls below the lower threshold, the device generates an alarm
to alert you that the device temperature is abnormal.
NOTE
The AP1050DN-S, AP3010DN-V2, AP3030DN, AP4030DN, AP4130DN, AP4050DN, AP4050DN-S,

AP4051DN, AP4051DN-S, AP2051DN-L-S, WA375DD-CE, and AP4151DN do not support query
of the current device temperature.
Example
# Display the device's temperature information.
<HUAWEI> display temperature all
--------------------------------------------------------------------------------
Slot Card Sensor No. Sensor Name Status Upper Lower Temperature.(C)
--------------------------------------------------------------------------------
0 - 1 AP5030DN TEMP NORMAL 102 -13 38

Fat AP and Cloud AP
Table 5-10 Description of the display temperature command output
Item Description
Slot Slot ID of a card.
Card Subcard number.
Sensor No. ID of a sensor on the card.
Sensor Name Name of a sensor on the card.
Status Status of the card temperature.

● NORMAL: The card temperature is normal.
● ABNORMAL: The card temperature is out of the allowed
range.
Upper Upper alarm threshold for the temperature.
Lower Lower alarm threshold for the temperature.
Temperature.(C) Current temperature of the card, in degrees Celsius.
5.1.14 display transceiver
Function
The display transceiver command displays information about the optical module
on an interface.
NOTE
The command displays only information about optical interfaces.
Format
display transceiver [ interface interface-type interface-number ] [ verbose ]
Parameters
interface interface-type Specifies the type and The value varies

interface-number number of an interface. depending on device
● interface-type models.
type.
number.

Fat AP and Cloud AP
verbose Displays detailed -

information about the
optical module on an
interface, including the
general, manufacture,
alarm, and diagnostic
information.
Views
All views
Default Level
Usage Guidelines
You can run this command to view general, manufacture, and alarm information
about the optical module on an interface. If you specify verbose in the command,
diagnostic information is also displayed in the command output.
Example
# Check general information, manufacture information, and alarm information
about the optical module on a specified interface.
<HUAWEI> display transceiver interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 transceiver information:
-------------------------------------------------------------
Common information:
Transceiver Type :1000_BASE_SX_SFP
Connector Type :LC
Nominal bit rate(MBits/sec) :1200
Wavelength(nm) :850
Transfer Distance(m) :0(9um),300(50um),150(62.5um)
Digital Diagnostic Monitoring :YES
Vendor Name :SumitomoElectric
Ordering Name :
-------------------------------------------------------------
Manufacture information:
Manu. Serial Number :79K056C05802
Manufacturing Date :2007-09-14
Vendor Name :SumitomoElectric
-------------------------------------------------------------
# Check general information, manufacture information, alarm information, and

diagnostic information about the optical module on a specified interface.
<HUAWEI> display transceiver interface gigabitethernet 0/0/1
verbose
GigabitEthernet0/0/1 transceiver information:
-------------------------------------------------------------
Common information:
Transceiver Type :OC3_INTER_REACH_SFP
Connector Type :LC

Fat AP and Cloud AP
Nominal bit rate(MBits/sec) :1200

Wavelength(nm) :1310
Transfer Distance(m) :15000(9um)
Digital Diagnostic Monitoring :YES
Vendor Name :HUAWEI
Vendor Part Number :34060358
Ordering Name :
-------------------------------------------------------------
Manu. Serial Number :EH1048220807
Vendor Name :HUAWEI
-------------------------------------------------------------
Alarm information:
RX loss of signal
RX power low
-------------------------------------------------------------
Diagnostic information:
Temperature(°C) :26.00
Temp High Threshold(°C) :85.00
Temp Low Threshold(°C) :-40.00
Voltage(V) :3.29
Volt High Threshold(V) :3.64
Volt Low Threshold(V) :2.95
Bias Current(mA) :4.57
Bias High Threshold(mA) :9.00
Bias Low Threshold(mA) :2.00
RX Power(dBM) :-40.00
RX Power High Threshold(dBM) :0.00
RX Power Low Threshold(dBM) :-16.99
TX Power(dBM) :-5.03
TX Power High Threshold(dBM) :-2.22
TX Power Low Threshold(dBM) :-6.99
-------------------------------------------------------------
Table 5-11 Description of the display transceiver command output

Item Description
Transceiver Type Type of an optical module.
Connector Type Interface type.
Nominal bit rate Bit rate of the optical module, in Mbit/s.
Wavelength(nm) Optical wavelength of the optical module.
Transfer Transmission distance of the optical module.

Distance(m)
Digital Whether diagnostic information about the optical module is

Diagnostic monitored.
Monitoring
Vendor Name Vendor name of the optical module.
Ordering Name Ordering name of the optical module.
Manu. Serial Vendor sequence number of the optical module.

Number
Manufacturing Manufacturing date of the optical module.

Date

Fat AP and Cloud AP
Item Description
RX loss of signal LOS alarm on the optical module.
RX power low Low receive power on the optical module.
Temperature(°C) Current temperature of the optical module.
Voltage(V) Current voltage of the optical module.
Bias Bias current of the optical module.

Current(mA)
Bias High Upper threshold for the bias current of the optical module.
Threshold(mA)
Bias Low Lower threshold for the bias current of the optical module.
Threshold(mA)
RX Power Receive power of the optical module.
RX Power High Upper receive power threshold for the optical module.
Threshold
RX Power Low Lower receive power threshold for the optical module.
Threshold
TX Power Transmit power of the optical module.
TX Power High Upper transmit power threshold for the optical module.
Threshold
TX Power Low Lower transmit power threshold for the optical module.
Threshold
5.1.15 display transceiver diagnosis interface

Function
The display transceiver diagnosis interface command displays the diagnosis
parameters of an optical module.
Format
display transceiver diagnosis interface [ interface-type interface-number ]

Fat AP and Cloud AP
Parameters
interface-type interface- Specifies the type and The value varies

number number of an interface. depending on device
● interface-type models.
type.
number.
Views
All views
Default Level
Usage Guidelines
Before running this command to view the diagnosis parameters of an optical
module, make sure that the optical module is an enhanced one and has been
installed on the device.
Example
# Check the diagnosis parameters of the optical module installed on
GigabitEthernet0/0/1.
<HUAWEI> display transceiver diagnosis interface gigabitethernet 0/0/1
Port GigabitEthernet0/0/1 transceiver diagnostic information:
Parameter Current Low Alarm High Alarm
Type Value Threshold Threshold Status
------------- --------- --------- ---------- --------
TxPower(dBm) -4.64 0.00 0.00 abnormal
RxPower(dBm) -4.37 33.00 0.00 abnormal
Current(mA) 7.42 0.00 0.00 abnormal
Temp.(C) 30.00 0.00 0.00 abnormal
Voltage(V) 3.28 0.00 8.19 normal

Fat AP and Cloud AP
Table 5-12 Description of the display transceiver diagnosis interface command

output
Item Description
Parameter Type Parameter type.

● TxPower(dBm): indicates the transmit power of the
optical module, in dBm.
● RxPower(dBm): indicates the receive power of the
optical module, in dBm.
● Current(mA): indicates the current of the optical
module, in mA.
● Temp.(C): indicates the temperature of the optical
module, in degree Celsius.
● Voltage(V): indicates the voltage of the optical
module, in V.
Current Value Current value of a parameter.
Low Alarm Threshold Lower alarm threshold of a parameter.
High Alarm Threshold Upper alarm threshold of a parameter.
Status Status of the optical module, which can be normal or

abnormal.
5.1.16 display version
Function
The display version command displays the version of a device.
Format
display version [ slot slot-id ]
Parameters
slot slot-id Displays the version of The value is an integer

the specified card. and must be set
according to the device
configuration.
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the current software version of the device and
determine whether the device requires an upgrade.
Example
# Display the version of a device.
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.130 (AP5030DN FAT V200R019C00)
Copyright (C) 2015-2017 HUAWEI TECH CO., LTD
Huawei AP5030DN Router uptime is 0 week, 1 day, 0 hour, 52 minutes
MPU 0(Master) : uptime is 0 week, 1 day, 0 hour, 52 minutes

SDRAM Memory Size : 128 M bytes
Flash Memory Size : 32 M bytes
MPU version information :
1. PCB Version : H86D2TD1D200 VER.C
2. MAB Version : 0
3. Board Type : AP5030DN
4. BootROM Version : 52
Table 5-13 Description of the display version command output
Item Description
HUAWEI Versatile Routing Platform Versatile Routing Platform (VRP).

Software
VRP (R) software, Version VRP version and device software.
Copyright (C) yyyy-yyyy HUAWEI TECH Huawei copyright.

CO., LTD
uptime System power-on time.
SDRAM Memory Size System memory size.
Flash Memory Size Flash memory size.
SD Card Memory Size SD card memory size.
NOR FLASH Memory Size NOR flash memory size.
NAND FLASH Memory Size NAND flash memory size.
USB Disk Memory Size USB flash drive memory size.

This item is displayed only when a
USB flash drive is inserted into the
device.
MPU version information MPU version.
PCB Version PCB version.

Fat AP and Cloud AP
Item Description
MAB Version MAB version.
Board Type Card type.
CPLDn Version CPLDn version.

This item is supported only by the
AD9431DN-24X and AD9430DN-24.
BootROM Version BootROM version.
BlueTooth Version Bluetooth version. The first part is the

main version number, and the second
part is the sub-version number.
This item is displayed only on the
AP7052DE, AP4050DN-E, and
AP7050DE.
RPS Version Version of the RPS power supply.

This item is available only for the
AD9431DN-24X.
5.1.17 reset cpu-usage record
Function
The reset cpu-usage record command clears the maximum CPU usage.
Format
reset cpu-usage record
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None

Fat AP and Cloud AP
Example
# Clear the maximum CPU usage.
<HUAWEI> reset cpu-usage record
Info: Succeeding in clear task CPU usage record.
5.2 Hardware Configuration Commands
5.2.1 backup elabel

Function
The backup elabel command backs up electronic labels of the device to the
storage media.
The backup elabel ftp command backs up electronic labels of the device to a
specified FTP server.
The backup elabel tftp command backs up electronic labels of the device to a
specified TFTP server.
Format
backup elabel file-name filename
backup elabel ftp ip-address ftp-server-address [ port-num ] file-name filename
username password
backup elabel tftp ip-address tftp-server-address file-name filename
Parameters
file-name Specifies the name of the file The value is a string of 5 to 28

filename that stores electronic labels. case-sensitive characters
without spaces.
The default file path is flash:/.
ip-address ftp- Specifies the IP address of The value is in dotted decimal

server-address the FTP server that stores notation.
electronic labels.
port-num Specifies the port number. The value is an integer that

ranges from 1 to 65535.
username Specifies the user name used The value is a string of 1 to 20

to log in to the FTP server. case-sensitive characters
without spaces.

Fat AP and Cloud AP
password Specifies the password used The value is a string of 1 to 20

to log in to the FTP server. case-sensitive characters
without spaces.
ip-address tftp- Specifies the IP address of The value is in dotted decimal

server-address the TFTP server that stores notation.
electronic labels.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When electronic labels are stored on a board, use the backup elabel command to
save electronic labels to a file. This file can be saved to the storage media of the
device, to the file server. You are advised to use FTP, which is more secure.
Example
# Save electronic labels of the device to the elabel.fls file in the flash memory.
<HUAWEI> backup elabel file-name flash:/elabel.fls
# Save electronic labels of the device to FTP server 10.1.1.1. Set the FTP user name
to user and password to 123. Save electronic labels in the elabel.fls file.
<HUAWEI> backup elabel ftp ip-address 10.1.1.1 file-name elabel.fls user 123
5.2.2 set cpu-usage threshold

Function
The set cpu-usage threshold command sets the alarm threshold and alarm clear
threshold of the CPU usage.
The undo set cpu-usage threshold command restores the default alarm
threshold and alarm clear threshold of the CPU usage.
By default, the alarm threshold and alarm clear threshold of the CPU usage are
95% and 75%, respectively.
Format
set cpu-usage threshold threshold-value [ restore restore-threshold-value ]
undo set cpu-usage threshold

Fat AP and Cloud AP
Parameters
threshold Specifies an alarm threshold of the The value is an integer

threshold- CPU usage. that ranges from 2 to
value 100. The default value
is 95.
restore Specifies an alarm clear threshold of The value is an integer

restore- the CPU usage. that ranges from 1 to
threshold- (threshold-value - 1).
value If this parameter is not specified, the The default value is 75.
CPU usage alarm recovery threshold is
calculated as follows:
● Alarm threshold minus 1% when
the alarm threshold of the
forwarding CPU usage is less than
60%
● Alarm threshold minus 5% when
the alarm threshold of the
forwarding CPU usage is higher
than or equal to 60%
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To ensure sufficient forwarding CPU resources for the device, run the set cpu-
usage threshold command to set the alarm threshold and alarm clear threshold
of the CPU usage. When CPU resources are insufficient, the device can report an
alarm to alert you in a timely manner. When the CPU usage exceeds the alarm
threshold, the system logs the event and generates an alarm. Based on log
information, you can know the CPU usage. When the CPU usage falls within the
alarm clear threshold, the system generates a clear alarm.
Precautions
The default alarm threshold and alarm clear threshold are recommended. If the
alarm threshold is set small, the system frequently generates alarms. If the alarm
threshold is set large, you cannot learn about the CPU usage in a timely manner.
Example
# Set the alarm threshold of the CPU usage to 85%.

Fat AP and Cloud AP
[HUAWEI] set cpu-usage threshold 85
# Set the alarm threshold and alarm clear threshold of the CPU usage to 85% and
80%, respectively.
[HUAWEI] set cpu-usage threshold 85 restore 80
5.2.3 set disk-usage threshold

Function
The set disk-usage threshold command sets the disk usage alarm threshold and
alarm clear threshold.
The undo set disk-usage threshold command restores the default disk usage
alarm threshold and alarm clear threshold.
The default disk usage alarm threshold and alarm clear threshold are 95 and 90,
respectively.
Format
set disk-usage threshold threshold [ restore restore-threshold ]
undo set disk-usage threshold
Parameters
threshold Specifies a disk usage alarm threshold. The value is an

integer that ranges
from 6 to 100.
restore Specifies an alarm clear threshold for the The value is an

restore- disk usage. integer that ranges
threshold from 1 to the value
of threshold minus
1.
Views
System view
Default Level
Usage Guidelines
If the alarm clear threshold is not specified, it equals the alarm threshold minus 5.
● When the disk usage of the device exceeds the current alarm threshold, the
device generates an alarm.

Fat AP and Cloud AP
● When the disk usage of the device exceeds the current alarm threshold, clear
alarm information is displayed.
Example
# Set the disk usage alarm threshold of the device to 60.
[HUAWEI] set disk-usage threshold 60
5.2.4 set memory-usage threshold
Function
The set memory-usage threshold command sets the memory usage threshold.
The undo set memory-usage threshold command restores the default memory
usage threshold.
By default:
● If the device memory is less than or equal to 128 MB, the memory usage
alarm threshold is 84%.
● If the device memory is larger than 128 MB, the memory usage alarm
threshold is 90%.
This command is not available for central APs.
Format
set memory-usage threshold threshold-value
undo set memory-usage threshold
Parameters
threshold Specifies the The value is an integer that ranges from

threshold-value memory usage 75 to 86 if the device memory is smaller
threshold. than or greater to 128 MB and ranges
from 75 to 92 if the device memory is
larger than 128 MB.
Views
System view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
You can use the set memory-usage threshold command to set the memory
usage threshold. When memory usage exceeds the threshold, the system logs the
event and generates an alarm. By viewing log information, you can learn about
memory usage.
Precautions
You are advised to use the default threshold. If the memory usage threshold is set
too low, the system frequently generates alarms. If the memory usage threshold is
set too high, you cannot learn about memory usage in a timely manner.
When the memory usage reaches threshold-value, the level 1 alarm
ENTITYTRAP_1.3.6.1.4.1.2011.5.25.219.2.15.1 hwMemUtilizationRising is
generated.
When the memory usage restores to (threshold-value - 3), the
ENTITYTRAP_1.3.6.1.4.1.2011.5.25.219.2.15.2 hwMemUtilizationResume alarm
is generated.
Example
# Set the memory usage threshold of the device to 85%.
[HUAWEI] set memory-usage threshold 85
5.3 Energy-saving Configuration Commands

NOTE
Only optical ports and combo ports working in optical mode support the ALS function. Electrical
ports and combo ports working in electrical mode do not support the ALS function. For ports
supported on a device, see Hardware Structure in the corresponding Product Description.
5.3.1 als enable

Function
The als enable command enables ALS on an interface.
The undo als enable command disables ALS on an interface.
By default, ALS is disabled on an interface.
Format
als enable
undo als enable
Parameters
None

Fat AP and Cloud AP
Views
XGE interface view, port group view
Default Level
Usage Guidelines
The constraints on ALS are as follows:
● Only optical interfaces support ALS. Electrical interfaces do not support ALS.
Example
# Enable ALS on interfaces XGigabitEthernet0/0/1.
[HUAWEI] interface xgigabitethernet 0/0/1
[HUAWEI-XGigabitEthernet0/0/1] als enable
5.3.2 als restart

Function
The als restart command manually restarts the laser of an interface.
Format
als restart
Parameters
None
Views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run this command to manually restart the laser of an optical module.
After the optical link recovers, the laser is started after a certain interval if the
restart mode is automatic restart. To start the laser immediately after the optical
link recovers, set the restart mode of the laser to manual restart and run the als
restart command. If this command is not executed, the laser automatically sends
a pulse after receiving a pulse from the remote end.

Fat AP and Cloud AP
Prerequisites
ALS has been enabled on the interface using the als enable command and the
restart mode of the laser has been set to manual restart mode using the als
restart mode manual command.
Precautions
This command cannot be executed on an interface if the interface has been added
to an interface protection group and is in Protect state.
Example
# Restart lasers on interfaces XGigabitEthernet0/0/1 manually.
[HUAWEI-XGigabitEthernet0/0/1] als enable
[HUAWEI-XGigabitEthernet0/0/1] als restart mode manual
[HUAWEI-XGigabitEthernet0/0/1] als restart
5.3.3 als restart mode manual
Function
The als restart mode manual command sets the mode of restarting the laser of
the optical module to manual.
The undo als restart mode manual command restores the mode of restarting the
laser of the optical module to automatic.
By default, a laser works in automatic restart mode.
Format
als restart mode manual
undo als restart mode manual
Parameters
None
Views
Default Level
Usage Guidelines
The laser of an optical module works in automatic restart mode or manual restart
mode.

Fat AP and Cloud AP
● In automatic restart mode, the laser sends pulses at the interval set using the
als restart pulse-interval command to detect whether the link is recovered.
The pulse width is set through the als restart pulse-width command.
● In manual restart mode, you must manually start the laser using the als
restart command so that the laser can send a pulse. The ALS pulse width is
set using the als restart pulse-width command.
If the fiber link recovery is detected in time, you can use the manual restart mode
so that the laser can send pulses immediately. Therefore, data communication can
be recovered rapidly.
Example
# Configure lasers on interfaces XGigabitEthernet0/0/1 to work in manual restart
mode.
[HUAWEI-XGigabitEthernet0/0/1] als restart mode manual
5.3.4 als restart pulse-interval
Function
The als restart pulse-interval command sets the ALS pulse interval for the laser
of an optical module.
The undo als restart pulse-interval command restores the default ALS pulse
interval of the laser of an optical module.
By default, the ALS pulse interval of the laser is 100s.
Format
als restart pulse-interval pulse-interval
undo als restart pulse-interval
Parameters
pulse-interval Specifies the ALS pulse The value is an integer that ranges
interval of the laser. from 100 to 20000, in seconds.
Views
Default Level

Fat AP and Cloud AP
Usage Guidelines
In automatic restart mode, the ALS pulse interval affects the frequency of
detecting the LOS on the interface. A long ALS pulse interval is beneficial for
energy saving, but the fiber link recovery cannot be detected in a timely manner.
In contrary, a short ALS pulse interval wastes power but the fiber link recovery can
be detected immediately.
Example
# Set the ALS pulse interval of lasers on XGigabitEthernet0/0/1 to 150s.
[HUAWEI-XGigabitEthernet0/0/1] als restart pulse-interval 150
5.3.5 als restart pulse-width

Function
The als restart pulse-width command sets the ALS pulse width for the laser of an
optical module.
The undo als restart pulse-width command restores the default ALS pulse width
for the laser of an optical module.
By default, the ALS pulse width of the laser is 2s.
Format
als restart pulse-width pulse-width
undo als restart pulse-width
Parameters
pulse-width Specifies the ALS pulse width The value is an integer that ranges
of the laser. from 2 to 200, in seconds.
Views
Default Level
Usage Guidelines
The ALS pulse width refers to the period between rising edges of pulses. A short
ALS pulse width is beneficial for energy saving, but the fiber link recovery cannot

Fat AP and Cloud AP
be detected immediately. In contrary, a long ALS pulse width consumes more

power but the fiber link recovery can be detected immediately.
Example
# Set the ALS pulse width on interfaces XGigabitEthernet0/0/1 to 3s.
[HUAWEI-XGigabitEthernet0/0/1] als restart pulse-width 3
5.3.6 display als configuration

Function
The display als configuration command displays ALS configuration.
Format
display als configuration slot slot-id
display als configuration interface interface-type interface-number
Parameters
slot slot-id Displays ALS configuration in a slot with a The value is
specified slot ID. 0.
interface interface- Displays ALS configuration on a specified -

type interface- interface.
number
● interface-type specifies the interface
type.
● interface-number specifies the interface
number.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display ALS configuration on interfaces XGigabitEthernet0/0/1.

Fat AP and Cloud AP
<HUAWEI> display als configuration interface xgigabitethernet 0/0/1

-------------------------------------------------------------------------------
Interface ALS Laser Restart Interval(s) Width(s)
Status Status Mode
-------------------------------------------------------------------------------
XGigabitEthernet0/0/1 Disable On Auto 100 2
Table 5-14 Description of the display als configuration command output
Item Description
Interface Interface type and number.
ALS Status Whether ALS is enabled.

● Enable: ALS is enabled.
● Disable: ALS is disabled.
ALS is enabled using the als enable
command.
Laser Status Whether the laser is On.

● Off: The laser is Off.
● On: The laser is On.
Restart Mode ALS restart mode.

● Auto: automatic restart mode.
● Manual: manual restart mode.
The ALS restart mode is set to manual
using the als restart mode manual
command.
Interval(s) ALS pulse interval, expressed in

seconds. The ALS pulse interval is set
using the als restart pulse-interval
command.
Width(s) ALS pulse width, expressed in seconds.

The ALS pulse width is set using the
als restart pulse-width command.
5.4 Fault Management Commands
5.4.1 alarm correlation-suppress enable
Function
The alarm correlation-suppress enable command enables NMS-based alarm
correlation suppression.
The undo alarm correlation-suppress enable command disables NMS-based

alarm correlation suppression.

Fat AP and Cloud AP
By default, NMS-based alarm correlation suppression is enabled.
Format
alarm correlation-suppress enable target-host ip-address securityname
securityname
undo alarm correlation-suppress enable target-host ip-address securityname
securityname
Parameters
target-host ip- Specifies the IPv4 The value is in dotted decimal
address address of an NMS notation.
host.
securityname Specifies the security In the case of a plain text password,
securityname name displayed on the value is a string of 1 to 32 case-
the NMS host. sensitive characters, without spaces.
In the case of a cipher text password,
the value is a string of 48 to 68 case-
sensitive characters, without spaces.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
A lot of alarms are generated and then reported on a running system. If non-root-
cause alarms are unimportant, you can enable NMS-based alarm correlation
suppression to filter out non-root-cause alarms.
Prerequisites
The alarm correlation analysis has been enabled using the correlation-analyze
enable command.
Example
# Enable the alarm correlation suppression of the NMS host whose security name
is user123 and IP address is 192.168.3.1.
[HUAWEI] alarm
[HUAWEI-alarm] correlation-analyze enable
Info: Enable analyze correlation between alarms successfully

Fat AP and Cloud AP
[HUAWEI-alarm] quit
[HUAWEI] alarm correlation-suppress enable target-host 192.168.3.1 securityname user123
5.4.2 alarm-name severity

Function
The alarm-name severity command sets the severity for an alarm.
The undo alarm-name severity command restores the default setting.
By default, each alarm has a default severity.
Format
alarm-name alarm-name severity severity
undo alarm-name alarm-name severity
Parameters
alarm-name Specifies the registered The value is of

alarm name. enumerated type and
varies according to the
registered device type.
NOTE
To view registered alarm
information, run the
display alarm
information command.

Fat AP and Cloud AP
severity severity Specifies the alarm The value is of

severity. enumerated type. Alarms
are classified into the
following severities:
● critical: indicates that
a fault affecting
services has occurred
and it must be
rectified immediately.
● major: indicates that
services are being
affected and related
measures need to be
taken urgently.
● minor: indicates that
a fault occurs but
does not affect
services. To avoid
more serious faults
that affect services,
related measures
must be taken.
● warning: indicates
that a potential or
impending service-
affecting fault is
detected before any
significant effect has
been felt. Take
corrective actions to
diagnose and rectify
the fault.
● indeterminate:
indicates that the
alarm severity cannot
be determined.
● cleared: indicates one
or more previous
alarm conditions have
been cleared.
Views
Alarm view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
You can run the alarm-name severity command to change the alarm severity.
You can configure filtering conditions to allow the NMS to receive only alarms of
specified alarm severity.
Precautions
The default severity of each alarm is different. To view the default severity of an
alarm, run the undo alarm-name severity and display alarm information
commands in sequence.
Example
# Set the severity of the hwSysSlaveHDError alarm to warning.
[HUAWEI] alarm
[HUAWEI-alarm] alarm-name hwSysSlaveHDError severity warning
5.4.3 alarm (system view)

Function
Using the alarm command, you can enter the alarm view.
Format
alarm
Parameters
None
Views
System view
Default Level
Usage Guidelines
After running the alarm command to enter the alarm view, you can configuration
alarm management functions.
Example
# Enter the alarm view.
[HUAWEI] alarm
[HUAWEI-alarm]

Fat AP and Cloud AP
5.4.4 clear alarm active

Function
The clear alarm active command clears active alarms.
Format
clear alarm active { all | sequence-number sequence-number }
Parameters
all Clears all active alarms. -
sequence-number Specifies the sequence The value is an integer

sequence-number number of an active alarm. ranging from 1 to
2147483647.
Views
Alarm view
Default Level
Usage Guidelines
Usage Scenario
Before collecting statistics on alarms generated on the device again, run the clear
alarm active to clear active alarms.
Precautions
After the clear alarm active command is used, all active alarms on the device are
deleted and cannot be restored.
Example
# Clear all active alarms on the device.
[HUAWEI] alarm
[HUAWEI-alarm] clear alarm active all
5.4.5 clear event all

Function
The clear event all command clears events on the device.

Fat AP and Cloud AP
Format
clear event all
Parameters
None
Views
Event view
Default Level
Usage Guidelines
Usage Scenario
Before collecting statistics on events generated on the device again, run the clear
event all to clear events.
Precautions
NOTICE
The clear event all command clears events on the device and cleared events
cannot be restored.
Example
# Clear events on the device.
[HUAWEI] event
[HUAWEI-event] clear event all
5.4.6 correlation-analyze enable

Function
The correlation-analyze enable command enables alarm correlation analysis.
The undo correlation-analyze enable command disables alarm correlation
analysis.
By default, alarm correlation analysis is disabled.
Format
correlation-analyze enable
undo correlation-analyze enable

Fat AP and Cloud AP
Parameters
None
Views
Alarm view
Default Level
3: Management level
Usage Guidelines
A lot of alarms are generated in a running system and reported to the NMS. If
non-root-cause alarms are unimportant, you can run the correlation-analyze
enable command to enable alarm correlation analysis to distinguish between
root-cause alarms and non-root-cause alarms. After alarm correlation analysis is
enabled, the system analyzes types of alarms. For a non-root-cause alarm, the
system marks the sequence number of its root-cause alarm on the non-root-cause
alarm.
Example
# Enable alarm correlation analysis.
[HUAWEI] alarm
Info: Enable analyze correlation between alarms successfully
5.4.7 display alarm active
Function
The display alarm active command displays active alarms on the device.
Format
display alarm active
Parameters
None
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
You can run the display alarm active command to view active alarms on the
device to locate faults.
Example
# Display active alarms on the device.
<HUAWEI> display alarm active
A/B/C/D/E/F/G/H/I/J/K/L
A=Sequence, B=RootKindFlag(Independent|RootCause|nonRootCause)
C=Generating time, D=Clearing time
E=ID, F=Name, G=MIDname, H=InfoAlias, I=Level, J=State
K=Description information for locating(Para info, Reason info)
L=RootCause alarm sequence(Only for nonRootCause alarm)
1/Independent/2011-08-22 15:27:38/-/0xff8c2028/hwFanInvalid/-/-/Warning/Start/OID
1.3.6.1.4.1.2011.5.25.219.2.6.5 Fan is invalid.(Index=16397, EntityPhysicalIndex
=16397, PhysicalName="FAN Card 0/1", EntityTrapFaultID=139264)
Table 5-15 Description of the display alarm active command output
Item Description
A/B/C/D/E/F/G/H Alarm display format.

/I/J/K/L
A=Sequence Sequence number.
B=RootKindFlag( Flag indicating a root-cause alarm or a non-root-cause

Independent| alarm:
RootCause| ● Independent: indicates an alarm for which alarm
nonRootCause) correlation analysis is not performed.
● RootCause: indicates a root-cause alarm.
● nonRootCause: indicates a non-root-cause alarm.
C=Generating Time when an alarm is generated.

time
D=Clearing time Time when an alarm is cleared.
E=ID Alarm ID.
F=Name Alarm name.
G=MIDname Module ID name.
H=InfoAlias Alias name.
I=Level Alarm severity level.

To configure this parameter, run the alarm-name severity
command.
J=State Alarm status:

● Start
● End

Fat AP and Cloud AP
Item Description
K=Description Alarm description including alarm parameters and causes

information for for triggering alarms.
locating(Para
info, Reason
info)
L=RootCause Sequence number of the root-cause alarm (for non-root-

alarm cause alarms only).
sequence(Only
for
nonRootCause
alarm)
5.4.8 display alarm history

Function
The display alarm history command displays historical alarms on the device.
Format
display alarm history
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display alarm history command to view the alarms that are
cleared or generated on the device.
Example
# Display historical alarms on the device.
<HUAWEI> display alarm history
A/B/C/D/E/F/G/H/I/J
E=ID, F=Name, G=Level, H=State
I=Description information for locating(Para info, Reason info)

Fat AP and Cloud AP
J=RootCause alarm sequence(Only for nonRootCause alarm)
1/Independent/2011-08-22 15:27:38/2011-08-22 15:42:51/0xff8c2028/hwFanInvalid/

Warning/End/OID 1.3.6.1.4.1.2011.5.25.219.2.6.5 Fan is invalid.(Index=16397, Ent
ityPhysicalIndex=16397, PhysicalName="FAN Card 0/1", EntityTrapFaultID=139264)
Table 5-16 Description of the display alarm history command output

Item Description
A/B/C/D/E/F/G/H Alarm display format

/I/J
A=Sequence Sequence number

Independent| alarm:
RootCause| ● Independent: indicates an alarm for which alarm
nonRootCause) correlation analysis is not performed.
● RootCause: indicates a root-cause alarm.
● nonRootCause: indicates a non-root-cause alarm.
C=Generating Time when an alarm is generated

time
D=Clearing time Time when an alarm is cleared
E=ID E=ID
F=Name Alarm ID
G=Level Alarm severity level

You can run the alarm-name severity command to set this
parameter.
H=State Alarm status:

● Start
● End
I=Description Alarm description including alarm parameters and causes

information for for triggering alarms
locating(Para
info, Reason
info)
J=RootCause Sequence number of the root-cause alarm

alarm
sequence(Only
for
nonRootCause
alarm)

Fat AP and Cloud AP
5.4.9 display alarm information
Function
The display alarm information command displays alarm configurations.
Format
display alarm information [ name alarm-name ]
Parameters

name alarm- Displays the configuration of a The value is a string of 1
name specified alarm. If this parameter to 64 case-sensitive
is not set, configurations of all characters, spaces not
alarms are displayed. supported.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To view alarm configurations on the device, run the display alarm information
command.
If no alarm name is specified, information about all alarms in the system will be
displayed.
In addition, to change the severity level of an alarm, you can run the alarm-name
alarm-name severity severity command.
Example
# Display information about the LinkUp alarm.
<HUAWEI> display alarm information name linkUp
**********************************
AlarmName: linkUp
AlarmType: Resume Alarm
AlarmLevel: Critical
Suppress Period: 10s
CauseAlarmName: linkDown
Match VB Name: ifIndex
**********************************

Fat AP and Cloud AP
Table 5-17 Description of the display alarm information command output

Item Description
AlarmName Name of an alarm.
AlarmType Alarm type:

● Alarm: indicates a fault occurs.
● Resume Alarm: indicates a fault is rectified.
AlarmLevel Alarm severity.

You can run the alarm-name severity command to set this
parameter.
Suppress Period Alarm reporting delay.
CauseAlarmNam Name of the root-cause alarm.

e
Match VB Name Matching content of paired alarms.
5.4.10 display event

Function
The display event command displays events on the device.
Format
display event
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display events on the device.
<HUAWEI> display event
A/B/C/D/E/F/G/H/I/J

Fat AP and Cloud AP
E=ID, F=Name, G=Level, H=State
I=Description information for locating(Para info, Reason info)
J=RootCause alarm sequence(Only for nonRootCause alarm)
1/Independent/2011-08-29 16:36:55/-/0xc0dc2000/entConfigChange/Warning/Start/O
ID 1.3.6.1.2.1.47.2.0.1 Entity MIB change.
2/Independent/2011-08-29 16:37:32/-/0xc0dc2000/entConfigChange/Warning/Start/O
ID 1.3.6.1.2.1.47.2.0.1 Entity MIB change.
Table 5-18 Description of the display event command output

Item Description
A/B/C/D/E/F/G/H Event display format

/I/J
A=Sequence Sequence number of an event

Independent| alarm (The value of this field is Independent for any event.)
RootCause|
nonRootCause)
C=Generating Time when the event is generated

time
D=Clearing time Time when the event is cleared (for non-root-cause alarms
only)
E=ID Event ID
F=Name Event name
G=Level Event level
H=State Event status:

● Start
● End
I=Description Description of an event, including parameters of the event

information for and the reason why the event was triggered.
locating(Para
info, Reason
info)
J=RootCause This parameter is valid only for alarms.

alarm
sequence(Only
for
nonRootCause
alarm)

Fat AP and Cloud AP
5.4.11 display event information
Function
The display event information command displays event configurations.
Format
display event information [ name event-name ]
Parameters
name event- Displays the configuration of a The value is of
name specified event. If this parameter enumeration type and
is not set, configurations of all varies according to the
events are displayed. registered device type.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To view event configurations on the device, run the display event information
command.
Example
# Display registration information about the hwICLogfileNumberUpper event.
<HUAWEI> display event information name hwICLogfileNumberUpper
**********************************
EventName: hwICLogfileNumberUpper
EventType: Critical Event
EventLevel: NA
Suppress Period: 10s
Match VB Name: hwICLogFileNumber
**********************************
Table 5-19 Description of the display event information command output
Item Description
EventName Event name.
EventType Event type.
EventLevel Event level.

Fat AP and Cloud AP
Item Description
Suppress Period Event report delay period.

You can run the suppression event-name command to set
this parameter.
Match VB Name Matching content of repeated events.
5.4.12 delay-suppression enable

Function
The delay-suppression enable command enables the alarm or event reporting
delay function.
The undo delay-suppression enable command disables the alarm or event
reporting delay function.
By default, the reporting delay function is enabled.
Format
delay-suppression enable
undo delay-suppression enable
Parameters
None
Views
Alarm view or event view
Default Level
Usage Guidelines
If an alarm or an event is repeatedly generated, you can run the delay-
suppression enable command to enable the reporting delay function to prevent a
large number of repeated alarms or events from being reported to the NMS in a
specified period.
Example
# Enable the alarm reporting delay function.
[HUAWEI] alarm
[HUAWEI-alarm] delay-suppression enable
Info: alarm delay suppression has already been enabled

Fat AP and Cloud AP
5.4.13 event
Function
Using the event command, you can enter the event view.
Format
event
Parameters
None
Views
System view
Default Level
Usage Guidelines
After running the event command to enter the event view, you can configure
event management functions.
Example
# Enter the event view.
[HUAWEI] event
[HUAWEI-event]
5.4.14 mask interface
Function
The mask interface command enables interface-based alarm suppression.
The undo mask interface command disables interface-based alarm suppression.
By default, interface-based alarm suppression is disabled.
Format
mask interface interface-type interface-number
undo mask interface interface-type interface-number

Fat AP and Cloud AP
Parameters

interface-type interface- Specifies the type and number of the interface -
number on which alarm suppression is to be enabled.
Views
Alarm view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When a large number of LinkDown alarms are generated on the interface, you can
run the mask interface command to suppress LinkDown root-cause and non-
root-cause alarms.
Prerequisites
The correlation-analyze enable command has been executed in the alarm view
to enable alarm correlation analysis.
Example
# Enable alarm suppression on the GigabitEthernet0/0/1 interface.
[HUAWEI] alarm
Info: analyze correlation between alarms has already been enabled
[HUAWEI-alarm] mask interface gigabitethernet0/0/1
5.4.15 suppression alarm-name
Function
The suppression alarm-name command sets a period after which a generated
alarm is reported. After the period is set, the alarm management module does not
send the received alarm to the NMS until the period expires. If the period is set to
0s, the alarm management module sends the alarm to the NMS without any
delay.
The undo suppression alarm-name command restores the period of delay in

reporting alarms.
The system has defined a default period of delay in reporting alarms.

Fat AP and Cloud AP
Format
suppression alarm-name alarm-name { cause-period cause-seconds | clear-
period clear-seconds }
undo suppression alarm-name alarm-name { cause-period | clear-period }
Parameters
alarm-name Specifies the name of an The value is a string of 1 to 64
alarm for which the delay case-insensitive characters,
period is set. spaces not supported.
cause-period Specifies the period after The value is an integer
cause-seconds which a generated alarm is ranging from 0 to 600, in
reported. seconds.
clear-period Specifies the period after The value is an integer
clear-seconds which a generated recovery ranging from 0 to 600, in
alarm is reported. seconds.
Views
Alarm view
Default Level
Usage Guidelines
In the event that a certain alarm is repeatedly generated, you can enable delayed
alarm reporting and set a period after which the alarm is reported to prevent the
alarm from being reported during this period.
Before running the suppression alarm-name command, be sure that delayed
alarm reporting has been enabled.
After the period is set for a certain alarm:
● If no recovery alarm is generated during the period, the alarm is not reported
to the NMS until the period expires.
● If a recovery alarm is generated during this period, the alarm and its recovery
alarm are both deleted from the alarm queue and will not be reported to the
NMS.
The value of cause-period cause-seconds is irrelevant to the value of clear-period
clear-seconds. Each alarm or its recovery alarm has its own default delay period.
If the delay period is too short, alarm reporting is not efficiently delayed. If the
delay period is too long, alarm reporting is postponed and the time when the fault
occurs cannot be correctly obtained. For most alarms, the default delay period is
recommended. For common alarms, such as alarms about hardware and
environment, delayed alarm reporting is not recommended.

Fat AP and Cloud AP
If the delay period is changed when an alarm is being sent, the changed delay
period takes effect on the next alarm to be sent.
Example
# Set the period of hwFileError alarm reporting delay to 5 seconds.
[HUAWEI] alarm
[HUAWEI-alarm] delay-suppression enable
[HUAWEI-alarm] suppression alarm-name hwFileError cause-period 5
5.4.16 suppression event-name

Function
The suppression event-name command configures the period of delay in
reporting events.
The undo suppression event-name command restores the period of delay in
reporting events.
The system has defined a default period of delay in reporting events.
Format
suppression event-name event-name period seconds
undo suppression event-name event-name period
Parameters
event-name Specifies the name of The value is of

the event for which the enumeration type and
period of delay in varies according to the
reporting events is to be registered device type.
configured. NOTE
To view registered alarm
information, run the
display event information
command.
period seconds Specifies the period of The value is an integer

delay in reporting events. ranging from 0 to 600, in
seconds. When the value
is 0, the event is reported
to the NMS without
delay.
Views
Event view

Fat AP and Cloud AP
Default Level
Usage Guidelines
Usage Scenario
When an event is reported repeatedly, users can use the event reporting delay
function to prevent the event from being reported to the NMS. The suppression
event-name command configures the period of delay in reporting events.
After the event reporting delay function is enabled and the period of delay is
configured, the system discards the event that is generated several times during
the delay. When the delay expires, the system reports only the first event.
Prerequisites
The event reporting delay function has been enabled using the delay-suppression
enable command.
Precautions
● Each event can be configured with a period of reporting different delay. Run
the undo suppression event-name and display event information
commands in sequence to view the default period of reporting delay.
● During event reporting, if you change the period of delay in reporting events,
the new delay takes effect on the next alarm.
Example
# Set the period of delay in reporting the event named hwICLogfileNumberUpper
to 5 seconds.
[HUAWEI] event
[HUAWEI-event] delay-suppression enable
[HUAWEI-event] suppression event-name hwICLogfileNumberUpper period 5
5.5 Information Center Configuration Commands
5.5.1 display binlog-buffer
Function
The display binlog-buffer command displays logs recorded in the binlog buffer.
Format
display binlog-buffer [ level { emergency | error | info | warning } | module
module ]

Fat AP and Cloud AP
Parameters
level Specifies the level of logs to be
-
displayed.
emergency Displays logs of the emergency level. -
error Displays logs of the error level. -
info Displays logs of the info level. -
warning Displays logs of the warning level. -
module module Specifies the module of logs to be Select a module based

displayed. on the actual
situation.
Views
All views
Default Level
3: Management level
Usage Guidelines
If [ level { emergency | error | info | warning } | module module ] are not
specified, all logs in the binlog buffer are displayed.
Example
# Display logs of the info level in the binlog buffer.
<HUAWEI> display binlog-buffer level info
2018:01:01 11:09:04/informational/0/BSP BINLOG_CfgProc_Demo: test1 for DBG_PRINT int: 0 char : A
2018:01:01 11:09:04/informational/3/WIFI BINLOG_CfgProc_Demo: test1 for DBG_PRINT int: 3425 233 233
char : C
2018:01:01 11:09:04/informational/0/BSP BINLOG_CfgProc_Demo: test1 for DBG_PRINT int: 1 char : A
2018:01:01 11:09:04/informational/3/WIFI BINLOG_CfgProc_Demo: test1 for DBG_PRINT int: 3424 233 234
char : C
Table 5-20 Description of the display binlog-buffer command output
Item Description
2018:01:01 11:09:04/ Log generation time/Log level/Service

informational/0/BSP flow ID/Module name/Function name:
BINLOG_CfgProc_Demo: test1 for log description.
DBG_PRINT int: 0 char : A

Fat AP and Cloud AP
5.5.2 display binlog-buffer summary
Function
The display binlog-buffer summary command displays the usage of the binlog
memory buffer.
Format
display binlog-buffer summary
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
None.
Example
# Display the usage of the binlog memory buffer.
<HUAWEI> display binlog-buffer summary
-----------------------------------------------------------------------
Buffer Id Buffer Size(KB) Used Size(KB) Free Size(KB) Log Count
1 204 0 204 0
2 204 0 204 0
3 204 0 204 0
4 204 0 204 0
5 204 0 204 0
----------------------------------------------------------------------
Table 5-21 Description of the display binlog-buffer summary command output
Item Description
Buffer Id Buffer ID.
Buffer Size(KB) Buffer size, in KB.
Used Size(KB) Used buffer size, in KB.
Free Size(KB) Remaining buffer size, in KB.
Log Count Number of logs recorded in the buffer.

Fat AP and Cloud AP
5.5.3 display channel
Function
The display channel command displays the channel configuration.
Format
display channel [ channel-number | channel-name ]
Parameters
channel- Specifies the The value is an integer that ranges from 0 to

number number of a 9. That is, the system has 10 channels.
channel. Channels 0 to 5 have default names and the
six channels map to six different output
directions.
Table 5-22 shows the relationship between
channels and output directions.
channel-name Specifies the name The value is a string of 1 to 30 case-sensitive

of a channel. characters. The value consists of letters or
numbers and must start with a letter.
Table 5-22 Relationship between channel and output directions
Chan Default Output Description

nel Channel Direction
Numb Name
er
0 console console Console that can receive logs, traps, and

debugging messages.
1 monitor monitor VTY terminal that can receive logs, traps,

and debugging messages, which facilitates
remote maintenance.
2 loghost loghost Log host that can receive logs, traps, and
debugging messages. By default,
information is saved on the log host in file
format for easy reference.
3 trapbuffer trapbuffer Trap buffer that can receive traps.
4 logbuffer logbuffer Log buffer that can receive logs.
5 snmpagent snmpagent SNMP agent that can receive traps.

Fat AP and Cloud AP
Chan Default Output Description

nel Channel Direction
Numb Name
er
6 channel6 Unspecified Reserved. You can specify to which

destination this channel can output
information.

information.

information.
9 channel9 logfile Log file that can receive logs, traps, and
debugging messages. Information is saved
to the USB flash drive or SD card in file
format.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display channel command displays the channel configuration.
When using this command, note the following points:
● When channel-number or channel-name is specified, the display channel
command displays the specified channel that information passes through and
information severity.
● When channel-number or channel-name is not specified, the display channel
command displays all the channels that information passes through and
information severity.
Example
# Display the configuration of channel 0.
<HUAWEI> display channel 0
channel number: 0, channel name: console
MODU_ID NAME ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL
ffff0000 default Y warning Y debugging Y debugging
# Display the configuration of all channels.

<HUAWEI> display channel

Fat AP and Cloud AP

channel number: 1, channel name: monitor

channel number: 2, channel name: loghost

ffff0000 default Y informational Y debugging N debugging
channel number: 3, channel name: trapbuffer

ffff0000 default N informational Y debugging N debugging
channel number: 4, channel name: logbuffer

ffff0000 default Y warning N debugging N debugging
channel number: 5, channel name: snmpagent

ffff0000 default N debugging Y debugging N debugging
channel number: 6, channel name: channel6

ffff0000 default Y debugging Y debugging N debugging



Table 5-23 Description of the display channel command output

Item Description
channel number Channel number, which ranges from 0 to 9.
channel name Channel name. Table 5-22 lists default channel names.
To set the channel name, run the info-center channel
name command.
MODU_ID Module ID. The default value is ffff0000.
NAME Module name. The default value is default.

To set the module name, run the info-center source
channel command.
ENABLE Whether logs/traps/debugging messages are allowed to

pass through a channel:
● Y
● N
To specify the channel, run the info-center source channel
command.

Fat AP and Cloud AP
Item Description
LOG_LEVEL/ Lowest severity of output logs/traps/debugging messages.

TRAP_LEVEL/ The following severities are listed in descending order of
DEBUG_LEVEL priority:
● emergencies
● alert
● critical
● error
● warning
● notification
● informational
● debugging
To set the lowest severity of output logs, run the info-
center source channel command.
5.5.4 display debugging
Function
The display debugging command displays debugging messages allowed to be
sent by the device.
Format
display debugging [ interface interface-type interface-number ] [ module-
name ]
Parameters

interface Specifies the interface type and -
interface-type number.
interface-number
module-name Displays debugging messages sent by
Enumerated type.
a specified module such as the DHCP
The value depends
module. If this parameter is not
on the registered
specified, all debugging messages
module.
allowed to be sent are displayed.
Views
All views

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Debugging affects device performance. The display debugging command displays
debugging messages allowed to be sent by the AP.
Prerequisites
By default, sending debugging messages is prohibited. The debugging of a
specified module has been enabled.
Example
# Display debugging messages allowed to be sent by the AP.
<HUAWEI> debugging acl4 all
<HUAWEI> display debugging
ACL4 event debugging switch is on
ACL4 packet debugging switch is on
# Display debugging messages allowed by the ARP module.

<HUAWEI> display debugging arp
slot[0]:ARP packet debugging is on
5.5.5 display info-center

Function
The display info-center command displays the output configuration of the
information center.
Format
display info-center
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None

Fat AP and Cloud AP
Example
# Display output configuration of the information center.
<HUAWEI> display info-center
Information Center: enabled
Log host:
10.1.1.1, channel number: 2, channel name: loghost
language: english, host facility: local7
Console:
Monitor:
channel number: 1, channel name: monitor
SNMP Agent:
channel number: 5, channel name: snmpagent
Log buffer:
enabled
max buffer size: 1024, current buffer size: 512
current messages: 6, channel number: 4, channel name: logbuffer
dropped messages: 0, overwritten messages: 0
Trap buffer:
enabled
max buffer size: 1024, current buffer size: 256
current messages: 0, channel number: 3, channel name: trapbuffer
dropped messages: 0, overwritten messages: 0
Logfile:
channel number: 9, channel name: channel9, language: English
Information timestamp setting:
log - date, trap - date, debug - date
Sent messages = 25, Received messages = 25
Table 5-24 Description of the display info-center command output

Item Description
Information Center Information center status:

● enabled
● disabled
To enable the information center, run the info-center
enable command.
Log host Log host configuration.
10.1.1.1 Log host IP address.

To set the log host IP address, run the info-center
loghost command.
channel number Number of a channel used to output information.

To set the number of a channel used to output
information, run the info-center channel command.
channel name Name of a channel used to output information.

To set the name of a channel used to output information,
run the info-center channel name command.
language Language mode in which information is output to a log

host.

Fat AP and Cloud AP
Item Description
host facility Logging tool.

To configure the logging tool, run the info-center
loghost command.
Console Console configuration.
Monitor Remote terminal configuration.
SNMP Agent SNMP agent configuration.
Log buffer Log buffer configuration.
enabled Whether the AP is enabled to send logs/traps to the log/

trap buffer.
● enabled
● disabled
To enable the AP to send logs/traps to the log/trap buffer,
run the info-center logbuffer or info-center trapbuffer
command.
max buffer size Maximum number of logs/traps in the log/trap buffer.
current buffer size Maximum number of logs/traps in the current log/trap

buffer.
To set the maximum number of logs/traps in the current
log/trap buffer, run the info-center logbuffer size or
info-center trapbuffer size command.
current messages Number of messages recorded in the log/trap buffer.
dropped messages Number of messages discarded by the log/trap buffer.
overwritten Number of overwritten messages in the log/trap buffer.

messages
Trap buffer Trap buffer configuration.
logfile Log file configuration.

Fat AP and Cloud AP
Item Description
Information Timestamp format of logs, traps, and debugging

timestamp setting messages:
● boot: indicates that the timestamp is expressed in the
format of relative time, a period of time since system
start.
● date: indicates the current system date and time. It is
expressed in mm dd yyyy hh:mm:ss format.
● short-date: indicates the short date. This timestamp
differs from date is that the year is not displayed.
● format-date: indicates that the timestamp is expressed
in YYYY-MM-DD hh:mm:ss format.
● none: indicates that the output information does not
contain the timestamp.
To configure the timestamp format, run the info-center
timestamp command.
Sent messages Number of sent messages output by information center

modules.
Received messages Number of messages sent to information center modules.
5.5.6 display info-center filter-id

Function
The display info-center filter-id command displays information filtered by the
information center.
Format
display info-center filter-id [ id | bymodule-alias modname alias ]
Parameters
id Displays filtered information The value is an integer that
with the specified ID. ranges from 0 to
4294967295.

Fat AP and Cloud AP

bymodule-alias Displays filtered information Enumerated type. Set the
modname alias with the specified module name value according to the
and mnemonic symbol. device configuration.
● modname: specifies the
module name.
● alias specifies the mnemonic
symbol.
Views
All views
Default Level
Usage Guidelines
ID identifies each function module for log registration. An ID filter list is the
aggregation of the shielded IDs.
If id or bymodule-alias is not specified, all information is filtered.
To prevent output of specified information, run the info-center filter-id command
to add the ID to the filtering list, and then run the display info-center filter-id
command to check whether information with this ID is filtered.
Example
# Display filtered information with ID 3246215177.
<HUAWEI> display info-center filter-id 3246215177
ID : 3246215177
Module : 6OVER4
Alias : DEL_UPTUNN_FAIL
Content : Failed to delete the UPTUNNEL entry when processing ([STRING])
. (Interface=[STRING])
Filtered Number : 0
# Display all the IDs in the filter list.

<HUAWEI> display info-center filter-id
ID : 3221442627
Module : HA
Alias : DISCARDINBATCH
Content : The message was discarded because module batch doesn't begin.
(SourceModuleId=[ULONG], SourceModuleSubId=[ULONG], DestinationModuleId=[ULONG],
DestinationModuleSubId=[ULONG])
Filtered Number : 0
ID : 3246215177
Module : 6OVER4
Alias : DEL_UPTUNN_FAIL
Content : Failed to delete the UPTUNNEL entry when processing ([STRING])
. (Interface=[STRING])
Filtered Number : 0
ID : 3491254537

Fat AP and Cloud AP
Module : BGP
Alias : ADD_DELETED_ROUTE
Content : Add the route [STRING] that have other flags besides deleted f
lag [USHORT]
Filtered Number : 0
Table 5-25 Description of the display info-center filter-id command output
Item Description
ID Identifier to which each log corresponds.

To configure the AP to filter a log or trap with a
specified ID, run the info-center filter-id id
command.
Module Module name.

specified module name or alias name, run the
info-center filter-id bymodule-alias modname
alias command.
Alias Alias name.
specified module name or alias name, run the
info-center filter-id bymodule-alias modname
alias command.
Content Log message to which each log ID corresponds.
Filtered Number Number of times that the log to which the log
ID corresponds is filtered.
5.5.7 display info-center logfile path
Function
The display info-center logfile path command displays the path where log files
are saved.
Format
display info-center logfile path
Parameters
None
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
The display info-center logfile path command displays the path where log files
are saved. This command is used in the following scenarios:
● The information is output to the log file.
● The save logfile command is executed to save log files to the specified path.
Example
# Display the path where log files are saved.
<HUAWEI> display info-center logfile path
Info: Logfile save path is flash:/logfile
5.5.8 display info-center rate-limit record

Function
The display info-center rate-limit record command displays the suppression of
the log processing rate in the information center.
Format
display info-center rate-limit record
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display info-center rate-limit record command to view the real-
time suppression of the log processing rate in the information center.
Example
# Display the suppression of the log processing rate in the information center.
<HUAWEI> display info-center rate-limit record
Record No.1
InfoID : 417d5000
Module : 6OVER4
Alias : DESTFAIL

Fat AP and Cloud AP
Rate limit threshold : 50

Total receive number : 1872
Total drop number : 922
Total send number : 950
Begin timestamp : 2009-12-21 11:41:28
Table 5-26 Description of the display info-center rate-limit record command

output
Item Description
InfoID Indicates the ID of a log.
Module Indicates the name of a module.
Alias Indicates the mnemonic of a log.
Rate limit threshold Indicates the maximum number of logs set for
the information center to process every second.
Total receive number Indicates the total number of logs that are
generated during the latest suppression period.
Total drop number Indicates the total number of logs that are
discarded during the latest suppression period.
Total send number Indicates the total number of logs that the
information center process during the latest
suppression period.
Begin timestamp Indicates the timestamp signifying when the

suppression function is enabled for the last
time.
5.5.9 display info-center rate-limit threshold
Function
The display info-center rate-limit threshold command displays the threshold of
the log processing rate (maximum number of logs that the information center can
process every second).
Format
display info-center rate-limit threshold
Parameters
None
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
You can run the display info-center rate-limit threshold command to view the
threshold of the log processing rate.
The threshold information includes the default threshold contained in the released
version, the default threshold for the specified log ID, and the threshold set
through the command lines after the system startup.
Example
# Display the threshold of the log processing rate set for the information center.
<HUAWEI> display info-center rate-limit threshold
Rate limit threshold(per second):
Module Alias Default Config
default 50 50
Table 5-27 Description of the display info-center rate-limit threshold command

output
Item Description
Module Indicates the name of a module.
Alias Indicates the mnemonic of a log.
Default Indicates the default threshold of the log

processing rate.
Config Indicates the threshold of the log processing

rate set for the information center.
5.5.10 display info-center statistics
Function
The display info-center statistics command displays statistics on the information
center.
Format
display info-center statistics
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display info-center statistics command to view statistics on the
information center, including logs, traps, and debugging messages of each
module.
Example
# Display statistics on the information center.
<HUAWEI> display info-center statistics
Information statistics data:
ModuleID ModuleName LogNumber DiagLogNumber TrapNumber DebugNumber
c17d0000 6OVER4 0 0 0 0
c1500000 AAA 0 0 0 0
c06c0000 ACL 0 0 0 0
c0ef0000 ACL6 0 0 0 0
ff1e0000 ACLE 0 0 0 0
c0e70000 ADDR 0 0 0 0
ff120000 ADP_MSTP 0 0 0 0
ff2b0000 ADPIPV4 0 0 0 0
c1a80000 ANTIATTACK 0 0 0 0
c16e0000 ARP 0 0 0 0
c19d0000 ARPLINK 0 0 0 0
Table 5-28 Description of the display info-center statistics command output
Item Description
ModuleID Registered module ID.
ModuleName Name of the module that generates logs.
LogNumber Number of generated logs.
DiagLogNumbe Number of diagnostic logs.

r
TrapNumber Number of generated traps.
DebugNumber Number of generated debugging messages.
5.5.11 display log
Function
Using the display log command, you can query all the logs or a specified log.

Fat AP and Cloud AP
Format
display log [ cli | snmp ] index index1 [ index2 ]
display log [ cli | snmp ] { all | name username } [ start-date [ start-time ] [ –
end-date [ end-time ] ] ]
Parameters
cli Queries specified logs. -
snmp Queries network management logs. -
index index1 Indicates the index of the log to be Numeral type.

[ index2 ] queried. index1 is the start index of Range: 1-64.
the logs and index2 is the end index
of the logs. That is, the logs with the
index starting from index1 and
ending with index2 are displayed.
name username Queries logs by user name. It is a string of

1-15 characters.
all Queries logs of all users. -
[ start-date Sets the date and time when you start-date: The real
[ start-time ] [ – query logs by user name or query start date. Date
end-date [ end- logs of all users. format: yyyy-mm-
time ] ] ] dd.
start-time: The real
start time. Time
format: hh:mm:ss.
end-date: The real
end date. Date
format: yyyy-mm-
dd.
end-time: The real
end time. Time
format: hh:mm:ss.
Views
User view
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
● When querying logs by name or by all, you can also query these logs by
period.
● This command can be used to query logs of the user with the level the same
as yours or lower than yours.
● Use parameters to display operation information about different users in
different periods, for example, enter all to display the logs of all users.
● When a configuration is incorrect, a fault will occur. To locate the fault, run
this command to query logs to learn about basic information, such as the
name of the user who operates the system, the IP address of the user, the
specific time when the user performs an operation, and the detailed
operations.
Example
# Query logs with indexes from 1 to 10.
<HUAWEI> display log index 1 10
---------------------------------------------------------------------------
No. UserName Domain IP-Address
4 huawei123 -- 192.168.254.225
Time: 2014-05-20 04:55:34+00:00
Cmd: system-view
---------------------------------------------------------------------------
3 huawei123 -- 192.168.254.225
Time: 2014-05-20 04:55:32+00:00
Cmd: log on
---------------------------------------------------------------------------
2 huawei123 -- 192.168.254.216
Time: 2014-05-20 04:55:19+00:00
Cmd: log on
---------------------------------------------------------------------------
1 huawei123 -- 192.168.254.224
Time: 2014-05-20 04:54:28+00:00
Cmd: log on
---------------------------------------------------------------------------
# Query logs of all users within the period starting at 15:10:10 on 2013-07-31 and
ending at 20:20:10 on 2013-07-31.
<HUAWEI> display log all 2013-07-31 15:10:10 - 2013-07-31 20:20:10
---------------------------------------------------------------------------
4 admin -- 192.168.40.1
Time: 2013-07-31 17:10:06+08:00
Cmd: log off
---------------------------------------------------------------------------
3 admin -- 192.168.40.1
Time: 2013-07-31 16:40:13+08:00
Cmd: diagnose
---------------------------------------------------------------------------
2 admin -- 192.168.40.1
Time: 2013-07-31 16:40:12+08:00
Cmd: system-view
---------------------------------------------------------------------------
1 admin -- 192.168.40.1
Time: 2013-07-31 16:40:10+08:00

Fat AP and Cloud AP
Cmd: log on
---------------------------------------------------------------------------
Table 5-29 Description of the display log command output
Item Description
No. Serial number of each log. The serial

number is generated automatically by
the system.
UserName User name of the log
Time Detailed operation time of the user
IP-Address IP address of the user
Cmd Detailed operations of the user
Domain Domain name of the log
5.5.12 display log failure

Function
Using the display log failure command, you can query logs about configuration
failure.
Format
display log failure
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
● When a configuration fails, or you maintain the system, run this command to
query logs about configuration failure. After this command is executed
successfully, the system displays all the logs about configuration failure on the
command line interface (CLI).
● You can query configuration failure logs of the user with the level the same as
yours or lower than yours.

Fat AP and Cloud AP
Example
# Query a log about configuration failure in the system.
<HUAWEI> display log failure
---------------------------------------------------------------------------
56 -- 10.138.78.128
Time: 2007-08-25 16:42:10+00:00
Failure Cmd: info-center filter-id 3246215177
---------------------------------------------------------------------------
53 -- 10.138.78.128
Time: 2007-08-25 16:41:04+00:00
Failure Cmd: info-center filter-id 1098731530
---------------------------------------------------------------------------
52 -- 10.138.78.128
Time: 2007-08-25 16:40:51+00:00
Failure Cmd: undo info-center filter-id 1098731530
---------------------------------------------------------------------------
Table 5-30 Description of the display log failure command output
Item Description
No. Index of the log that records a

configuration failure
UserName User name
Domain Name of the domain where the user is

located
IP-Address IP address of the user
Time Time of the configuration failure

recorded by the log
Failure Cmd Operation that causes the configuration

failure recorded by the log
5.5.13 display logbuffer
Function
The display logbuffer command displays information recorded in the log buffer.
Format
display logbuffer [ size value | module module-name | level severity | security ] *
display logbuffer summary [ level severity ]
display logbuffer log-offset offset-value size value

Fat AP and Cloud AP
Parameters
size value Displays the specified The value is an integer

number of logs recently that ranges from 1 to
generated in the log 1024.
buffer.
module module-name Displays logs of a Enumerated type. The

specified module in the value depends on the
log buffer. registered module.
level severity Displays logs of specified Enumerated type. The

severity in the log buffer. value ranges from 0 to 7.
● 0: emergencies
● 1: alert
● 2: critical
● 3: error
● 4: warning
● 5: notification
● 6: informational
● 7: debugging
summary Displays the summary of -

logs in the log buffer.
log-offset offset-value Specifies logs of the The value is an integer

specified offset in the log that ranges from 0 to
buffer. 1024.
security Displays the security -

logs.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
● You can use the display logbuffer log-offset offset-value size size-value
command to view specified logs in the log buffer. For example, the log buffer
has 100 logs. To view the 20th to 50th logs in the log buffer, run the display
logbuffer log-offset 20 size 30 command.

Fat AP and Cloud AP
● Run the display logbuffer [ size value | module module-name | level

severity ] * command to view logs of specified number, module, or severity in
the log buffer. If size, module, or level is not specified, this command
displays all logs in the log buffer.
● You can run the display logbuffer summary command to view logs of
different severities in the log buffer.
Precautions
● When the number of logs in the log buffer is smaller than value, logs of the
actual number are displayed.
● When the number of logs in the log buffer is smaller than offset-value, the
system displays an error message.
● When the number of logs in the log buffer is larger than offset-value, the
system displays logs starting from offset-value plus one. The log quantity is
specified by size-value. If the log quantity is less than size-value, the system
displays all the logs starting from offset-value plus one.
Example
# Display all the logs in the log buffer.
<HUAWEI> display logbuffer
Logging buffer configuration and contents: enabled
Allowed max buffer size: 1024
Actual buffer size: 512
Channel number: 4, Channel name: logbuffer
Dropped messages: 0
Overwritten messages: 167
Current messages: 512
May 10 2012 13:42:59+00:00 huawei %%01DEFD/4/CPCAR_DROP_MPU(l)[0]:Some packets a

re dropped by cpcar on the MPU. (Packet-type=arp-request, Drop-
Count=912)
May 10 2012 13:32:59+00:00 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[1]:Some packets a
Count=684)
Count=684)
Count=912)
Count=684)
Count=684)
Count=912)
Count=684)
Count=684)
Count=912)
May 10 2012 12:02:59+00:00 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[10]:Some packet
s are dropped by cpcar on the MPU. (Packet-type=arp-request, Drop-

Fat AP and Cloud AP
Count=684)
Count=684)
Count=912)
Count=684)
Count=684)
Count=684)
May 10 2012 11:08:37+00:00 HUAWEI %%01IFPDT/4/IF_STATE(l)[16]:Interface Ethern
et5/0/2 has turned into UP state.
May 10 2012 11:08:37+00:00 HUAWEI %%01IFPDT/4/IF_STATE(l)[17]:Interface Ethern
May 10 2012 11:08:37+00:00 HUAWEI %%01IFNET/4/LINK_STATE(l)[18]:The line proto
col IP on the interface Vlanif20 has entered the UP state.
May 10 2012 11:08:37+00:00 HUAWEI %%01IFNET/4/IF_STATE(l)[19]:Interface Vlanif
20 has turned into UP state.
May 10 2012 11:08:37+00:00 HUAWEI %%01IFPDT/4/IF_STATE(l)[20]:Interface Ether
net5/0/0 has turned into UP state.
May 10 2012 11:08:34+00:00 HUAWEI %%01IFNET/4/IF_ENABLE(l)[21]:Interface Gigab
itEthernet5/0/0 has been available.
May 10 2012 11:08:34+00:00 HUAWEI %%01IFNET/4/IF_ENABLE(l)[22]:Interface Ether
net5/0/7 has been available.
May 10 2012 11:08:34+00:00 HUAWEI %%01IFNET/4/IF_ENABLE(l)[23]:Interface Ether
net5/0/6 has been available.
Table 5-31 Description of the display logbuffer command output

Item Description
Logging buffer configuration and Whether the AP is enabled to output

contents logs to the log buffer:
● enabled
● disabled
To configure the AP to output logs to
the log buffer, run the info-center
logbuffer command.
Allowed max buffer size Maximum size of the log buffer.
Actual buffer size Actual size of the log buffer.

To set the log buffer size, run the
info-center logbuffer size command.
Channel number Number of the channel used to send

logs to the log buffer.
To configure the number of a channel
used to send logs to the log buffer,
run the info-center channel
command.

Fat AP and Cloud AP
Item Description
Channel name Name of the channel used to send

logs to the log buffer.
To configure the name of a channel
used to send logs to the log buffer,
run the info-center channel name
command.
Dropped messages Number of dropped messages.
Overwritten messages Number of overwritten messages.
Current messages Number of current messages.
# Display the summary of information in the log buffer.

<HUAWEI> display logbuffer summary
EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 14 498 0 0 0
Table 5-32 Description of the display logbuffer summary command output

Item Description
EMERG Number of logs of emergency.
ALERT Number of logs of alert.
CRIT Number of logs of critical.
ERROR Number of logs of error.
WARN Number of logs of warning.
NOTIF Number of logs of notification.
INFO Number of logs of informational.
DEBUG Number of logs of debugging.
# Display 10 logs starting from log 16.

<HUAWEI> display logbuffer log-offset 15 size 10
Logging buffer configuration and contents: enabled
Channel number: 4, Channel name: logbuffer
Dropped messages: 0
May 10 2012 11:12:59+00:00 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[0]:Some packets are dropped

by cpcar on the MPU. (Packet-type=arp-request, Drop-
Count=684)
May 10 2012 11:08:37+00:00 HUAWEI %%01IFPDT/4/IF_STATE(l)[1]:Interface Ethernet5/0/2 has turned into
UP state.

Fat AP and Cloud AP
UP state.
May 10 2012 11:08:37+00:00 HUAWEI %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP on the interface
Vlanif20 has entered the UP state.
May 10 2012 11:08:37+00:00 HUAWEI %%01IFNET/4/IF_STATE(l)[4]:Interface Vlanif20 has turned into UP
state.
UP state.
May 10 2012 11:08:34+00:00 HUAWEI %%01IFNET/4/IF_ENABLE(l)[6]:Interface GigabitEthernet5/0/0 has
been available.
May 10 2012 11:08:34+00:00 HUAWEI %%01IFNET/4/IF_ENABLE(l)[7]:Interface Ethernet5/0/7 has been
available.
available.
available.
5.5.14 display logfile

Function
The display logfile command displays information about a log file.
Format
display logfile file-name [ offset | hex ] *
Parameters
file-name Specifies the log file name, which can The value is a string of 1 to
contain the drive and path. 64 case-insensitive
characters without spaces.
offset Displays the log file with the specified The value is an integer that
offset or byte. ranges from 0 to
2147483647.
hex Displays the log file in hexadecimal -

notation. If the parameter is not
specified, the log file is displayed in
text format.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When encountering problems, you can query log information to know about what
happened during device operation. This is helpful for fault location.

Fat AP and Cloud AP
If the version saved in a log file and the version generated by the system are
different, the log file is displayed in hexadecimal notation.
The file name is generated automatically by the system. The file name extension
of the log file is *.log or *.dblg. Generally, a log file name consists of a device
name and log. For example, if the device name is HW, the log file name is HW-
log.log or HW-log.dblg.
If the size of the current log file reaches the upper limit, the system automatically
saves the current log file as a compressed file with the extension *.log.zip or
*.dblg.zip, and names the compressed log file with the device name and current
system time. When the log file exceeds the specified size, excessive information is
stored in a new log file. For example, if the last log is recorded at 06:39:58 on May
2, 2018, the log file name is HW-2018-05 -02.06-39-58.log.zip or HW-2018-05
-02.06-39-58.dblg.zip, except in the following cases:
1. The AP restarts.
2. The system time changes.
The device name can be configured using the sysname host-name command.
Precautions
If the device name contains more than 100 characters, the log file name consists
of only the first 100 characters and the time when the last log is recorded.
If the device name contains special characters (including spaces), replace the
device name with capital letter X in the log file name. - and _ are not regarded as
special characters.
Example
# Display log information saved in the log file in a specified path.
<HUAWEI> display logfile flash:/logfile/HUAWEI-log.log
################################################################
# This logfile is generated at slot 0
################################################################
Apr 23 2018 11:06:51+00:00 HUAWEI IFNET/1/IF_PVCDOWN:OID 1.3.6.1.6.3.1.1.5.3 Int

erface 6 turned into DOWN state.(AdminStatus 1,OperStatus 2,InterfaceName Ethern
et0/0/1)
Apr 23 2018 11:06:51+00:00 HUAWEI %%01IFPDT/4/IF_STATE(l)[3487]:Interface Ethern
et0/0/1 has turned into DOWN state.
Apr 23 2018 11:06:53+00:00 HUAWEI IFNET/6/IF_PVCUP:OID 1.3.6.1.6.3.1.1.5.4 Inter
face 6 turned into UP state.(AdminStatus 1,OperStatus 1,InterfaceName Ethernet0/
0/1)
et0/0/1)
0/1)
et0/0/1)

Fat AP and Cloud AP

0/1)
# Display log information saved in the log file in hexadecimal notation.

<HUAWEI> display logfile flash:/logfile/HUAWEI-log.log hex
0d 0a 0d 0a 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
23 23 23 23 23 23 23 23 0d 0a 23 20 20 20 20 20 54 68 69 73
20 6c 6f 67 66 69 6c 65 20 69 73 20 67 65 6e 65 72 61 74 65
64 20 61 74 20 73 6c 6f 74 20 30 0d 0a 23 23 23 23 23 23 23
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0d 0a 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
5.5.15 display trapbuffer

Function
The display trapbuffer command displays information recorded in the trap buffer.
Format
display trapbuffer [ size value ]
Parameters
size value Displays the specified number of traps The value is an integer
recently generated in the trap buffer. If this that ranges from 1 to
parameter is not specified, all traps are 1024.
displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If the number of traps in the trap buffer is smaller than value, traps of the actual
number are displayed.

Fat AP and Cloud AP
Example
# Display all traps in the trap buffer.
<HUAWEI> display trapbuffer
Trapping buffer configuration and contents: enabled
Channel number: 3, Channel name: trapbuffer
Dropped messages: 0
#Sep 17 2012 17:09:47+00:00 huawei LLDP/4/NBRCHGTRAP:OID: 1.0.8802.1.1.2.0.0.1 N

eighbor information is changed. (LldpStatsRemTablesInserts=1, LldpStatsRemTables
Deletes=0, LldpStatsRemTablesDrops=0, LldpStatsRemTablesAgeouts=0)
#Sep 14 2012 20:03:40+00:00 huawei ENTITYTRAP/4/CPUUSAGERESUME:OID 1.3.6.1.4.1.2
011.5.25.219.2.14.2 CPU utilization resumed from exceeding the pre-alarm thresho
ld.(Index=9, HwEntityThresholdIndex=0, HwEntityPhysicalIndex=9, PhysicalName="SR
U Board 0", EntityThresholdType=1, EntityThresholdWarning=80, EntityThresholdCur
rent=23, EntityTrapFaultID=144896)
#Sep 14 2012 18:15:27+00:00 huawei LLDP/4/ADDCHGTRAP:OID: 1.3.6.1.4.1.2011.5.25.
134.2.5 Local management address is changed. (LocManIPAddr=10.1.1.9)
#Sep 14 2012 17:16:05+00:00 huawei ENTITYTRAP/4/CPUUSAGERESUME:OID 1.3.6.1.4.1.2
011.5.25.219.2.14.2 CPU utilization resumed from exceeding the pre-alarm thresho
ld.(Index=9, HwEntityThresholdIndex=0, HwEntityPhysicalIndex=9, PhysicalName="SR
U Board 0", EntityThresholdType=1, EntityThresholdWarning=80, EntityThresholdCur
rent=9, EntityTrapFaultID=144896)
# Display the first 10 records in the trap buffer.

<HUAWEI> display trapbuffer size 10
Trapping buffer configuration and contents: enabled
Channel number: 3, Channel name: trapbuffer
Dropped messages: 0
#May 7 2012 15:12:40+00:00 HUAWEI SECE/4/ARP_SIP_SPEEDLIMIT_ALARM:OID=1.3.6.1.4

.1.2011.5.25.165.2.2.2.11 The arp packet speed with source ip 10.137.216.1 excee
ds the speed-limit value 5.

Fat AP and Cloud AP

.1.2011.5.25.165.2.2.2.11 The arp packet speed with source ip 10.137.217.150 exc
eeds the speed-limit value 5.
.1.2011.5.25.165.2.2.2.11 The arp packet speed with source ip 10.137.217.62 exce
eds the speed-limit value 5.
Table 5-33 Description of the display trapbuffer command output
Item Description
Trapping buffer configuration and Whether the AP is enabled to output

contents traps to the trap buffer:
● enabled
● disabled
To enable the AP to output traps to
the trap buffer, run the info-center
trapbuffer command.
Allowed max buffer size Maximum size of the trap buffer.
Actual buffer size Actual size of the trap buffer.

To set the size of the trap buffer, run
the info-center trapbuffer size
command.
Channel number Number of the channel used to send

traps to the trap buffer.
To set the channel number, run the
info-center channel command.
Channel name Name of the channel used to send

traps to the trap buffer.
To set the channel name, run the
info-center channel name
command.
Dropped messages Number of discarded messages.
Overwritten messages Number of overwritten messages.

Fat AP and Cloud AP
Item Description
Current messages Number of current messages.
5.5.16 info-center channel

Function
The info-center channel command configures channels for outputting
information in various directions.
The undo info-center channel command restores the default settings.
By default, the system outputs information in various directions through channels
listed in the table below.
Table 5-34 Default association between the channel number, channel name, and
output direction of information channels
Channel Number Channel Name Output Direction
0 console Console
1 monitor User terminal
2 loghost Log host
3 trapbuffer Trap buffer
4 logbuffer Log buffer
5 snmpagent SNMP agent
6 channel6 Unspecified
9 channel9 Log file
Format
info-center { console | logbuffer | logfile | monitor | snmp | trapbuffer }
channel { channel-number | channel-name }
undo info-center { console | logbuffer | logfile | monitor | snmp | trapbuffer }
channel

Fat AP and Cloud AP
Parameters
console Specifies the channel used to output -
information to the console.
logbuffer Specifies the channel used to output -
information to the log buffer.
logfile Specifies the channel used to output -
information to the log file.
monitor Specifies the channel used to output -
information to the user terminal.
snmp Specifies the channel used to output -
information to the SNMP agent.
trapbuffer Specifies the channel used to output -
information to the trap buffer.
channel- Specifies the channel number. The value is an integer
number ranging from 0 to 9.
channel-name Specifies the name of a channel, The value is a string of
which can be the default channel 1 to 30 case-sensitive
name or a user-defined name. characters. The value
consists of letters or
numbers and must start
with a letter.
Views
System view
Default Level
Usage Guidelines
You can run the info-center channel command in the following scenarios: The
same information is sent to different directions. For example, the log file and log
host record the same content or the trap buffer and the SNMP agent record the
same content.
NOTE
For details on how to configure a channel for outputting information to a log host, see
info-center loghost.
Example
# Configure the channel used to output information to a console.
[HUAWEI] info-center console channel console

Fat AP and Cloud AP
# Configure the channel used to output information to the log buffer.

[HUAWEI] info-center logbuffer channel logbuffer
# Configure the channel used to output information to the log file.

[HUAWEI] info-center logfile channel 9
# Configure the channel used to output information to the user terminal.

[HUAWEI] info-center monitor channel monitor
# Configure the channel used to output information to an SNMP agent.

[HUAWEI] info-center snmp channel 5
# Configure the channel used to output information to the trap buffer.

[HUAWEI] info-center trapbuffer channel trapbuffer
5.5.17 info-center channel name
Function
The info-center channel name command names a channel with a specified
number.
The undo info-center channel command restores the default channel name.
The following table lists default channel names.
Table 5-35 Default channel names
Channel Number Default Channel Name
0 console
1 monitor
2 loghost
3 trapbuffer
4 logbuffer
5 snmpagent
6 channel6
7 channel7
8 channel8
9 channel9

Fat AP and Cloud AP
Format
info-center channel channel-number name channel-name
undo info-center channel channel-number
Parameters
channel- Specifies the number The value is an integer that ranges from
number of a channel. 0 to 9. That is, the system has 10
channels.
channel-name Specifies the name of The value is a string of 1 to 30 case-

a channel. sensitive characters. The value consists
of letters or numbers and must start
with a letter.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
You can rename channels, which facilitates memorization and usage.
Precautions
Channel names must be unique. It is recommended that channel names represent
channel functions.
Example
# Name channel 0 execconsole.
[HUAWEI] info-center channel 0 name execconsole
5.5.18 info-center enable

Function
The info-center enable command enables the information center.
The undo info-center enable command disables the information center.
By default, the information center is enabled.

Fat AP and Cloud AP
Format
info-center enable
undo info-center enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
During device running, the information center records device operation. The
system outputs system information to destinations such as the log host and the
console only after the information center is enabled. Network administrators can
store and query output information to monitor device running and locate faults.
Precautions
After the undo info-center enable command is executed, logs, traps, and
debugging messages are not recorded. The log about running the undo info-
center enable command is not recorded.
Follow-up Procedure
Configure a rule for outputting information to the terminal or remote server.
Example
# Enable the information center.
[HUAWEI] info-center enable
Info: Information center is enabled.
5.5.19 info-center filter-id
Function
The info-center filter-id command configures the AP to filter a specified log or
trap.
The undo info-center filter-id command disables the AP from filtering a specified
log or trap.
By default, no log or trap is filtered.

Fat AP and Cloud AP
Format
info-center filter-id { id | bymodule-alias modname alias } * &<1-50>
undo info-center filter-id { all | { id | bymodule-alias modname alias } *
&<1-50> }
Parameters
id Specifies the ID of the log or trap to The value is an integer
be filtered. that ranges from 0 to
NOTE 4294967295.
This parameter indicates the ID of a log.
If this parameter fails to be configured,
the log specified by this ID does not
exist.
bymodule- Specifies the module name and alias The value is an

alias modname name corresponding to the log or enumerated value and
alias trap to be filtered. must be set as prompted
by the device.
all Filters all logs or traps. -
Views
System view
Default Level
Usage Guidelines
Usage Scenario
If some logs or traps are unnecessary, configure the AP not to output the logs and
traps. When the filtering function is enabled, the information center does not send
the traps with a specified ID that satisfy the filtering condition to any channel. As
a result, the trap buffer, log file, console, terminal, or SNMP agent cannot receive
the traps with the specified ID.
An ID filter list is the aggregation of the shielded IDs and is arranged in a specified
order.
Precautions
● To add multiple IDs at a time, use a space to separate IDs. The result of each
ID is displayed.
● Currently, the AP can filter traps with a maximum of 50 IDs. If there are more
than 50 log IDs, the system displays a message indicating that the filtering
table is full. To configure the filtering function, run the undo info-center

Fat AP and Cloud AP
filter-id { all | { id | bymodule-alias modname alias } * &<1-50> } command

to delete original IDs and reconfigure the log ID.
● You cannot add the same ID or alias name repeatedly.
● When you add an unregistered or nonexistent ID or alias name, the system
displays a message indicating that the system fails to filter the trap with the
specified ID or alias name.
● You are advised to use the module name and alias to filter specified log
information. The id parameter can be obtained by running the display info-
center register-info [ module module-name ] log command, and the
modname and alias parameters can be obtained through the command
association function.
Example
# Filter the log with the ID of 1098731530.
[HUAWEI] info-center filter-id 1098731530
Info: Succeeded in appending log ID 1098731530.
# Filter information by module names and alias names.

[HUAWEI] info-center filter-id bymodule-alias CMD CLKCHGREBOOTCANCELED
Info: Succeeded in appending log ID 3225948163.
# Cancel filtering for all logs.

[HUAWEI] undo info-center filter-id all
Info: Succeeded in deleting all IDs.
5.5.20 info-center logbuffer

Function
The info-center logbuffer command enables the AP to send logs to the log
buffer.
The undo info-center logbuffer command disables the AP from sending logs to
the log buffer.
By default, the AP is enabled to send logs to the log buffer.
Format
info-center logbuffer [ channel { channel-number |channel-name } | size buffer-
size ] *
undo info-center logbuffer [ channel | size ]

Fat AP and Cloud AP
Parameters
channel channel- Specifies the number of The value is an integer

number the channel outputting ranging from 0 to 9,
logs to the log buffer. which indicates that the
system has ten channels
to output logs to the log
buffer.
channel channel-name Specifies the name of The name is a string of 1

the channel outputting to 30 case-insensitive
logs to the log buffer. characters, spaces not
supported.
size buffer-size Sets the size of the log The value is an integer
buffer. buffer-size that ranges from 0 to
specifies the number of 1024. The default value
messages stored in the is 512.
log buffer.
Views
System view
Default Level
Usage Guidelines
To view logs in the log buffer, run the info-center logbuffer command to enable
the AP to send logs to the log buffer.
Example
# Enable the AP to send logs to the log buffer.
[HUAWEI] info-center logbuffer
5.5.21 info-center logbuffer size

Function
The info-center logbuffer size command sets the maximum number of logs in
the log buffer.
The undo info-center logbuffer size command restores the default maximum
number of logs in the log buffer.
By default, a log buffer can store a maximum of 512 logs.

Fat AP and Cloud AP
Format
info-center logbuffer size logbuffer-size
undo info-center logbuffer size
Parameters
logbuffer-size Specifies the maximum The value is an integer that ranges
number of logs in the log from 0 to 1024. If logbuffer-size is 0,
buffer. logs are not displayed.
Views
System view
Default Level
Usage Guidelines
Precautions
When you run the info-center logbuffer size command multiple times, only the
latest configuration takes effect.
Example
# Set the maximum number of logs in the log buffer to 50.
[HUAWEI] info-center logbuffer size 50
5.5.22 info-center logfile path

Function
The info-center logfile path command configures the path where log files are
saved.
Format
info-center logfile path path

Fat AP and Cloud AP
Parameters
path Specifies the path where log files are Select the path according
saved, which is in the format of storage to device configuration.
medium name:/logfile, for example,
flash:/logfile.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
You can run the info-center logfile path command to set the path where log files
are saved. Then log files are saved into the path and the file name is log.log. To
view logs generated by the AP, run the save logfile command to save logs into a
specified file or configure the AP to export information into a specified log file.
Then run the display logfile command to view the log file.
Prerequisites
The information center has been enabled by using the info-center enable
command.
Example
# Configure the flash drive as the path where log files will be saved.
[HUAWEI] info-center logfile path flash:/logfile
5.5.23 info-center logfile size

Function
The info-center logfile size command sets the log file size.
The undo info-center logfile size command restores the default log file size.
By default, the log file size is 1 MB.
Format
info-center logfile size size
undo info-center logfile size

Fat AP and Cloud AP
Parameters
size Specifies the log file size. The value is an integer that is 1 or 2, in
MB. The default value is 1 MB.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To configure the AP to export information to a log file, run the info-center logfile
size command to set the log file size.
Precautions
If you configure the device to export information to a log file, exported

information is saved in the log.log file. When the log.log file exceeds the specified
size, the system compresses the file in to a zip package. When the storage space
on the AP is smaller than 1 MB, the information center deletes the earliest log file.
When the remaining storage space of the device is smaller than the log file size,
log information is saved in the log buffer to replace the existing logs but is not
saved to the device's storage space. Beside, you will fail to run the save logfile
command.
Example
# Set the log file size to 2 MB.
[HUAWEI] info-center logfile size 2
5.5.24 info-center loghost
Function
The info-center loghost command configures the device to output information to
a log host.
The undo info-center loghost command disables the device from outputting
information to a log host.
By default, no information is output to the log host.

Fat AP and Cloud AP
Format
info-center loghost ip-address [ channel { channel-number | channel-name } |
facility local-number | language language-name | port port | transport { udp |
tcp ssl-policy policy-name } ] *
info-center loghost domain domain-name [ channel { channel-number |
channel-name } | facility local-number | language language-name | port port |
transport { udp | tcp ssl-policy policy-name } ] *
undo info-center loghost ip-address
undo info-center loghost domain domain-name
Parameters
ip-address Specifies the IPv4 address of the The value is in dotted

log host. decimal notation.
channel Specifies the channel used to send The value of channel-

{ channel- information to a log host. number is an integer that
number | ranges from 0 to 9.
channel-name } ● channel-number : specifies the
number of a channel. The value of channel-name
● channel-name: specifies the is a string of 1 to 30 case-
name of a channel. The name sensitive characters. The
can be the default or user- value consists of letters or
defined channel name. numbers and must start
with a letter.
facility local- Specifies a syslog server facility The value ranges from
number that is used to identify the log local0 to local7. The
information source. You can use default value is local7.
this parameter to plan a local
value for the log information of a
specified device, so that the syslog
server can handle received log
information based on the
parameter.
language Displays the language in which The value is of the

language-name logs are recorded. enumerated type. The
default language mode is
English.

Fat AP and Cloud AP
port [ port ] Specifies the number of the port The value is an integer that
that sends logs. ranges from 1 to 65535.
The default value in UDP
transport mode is 514, the
default value in TCP
transport mode is 6514.
transport Indicates the information -

transport mode.
udp Indicates the UDP transport mode. -

NOTE
The default transport mode is UDP if
no transport mode is specified.
tcp Indicates the TCP transport mode. -

NOTE
The default transport mode is UDP if
no transport mode is specified.
ssl-policy Specifies a Secure Sockets Layer The value is a string of 1 to

policy-name (SSL) policy in the TCP transport 31 characters.
mode.
This parameter is recommended
to improve log transmission
security.
domain Specifies a DNS domain name of The value is a string of 1 to

domain-name a log host. 255 case-sensitive
characters, spaces not
supported.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To query information generated on the AP deployed remotely, configure the AP to
export information to a log host so that you can view device information on the
log host. Run the info-center loghost command to configure the AP to export

Fat AP and Cloud AP
To configure the AP to output information to different log hosts using different

channels, specify the channels used to send information to the log hosts. For
example, you can configure the AP to output information to log hosts at
192.168.0.1 and 192.168.0.2 using channels 7 and 8 respectively.
Prerequisites
The information center has been enabled using the info-center enable command
and the log host IP address has been obtained.
Precautions
The AP supports a maximum of eight log hosts to implement backup among log
hosts.
Example
# Configure a device to use channel 6 to output information to the log host at
10.1.1.1.
[HUAWEI] info-center loghost 10.1.1.1 channel channel6
# Configure a device to send information to the log host at 192.168.2.2 in TCP

mode, using the SSL policy huawei123 that has been created in the system.
[HUAWEI] info-center loghost 192.168.2.2 transport tcp ssl-policy huawei123
5.5.25 info-center loghost source

Function
The info-center loghost source command configures the source interface used by
the AP to send information to a log host.
The undo info-center loghost source command restores the default source
interface used by the AP to send information to a log host.
By default, the source interface is the interface that sends logs.
Format
info-center loghost source interface-type interface-number
undo info-center loghost source
Parameters
interface-type interface- Specifies the type and number of an -
number interface.
Views
System view

Fat AP and Cloud AP
Default Level
Usage Guidelines
Usage Scenario
If multiple devices send log messages to the same log host, you can identify the
devices by setting different source interfaces so as to index the received log
messages.
Prerequisites
There is a reachable route between the source interface and the log host.
Example
# Specify Loopback0 IP address as the source interface address to send
[HUAWEI] interface loopback 0
[HUAWEI-LoopBack0] ip address 10.1.1.1 255.255.255.0
[HUAWEI-LoopBack0] quit
[HUAWEI] info-center loghost source loopback 0
5.5.26 info-center loghost source-port

Function
The info-center loghost source-port command configures a source interface
through which the device sends information to the log host.
The undo info-center loghost source-port command deletes the configuration of
the source interface through which the device sends information to the log host.
By default, the source interface number is 38514.
Format
info-center loghost source-port source-port
undo info-center loghost source-port
Parameters
source-port Specifies the number of the source The value is an integer
interface through which the device sends ranging from 1025 to
information to the log host. 65535.
Views
System view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
To harden system security, run the info-center loghost source-port source-port
command to change the number of the source interface through which the device
sends information to the log host.
Example
# Change the number of the source interface through which the device sends
information to the log host to 1026.
[HUAWEI] info-center loghost source-port 1026
5.5.27 info-center max-logfile-number
Function
The info-center max-logfile-number command sets the maximum number of log
files to be saved.
The undo info-center max-logfile-number command restores the default

maximum number of log files to be saved.
By default, the AD9430DN-12 and AD9431DN-24X allow a maximum of 10 log

files to be saved, and other devices allow a maximum of 200 log files to be saved.
Format
info-center max-logfile-number filenumbers
undo info-center max-logfile-number
Parameters
filenumbers Specifies the maximum number of The value is an integer that

log files that can be saved. ranges from 2 to 500.
Views
System view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
If a large number of log files exist on the device, they may occupy a large amount
of disk space. To view log files generated recently, run the info-center max-
logfile-number command to set the maximum number of log files that can be
saved.
Precautions
If the number of log files generated on the device exceeds the maximum value,
the system deletes the earliest ones so that the number of log files is not larger
than the maximum value.
The operation.log file is out of the scope for the system to count the maximum
number of log files, and therefore is not automatically deleted.
NOTICE
If the number of saved log files is larger than the default value, more system
resources are consumed. The default value is recommended. Excess log files can
be deleted manually or automatically. When the system deletes them, high CPU
usage may last for a short period.
Example
# Set the maximum number of log files to be saved to 100.
[HUAWEI] info-center max-logfile-number 100
5.5.28 info-center rate-limit except
Function
The info-center rate-limit except command prevents logs with a specified log ID
from being suppressed by the information center.
The undo info-center rate-limit except command deletes the preceding

configuration.
Format
info-center rate-limit except { byinfoid infoID | bymodule-alias modname
alias }
undo info-center rate-limit except { byinfoid infoID | bymodule-alias modname

alias }

Fat AP and Cloud AP
Parameters
byinfoid infoID Specifies the log ID in The value is a string of 8
hexadecimal notation. characters. The value is in
hexadecimal notation, and the valid
characters include 0-9, a-f, and A-F.
bymodule- Specifies a log through a -

alias module name and a
mnemonic.
modname Specifies the name of the The value is a string of 1 to 24
module. characters without spaces.
alias Specifies the name of the The value is a string of 1 to 64
mnemonic. characters without spaces.
Views
System view
Default Level
Usage Guidelines
When too many logs will never generate under a specified ID, you can run the
info-center rate-limit except command to prevent logs with the specified log ID
from being suppressed by the information center. This can avoid the impact of the
suppression of the log processing rate. After the command is run, the information
center no longer monitor logs with the specified log ID.
Example
# Prevent logs specified by the module name and mnemonic from being
suppressed by the information center.
[HUAWEI] info-center rate-limit except bymodule-alias AAA AUTHEN_ERR_EVENT
# Prevent logs specified by the log ID from being suppressed by the information
center.
[HUAWEI] info-center rate-limit except byinfoid ff011015
# Prevent logs with a specified log ID from being suppressed by the information
center.
[HUAWEI] undo info-center rate-limit except bymodule-alias AAA AUTHEN_ERR_EVENT

Fat AP and Cloud AP
5.5.29 info-center rate-limit global-threshold
Function
The info-center rate-limit global-threshold command sets the total number of
logs that the information center can process every second.
The undo info-center rate-limit global-threshold command restores the default

value.
By default, the information center processes a maximum of 400 logs in every

second.
Format
info-center rate-limit global-threshold value
undo info-center rate-limit global-threshold
Parameters
value Specifies the maximum number of The value is an integer that

logs that the information center ranges from 100 to 1000. The
can process every second. default value is 400.
Views
System view
Default Level
Usage Guidelines
You can run the info-center rate-limit global-threshold command to set the
maximum number of logs that the information center can process every second.
This can adjust the processing capability of the information center. If the number
of logs to be processed exceeds the processing capability of the information
center, the extra logs are discarded.
NOTE
● If the threshold is too low, some logs may be discarded.

● If the threshold is too high, the information center cannot identify the log ID under
which too many logs are generated. The number of logs to be processed depends on the
current processing capacity of the information center.

Fat AP and Cloud AP
Example
# Set the number of logs that the information center can process every second to
300.
[HUAWEI] info-center rate-limit global-threshold 300
5.5.30 info-center rate-limit monitor-period
Function
The info-center rate-limit monitor-period command sets the monitoring period
for the information center to suppress the log processing rate.
The undo info-center rate-limit monitor-period command restores the default

value.
By default, the monitoring period is 3 seconds.
Format
info-center rate-limit monitor-period value
undo info-center rate-limit monitor-period
Parameters
value Specifies the monitoring period The value is an integer ranging
for the information center to from 1 to 60, in seconds. The
suppress the log processing rate. default value is 3.
Views
System view
Default Level
Usage Guidelines
The info-center rate-limit monitor-period command can be used to set a
monitoring period for the information center to limit the log processing rate.
● In the monitoring period specified by value, if the rate of sending a single log
every second exceeds info-center rate-limit threshold, the information
center will limit the log processing rate.
● Then, in the monitoring period which is five times value, if the number of a
single type of logs that are sent every second is smaller than info-center
rate-limit threshold, the information center will no longer limit the log
processing rate.

Fat AP and Cloud AP
Example
# Set the monitoring period for the information center to suppress the log
processing rate to 5 seconds.
[HUAWEI] info-center rate-limit monitor-period 5
5.5.31 info-center rate-limit threshold

Function
Using the info-center rate-limit threshold command, you can set the maximum
number of logs with the same log ID that the information center can process
every second.
Using the undo info-center rate-limit threshold command, you can restore the
default setting.
By default, the information center processes a maximum of 30 logs in a minute.
Format
info-center rate-limit threshold value [ byinfoid infoID | bymodule-alias
modname alias ]
undo info-center rate-limit threshold [ value ] [ byinfoid infoID | bymodule-
alias modname alias ]
Parameters
value Specifies the maximum The value is an integer that ranges

number of logs with the from 1 to 500. The default value is
same log ID that the 30.
information center can
process every second.
byinfoid infoID Specifies the log ID. The value is a string of 8 characters.
The value is in hexadecimal
notation, and the valid characters
include 0-9, a-f, and A-F.
bymodule-alias Specifies the name of the The value is a string of 1 to 24

modname module. characters without spaces.
alias Specifies the name of the The value is a string of 1 to 64

mnemonic. characters without spaces.
Views
System view

Fat AP and Cloud AP
Default Level
Usage Guidelines
You can run the info-center rate-limit threshold command to set the maximum
number of logs with the same log ID that the information center can process
every second. The information center monitors the number of logs that are
generated every second under the same log ID. When the number of logs that are
generated every second under the same log ID exceeds the threshold during the
monitoring period, the information center decides that too many logs are
generated and thus suppresses its log processing rate by processing only the
conforming traffic (logs within the threshold) and discarding the non-conforming
traffic (logs exceeding the threshold). When the number of logs that are
generated every second under the same log ID falls below the threshold and
remains below the threshold for five monitoring periods, the information center
removes the suppression.
NOTE
If the threshold value1 specified by the parameter byinfoid infoID or bymodule-alias

modname alias differs from the threshold value0 specified globally, value1 takes effect.
By default, the information center processes a maximum of 30 logs with the same
log ID in every second. In certain application scenarios, the information center is
required to process a maximum of more than 30 logs with the same log ID in
every second. You can set thresholds for logs with different log IDs.
NOTE
● If the threshold is too low, some logs may be discarded.

● If the threshold is too high, the information center cannot identify the log ID under
which too many logs are generated.
Example
# Set the maximum number of logs that the information center can process every
second to 60.
[HUAWEI] info-center rate-limit threshold 60
# Set the maximum number of logs identified by the same module name and
mnemonic that the information center can process every second to 30.
[HUAWEI] info-center rate-limit threshold 30 bymodule-alias AAA AUTHEN_ERR_EVENT
# Set the maximum number of logs with the same log ID that the information
center can process every second to 20.
[HUAWEI] info-center rate-limit threshold 20 byinfoid ff011015
# Restore the maximum number of logs that the information center can process
every second to the default value.
[HUAWEI] undo info-center rate-limit threshold
# Cancel the restriction on the maximum number of logs with a specified log ID
that the information center can process every second.

Fat AP and Cloud AP
[HUAWEI] undo info-center rate-limit threshold bymodule-alias AAA AUTHEN_ERR_EVENT
5.5.32 info-center source channel

Function
The info-center source channel command configures a rule for outputting
information to a channel.
The undo info-center source channel command restores the default rule for
outputting information to a channel.
The following lists the default rule for outputting information to a channel.
Table 5-36 Default rule for outputting information to a channel

Output Module Log Trap Debugging
Channe Enable Message
l d to
Output Status Lowest Status Lowest Status Lowest
Inform Output Output Output
ation Severit Severit Severit
y y y
0 default on warnin on debuggi on debuggi

(consol g ng ng
e)
1 default on warnin on debuggi on debuggi

(remote g ng ng
termina
l)
2 (log default on informa on debuggi off debuggi

host) tional ng ng
3 (trap default off informa on debuggi off debuggi

buffer) tional ng ng
4 (log default on warnin off debuggi off debuggi

buffer) g ng ng
5 default off debuggi on debuggi off debuggi

(SNMP ng ng ng
agent)
6 default on debuggi on debuggi off debuggi

(chann ng ng ng
el 6)

(chann ng ng ng
el 7)

Fat AP and Cloud AP
Output Module Log Trap Debugging

Channe Enable Message
l d to
Output Status Lowest Status Lowest Status Lowest
Inform Output Output Output
ation Severit Severit Severit
y y y

(chann ng ng ng
el 8)

(chann ng ng ng
el 9)
NOTE
The
output
directi
on of
channe
l 9 is
the
logfile.
Format
info-center source { module-name | default } channel { channel-number |
channel-name } [ log { state { off | on } | level severity } * | trap { state { off |
on } | level severity } * | debug { state { off | on } | level severity } * ] *
undo info-center source { module-name | default } channel { channel-number |

channel-name }
Parameters

module-name Specifies the module Enumerated type. The value
name. depends on the registered
module.
default Indicates the default -
module.
channel-number Specifies the number of The value is an integer that
a channel. ranges from 0 to 9.
channel-name Specifies the name of a The value is a string of 1 to 30
channel. case-sensitive characters. The
value consists of letters or
numbers and must start with a
letter.

Fat AP and Cloud AP

log { state { off | Specifies the log status. -
on } } ● off: Logs are not sent.
● on: Logs are sent.
log { level Specifies the lowest Logs are classified into eight
severity } severity of output logs. severities. The following severities
are listed in descending order of
priority:
● emergencies
● alert
● critical
● error
● warning
● notification
● informational
● debugging
trap { state { off | Specifies the trap status: -

on } } ● off: Traps are not
sent.
● on: Traps are sent.
trap { level Specifies the lowest Logs are classified into eight
severity } severity of output traps. severities. The following severities
are listed in descending order of
priority:
● emergencies
● alert
● critical
● error
● warning
● notification
● informational
● debugging
debug { state Specifies the debugging -

{ off | on } } message status.
● off: Debugging
messages are not
sent.
● on: Debugging
messages are sent.

Fat AP and Cloud AP

debug { level Specifies the lowest Logs are classified into eight
severity } severity of output severities. The following severities
debugging messages. are listed in descending order of
priority:
● emergencies
● alert
● critical
● error
● warning
● notification
● informational
● debugging
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To collect and query information generated on the AP, define severities for various
types of information that is output to different channels. You can run the info-
center source channel command to configure a rule for outputting information
to a channel.
The following lists information severities.
Table 5-37 Information severities

Value Severity Description
0 emergencies A fault causes the device to fail to run normally

unless it is restarted. For example, the device is
restarted because of program exceptions or a
memory error is detected.
1 alert A fault needs to be rectified immediately. For

example, memory usage of the system reaches the
upper limit.

Fat AP and Cloud AP
Value Severity Description
2 critical A fault needs to be analyzed and processed. For

example, the memory usage falls below the lower
threshold; temperature falls below the alarm
threshold; BFD detects that a device is unreachable
or detects locally generated error messages.
3 error An improper operation is performed or exceptions

occur during service processing. The fault does not
affect services but needs to be analyzed. For
example, users enter incorrect commands or
passwords; error protocol packets are received from
other devices.
4 warning Some events or operations may affect device

running or cause service processing faults, which
requires full attention. For example, a routing
process is disabled; BFD detects packet loss; error
protocol packets are detected.
5 notification A key operation is performed to keep the device

running normally. For example, the shutdown
command is run; a neighbor is discovered; protocol
status changes.
6 informationa A normal operation is performed. For example, a

l display command is run.
7 debugging A normal operation is performed, which requires no

attention.
Precautions
Each information channel has a default record with the module name default.
The default configuration for logs, traps, and debugging messages in different
channels may differ.
If a module generates a large number of logs, traps, or debugging messages in a
short time, use the following methods to suppress this information:
● Specify level severity to adjust the channel level. Information with lower
severity will be filtered.
● Specify state off to disable information sent by a specified module.
NOTICE
After the lowest severity of output information is specified, information lower than
the severity will be filtered.

Fat AP and Cloud AP
Example
# Configure the device to send logs higher than or equal to warning of the CFM
module.
[HUAWEI] info-center source CFM channel snmpagent log level warning
5.5.33 info-center statistic-suppress enable

Function
The info-center statistic-suppress enable command enables suppression of
statistics about consecutive repeated logs.
The undo info-center statistic-suppress enable command disables suppression
of statistics about consecutive repeated logs.
By default, suppression of statistics about consecutive repeated logs is enabled.
Format
info-center statistic-suppress enable
undo info-center statistic-suppress enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
In the system, service modules generate logs and control the volume of generated
logs. The information center processes the received logs.
A large number of repeated logs are generated in a short time in some scenarios,
for example, when ARP and ACL are enabled. This wastes both the storage space
and CPU resources. Generally, users do not want to view the repeated logs. You
can run the info-center statistic-suppress enable command to suppress statistics
on consecutive repeated logs so that the system can still record other logs.
Precautions
Statistics about repeatedly generated logs are first output at the 30th seconds
from the time the first log is output, and then statistics about repeatedly
generated logs are output at the 120th seconds. After being output two times,
statistics about repeatedly generated logs are output every 600 seconds.

Fat AP and Cloud AP
Example
# Disable suppression of statistics about consecutive repeated logs.
[HUAWEI] undo info-center statistic-suppress enable
5.5.34 info-center timestamp
Function
The info-center timestamp command sets the timestamp format of logs, traps,
and debugging messages.
The undo info-center timestamp command restores the default timestamp

format of logs, traps, and debugging messages.
By default, the timestamp format of logs, traps, and debugging messages is date.
Format
info-center timestamp debugging { { date | short-date | format-date }
[ precision-time { tenth-second | second } ] | boot | none }
info-center timestamp log { { date | short-date | format-date } [ precision-

time { tenth-second | millisecond } ] | boot | none }
info-center timestamp trap { { date | short-date | format-date } [ precision-

time { tenth-second | millisecond } ] | boot | none }
undo info-center timestamp { debugging | trap | log }
Parameters
debugging Indicates debugging messages. -
log Indicates logs. -
trap Indicates traps. -
boot Indicates that the timestamp is expressed in the format -

of relative time, a period of time since the start of the
system. The format is xxxxxx.yyyyyy. xxxxxx is the higher
order 32 bits of the milliseconds elapsed since the start
of the system; yyyyyy is the lower order 32 bits of the
milliseconds elapsed since the start of the system.
date Specifies the current date and time. It is expressed in mm -

dd yyyy hh:mm:ss format.

Fat AP and Cloud AP
none Indicates that the output information does not contain -

the timestamp.
short-date Indicates the short date. This timestamp differs from -

date is that the year is not displayed.
format-date Indicates that the timestamp is expressed in YYYY-MM- -

DD hh:mm:ss format.
precision-time Specifies the precision. -
second Indicates that the precision is accurate to seconds. -
tenth-second Indicates that the precision is accurate to 0.1 seconds. -
millisecond Indicates that the precision is accurate to milliseconds. -
Views
System view
Default Level
Usage Guidelines
The info-center timestamp command sets the timestamp format of logs, traps,
and debugging messages.
The following describes the timestamp in date format.
Table 5-38 Description of fields of the timestamp in date format
Field Description Value
mm Month The value can be Jan, Feb, Mar, Apr, May, Jun,
Jul, Aug, Sep, Oct, Nov, or Dec.
dd Date 1-31. If the date is smaller than 10, add a space

in front of the date, For example, " 7".
yyyy Year 4 digits
hh:mm:ss Local time hh ranges from 00 to 23, and mm or ss ranges

from 00 to 59.

Fat AP and Cloud AP
When the precision of the timestamp is accurate to 0.1 second or milliseconds, the
system adds identifies to the logs generated at the same time based on the
sequence.
Prerequisites
command.
Example
# Set the timestamp format of traps to boot.
[HUAWEI] info-center timestamp trap boot
# Set the timestamp precision of logs, traps, and debugging messages.

[HUAWEI] info-center timestamp log date precision-time millisecond
[HUAWEI] info-center timestamp debugging date precision-time tenth-second
[HUAWEI] info-center timestamp trap date precision-time millisecond
5.5.35 info-center trapbuffer
Function
The info-center trapbuffer command enables the AP to send traps to the trap
buffer.
The undo info-center trapbuffer command disables the AP from sending traps to
the trap buffer.
By default, the AP is enabled to send traps to the trap buffer.
Format
info-center trapbuffer [ channel { channel-number | channel-name } | size
buffer-size ] *
undo info-center trapbuffer [ channel | size ]
Parameters

channel Sets the channel number for In the range of 0 to 9. That is,
channel-number outputting information to the system has 10 channels.
the alarm buffer.
channel Sets the channel name for The name is a string of 1 to 30
channel-name outputting information to case-insensitive characters
the alarm buffer. without spaces, hyphens (-),
slashes (\), and anti-slashes (/).

Fat AP and Cloud AP

size buffer-size Sets the size of the alarm The value is in the range of 0
buffer (the number of to 1024.
information in the buffer).
Views
System view
Default Level
Usage Guidelines
To view traps in the trap buffer, run the info-center trapbuffer command to
enable the AP to send traps to the trap buffer.
Example
# Enable the AP to send traps to the trap buffer.
[HUAWEI] info-center trapbuffer
5.5.36 info-center trapbuffer size
Function
The info-center trapbuffer size command sets the maximum number of traps in
the trap buffer.
The undo info-center trapbuffer size command restores the default maximum
number of traps in the trap buffer.
By default, a trap buffer allows a maximum of 256 traps.
Format
info-center trapbuffer size trapbuffer-size
undo info-center trapbuffer size
Parameters

trapbuffer-size Specifies the maximum The value is an integer that ranges
number of traps in the from 0 to 1024. If trapbuffer-size is 0,
trap buffer. traps are not displayed.

Fat AP and Cloud AP
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The info-center trapbuffer size command sets the maximum number of traps in
the trap buffer.
Prerequisites
The AP has been enabled to output traps to the trap buffer by using the info-
center trapbuffer command.
Precautions
When you run the info-center trapbuffer size command multiple times, only the
If a small value of trapbuffer-size is used, some traps may be not displayed. If a

large value of trapbuffer-size is used, repeated traps may be displayed. The default
value of trapbuffer-size is recommended.
Example
# Set the maximum number of traps in the trap buffer to 30.
[HUAWEI] info-center trapbuffer size 30
5.5.37 reset info-center statistics
Function
The reset info-center statistics command clears statistics on each module.
Format
reset info-center statistics
Parameters
None
Views
User view

Fat AP and Cloud AP
Default Level
Usage Guidelines
Usage Scenario
To collect statistics on each module again, run the reset info-center statistics
command to clear all historical statistics.
Precautions
The cleared statistics cannot be restored. Exercise caution when you run the reset
info-center statistics command.
Example
# Clear statistics on each module.
<HUAWEI> reset info-center statistics
5.5.38 reset logbuffer

Function
The reset logbuffer command clears logs in the log buffer.
Format
reset logbuffer
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To record logs in the log buffer again, run the reset logbuffer command to clear
all the information in the log buffer.
Precautions
Statistics cannot be restored after being cleared. Exercise caution when you run
the reset logbuffer command.

Fat AP and Cloud AP
Example
# Clear information in the log buffer.
<HUAWEI> reset logbuffer
Warning: This command will reset the log buffer. Logs in the buffer will be lost
. Continue? (y/n)[n]:y
5.5.39 reset trapbuffer
Function
The reset trapbuffer command clears Trap information in the trap buffer.
Format
reset trapbuffer
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To record traps in the trap buffer again, run the reset trapbuffer command to
clear all the information in the trap buffer.
Precautions
Statistics cannot be restored after being cleared. Exercise caution when you run
the reset trapbuffer command.
Example
# Clear information in the trap buffer.
<HUAWEI> reset trapbuffer
5.5.40 save logfile
Function
The save logfile command saves logs in the log file buffer to a log file.

Fat AP and Cloud AP
Format
save logfile
Parameters
None
Views
User view
Default Level
0: Visit level
Usage Guidelines
Usage Scenario
To reduce the number of times information is written into the storage device,
information generated on the AP is saved into the log buffer before the
information is saved into the log file. When the log file buffer is full, the system
saves the logs in the log file buffer to the log file. You can also run the save
logfile command to save the logs in the log file buffer to the log file. After the log
file is generated, the system clears logs in the log file buffer to save new logs.
Prerequisites
The path to save log files has been set by using the info-center logfile path
command.
Precautions
When you run this command, the device obtains or uses some personal data of
users, such as the STA MAC address. Delete the personal data immediately after
the command is executed to ensure user data security.
When this command is executed on a device supporting binlogs, binlogs and data
dictionary information are also saved.
Example
# Save logs in the log file buffer to the log file.
<HUAWEI> save logfile
5.5.41 terminal debugging

Function
The terminal debugging command enables debugging message display on the
user terminal.
The undo terminal debugging command disables debugging message display on
the user terminal.

Fat AP and Cloud AP
By default, debugging message display is disabled on the user terminal.
Format
terminal debugging
undo terminal debugging
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the terminal debugging command to enable debugging message
display on the user terminal to view system debugging message and locate faults.
Prerequisites
The terminal monitor command has been executed to enable display of logs,
traps, and debugging message output on the user terminal.
Example
# Enable debugging message display on the user terminal.
<HUAWEI> terminal debugging
Info: Current terminal debugging is on.
5.5.42 terminal logging
Function
The terminal logging command enables log display on the user terminal.
The undo terminal logging command disables log display on the user terminal.
By default, log display is enabled on the user terminal.
Format
terminal logging
undo terminal logging

Fat AP and Cloud AP
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To view logs on a terminal, run the terminal logging command to enable log
display on the user terminal.
Prerequisites
Example
# Disable log display on the user terminal.
<HUAWEI> undo terminal logging
Info: Current terminal logging is off.
5.5.43 terminal monitor

Function
The terminal monitor command enables display of logs, traps, and debugging
message output by the information center on the user terminal.
The undo terminal monitor command disables display of logs, traps, and
debugging message output by the information center on the user terminal.
By default, terminal display is disabled.
Format
terminal monitor
undo terminal monitor
Parameters
None
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Prerequisites
command.
Follow-up Procedure
Run the terminal debugging/undo terminal debugging, terminal logging/undo
terminal logging, terminal trapping/undo terminal trapping/ command to
enable or disable terminal debugging message, log, or trap display.
Precautions
Logs, traps, and debugging message are sent to the current terminal only when
the terminal monitor command is used.
Running the undo terminal monitor command is equivalent to running the undo
terminal debugging, undo terminal logging, undo terminal trapping
command.
Example
# Disable display of logs, traps, and debugging message output by the
information center on the user terminal.
<HUAWEI> undo terminal monitor
Info: Current terminal monitor is off.
5.5.44 terminal trapping

Function
The terminal trapping command enables trap display on the user terminal.
The undo terminal trapping command disables trap display on the user terminal.
By default, trap display is enabled on the user terminal.
Format
terminal trapping
undo terminal trapping
Parameters
None
Views
User view

Fat AP and Cloud AP
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To view traps on a terminal, run the terminal trapping command to enable trap
display on the user terminal.
Prerequisites
Example
# Disable trap display on the user terminal.
<HUAWEI> undo terminal trapping
Info: Current terminal trapping is off.
5.6 NTP Configuration Commands
5.6.1 display ntp-service sessions

Function
The display ntp-service sessions command displays all session information
maintained by NTP on the local end.
Format
display ntp-service sessions [ verbose ]
Parameters
verbose Displays detailed information about an NTP session. -

If verbose is not specified, only summary information about
the NTP session is displayed.
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
Run the display ntp-service sessions command. If the verbose option is not
specified, only summary information about a session is displayed.
Example
# Display NTP session information of the local device.
<HUAWEI> display ntp-service sessions
clock source: 10.1.1.1
clock stratum: 1
clock status: configured, insane, valid, unsynced
reference clock ID: LOCAL(0)
reach: 0
current poll: 64
now: 9
offset: 0.0000 ms
delay: 0.00 ms
disper: 0.00 ms
Table 5-39 Description of the display ntp-service sessions command output

Item Description
clock source Address of the clock source.
clock stratum Stratum of the clock source.

The clock stratum determines the
precision of the clock, and its value
ranges from 1 to 16. The higher the
stratum value, the lower the clock
precision. The value 1 indicates the
highest precision, and the value 16
indicates the lowest precision. The
clock with stratum 16 is in the
unsynchronized status, and cannot be
used as a reference clock.

Fat AP and Cloud AP
Item Description
clock status Status of a clock, where

● configured: indicates that the
session is set up by a configuration
command.
● master: indicates that the clock
source corresponding to the session
is the primary clock source of the
current system.
● selected: indicates that the clock
passes the clock selecting
algorithm.
● candidate: indicates that the clock
is a candidate clock source.
● sane: indicates that the clock source
corresponding to the session passes
the saneness test.
● insane: indicates that the clock
does not pass the saneness test.
● valid: indicates that the clock source
corresponding to the session is
valid. The clock source
corresponding to the session passes
the test, is in a synchronized status
and is of an effective stratum. The
root delay and the root dispersion
are within the normal range.
● invalid: indicates that the clock
is invalid.
● unsynced: indicates that the clock
is not yet synchronized or the
stratum is invalid.
reference clock ID When the local system has been

synchronized to a remote NTP server
or a clock source, the address of the
remote server or the identifier of the
clock source is displayed.
reach Reachability count of the clock source.

The value 0 indicates that the clock
source is unreachable.

Fat AP and Cloud AP
Item Description
current poll Poll interval of NTP packets. The

interval for sending two successive
NTP packets, in seconds.
To set the poll interval, run the ntp-
service discard min-interval
command.
now Interval between the last

synchronization and the current time.
offset Offset to the superior clock source.
delay Delay to the superior clock source.
disper Dispersion to the superior clock source.
# Display detailed information about NTP sessions on the local device.

<HUAWEI> display ntp-service sessions verbose
clock source: 10.1.1.1
clock stratum: 7
clock status: configured, master, sane, valid
local mode: client, local poll: 6
peer mode: server, peer poll: 6
offset: 0.0000 ms,delay: 0.00 ms, disper: 0.02 ms
root delay: 0.00 ms, root disper: 10.00 ms
reach: 1, sync dist: 0.010, sync state: 2
precision: 2^17, version: 3, peer interface: InLoopBack0
reftime: 04:47:44.921 UTC Jan 1 2008(CB244470.EBD74D59)
orgtime: 04:47:44.921 UTC Jan 1 2008(CB244470.EBD74D59)
rcvtime: 04:47:44.921 UTC Jan 1 2008(CB244470.EBDC69F8)
xmttime: 04:47:44.921 UTC Jan 1 2008(CB244470.EBD4280A)
filter delay : 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filter offset: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filter disper: 0.00 0.00 16.00 16.00 16.00 16.00 16.00 16.00
reference clock status: normal
Table 5-40 Description of the display ntp-service sessions verbose command

output
Item Description
clock source Address of the clock source.
clock stratum NTP stratum on which the local system is located.

Fat AP and Cloud AP
Item Description
clock status Status of a clock, where

● configured: indicates that the session is set up by a
configuration command.
● master: indicates that the clock source corresponding
to the session is the primary clock source of the
current system.
● selected: indicates that the clock source corresponding
to the session passes the clock selecting algorithm.
● candidate: indicates that the clock source
corresponding to the session is a candidate clock
source.
● sane: indicates that the clock source corresponding to
the session passes the saneness test.
● insane: indicates that the clock source corresponding
to the session does not pass the saneness test.
● valid: indicates that the clock source corresponding to
the session is valid. The clock source corresponding to
the session passes the test, is in a synchronized status
and is of an effective stratum. The root delay and the
root dispersion are within the normal range.
● invalid: indicates that the clock source corresponding
to the session is invalid.
● unsynced: indicates that the clock source
corresponding to the session is not yet synchronized or
the stratum is invalid.
reference clock ID When the local system has been synchronized to a

remote NTP server or a clock source, the address of the
remote server or the identifier of the clock source is
displayed. When the server is located on a certain VPN,
the name of the VPN instance is displayed.
local mode Local system mode.
peer mode Peer system mode.
local poll Local polling mode.
peer poll Peer polling mode.
offset Offset to the superior clock source.
delay Delay to the superior clock source.
disper Dispersion to the superior clock source.

Fat AP and Cloud AP
Item Description
root delay Total system delay between the local end and the master
reference clock. The default value is 0.
If the value of root delay or root disper is large, clock
synchronization may fail. A larger value indicates that the
packet takes a longer time to reach the local device from
the master reference clock. Therefore, the local device
cannot determine whether the time in the packet is
correct.
root disper System dispersion of the local end to the master

reference clock. The default value is 0.
If the value of root delay or root disper is large, clock
synchronization may fail. A larger value indicates that the
packet takes a longer time to reach the local device from
the master reference clock. Therefore, the local device
cannot determine whether the time in the packet is
correct.
reach Reachability mark, indicating the reachability to the clock

source.
sync dist Synchronization distance to the superior clock source.

This parameter evaluates and describes the clock source,
and NTP chooses the clock source with the shortest
synchronization distance.
sync state Synchronization state:

● 0: The clock has never been synchronized.
● 1: Frequency information is obtained from
● 2: The clock is set.
● 3: The clock is set, but the frequency is not yet
determined.
● 4: The clock is synchronized.
● 5: An error is found.
precision Precision of a peer clock.
version NTP version.
peer interface Peer interface.
reftime Reference timestamp.
orgtime Time when an NTP packet is sent for the last time.
rcvtime Time when an NTP packet is received for the last time.
xmttime Time when an NTP packet is forwarded for the last time.
filter delay Filter delays of the 8 packets received for the last time.

Fat AP and Cloud AP
Item Description
filter offset Filter offsets of the 8 packets received for the last time.
filter disper Filter dispersions of the 8 packets received for the last
time.
reference clock The status of the reference clock, including:

status ● normal: indicates that the peer clock is reachable.
● abnormal: indicates that the peer clock is unreachable.
5.6.2 display ntp-service status

Function
The display ntp-service status command displays the status of NTP.
Format
display ntp-service status
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Based on the displayed status of the NTP service, you can know the
synchronization status and stratum of the local system clock.
Example
# Display the status of the NTP service.
<HUAWEI> display ntp-service status
clock status: synchronized
clock stratum: 2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 15:51:36.259 UTC Apr 25 2012(C6179088.426490A3)

Fat AP and Cloud AP
Table 5-41 Description of the display ntp-service status command output
Item Description
clock status Status of the clock:

● synchronized: indicates that the local system clock is
synchronized with an NTP server or a reference clock.
● unsynchronized: indicates that the local system clock is
not synchronized with any NTP server.
clock stratum Stratum of the local system clock.
reference clock Reference clock:

ID ● If the local system clock has been synchronized with a
remote NTP server or a reference clock, this field displays
the IP address of the remote NTP server or the identifier
of the reference clock.
● If the local system clock functions as a reference clock,
this field displays "Local".
● If clock status is unsynchronized, this field displays
"None".
nominal Nominal frequency of the local system clock.

frequency
actual frequency Actual frequency of the local system clock.
clock precision Precision of the local system clock.
clock offset Offset between the local system clock and the NTP server.
root delay Total delay between the local system clock and the master
reference clock.
root dispersion Total dispersion between the local system clock and the
master reference clock.
peer dispersion Dispersion between the local system clock and the remote
NTP peer.
reference time Reference timestamp.
5.6.3 display ntp-service trace
Function
The display ntp-service trace command displays the trace path of reference clock
source from the local device.
Format
display ntp-service trace

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When you run the display ntp-service trace command, summary information of
NTP servers for synchronizing time on the link from the local device to the
reference clock source can be displayed.
Example
# Display the summary of each passing NTP server when you trace the reference
clock source from the local device.
<HUAWEI> display ntp-service trace
server 127.0.0.1,stratum 5, offset 0.024099, synch distance 0.06337
refid 127.127.1.0
Table 5-42 Description of the display ntp-service trace command output
Item Description
server IP address of the NTP server.
stratum Stratum of the clock on the NTP server.
offset Offset to the superior reference clock.
synch distance Synchronization distance to the superior reference clock.

This parameter evaluates and describes the reference
clock and NTP chooses the reference clock with the
shortest synchronization distance.
refid Reference clock source.
5.6.4 ntp-service access

Function
The ntp-service access command sets the access control authority of the local
NTP.

Fat AP and Cloud AP
The undo ntp-service access command cancels the configured access control
authority.
By default, no access control authority is set.
Format
ntp-service access { peer | query | server | synchronization } acl-number
undo ntp-service access { peer | query | server | synchronization }
Parameters
peer Indicates maximum access. Both time request -
and control query can be performed on the local
NTP service, and the local clock can be
synchronized to the remote server.
query Indicates minimum access. Only control query -
can be performed on the local NTP service.
server Indicates that server access and query are -
permitted. Both time request and control query
can be performed on the local NTP service, but
the local clock cannot be synchronized to the
remote server.
synchronization Indicates that only server access is permitted. -
Only time request can be performed on the
local NTP service.
acl-number Indicates the basic access control list (ACL) The value is
number for IPv4 addresses. an integer
that ranges
from 2000 to
2999.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
Compared with NTP authentication, ntp-service access is simpler to ensure the
network security. When an access request reaches the local end, the access request
is successively matched with the access authority from the maximum one to the
minimum one. The first successfully matched access authority takes effect. The
matching order is: peer, server, synchronization, and query.

Fat AP and Cloud AP
Based on the access limitation to be implemented, configure this command

accordingly.
Table 5-43 Configuration of the NTP access control authority

NTP Operating Mode Usage Scenario Device
Configured
Unicast NTP server/ The client is restricted from being Client

client mode synchronized to a server, so that the
client will not be synchronized to
an unreliable unicast NTP server on
the network.
Unicast NTP server/ The server is restricted from Server

client mode processing the synchronization time
request of the client, so that the
synchronization range of the server
is controlled.
NTP symmetric peer The two ends are restricted from Symmetric
mode being synchronized with each other active peer
to prevent an unreliable symmetric
passive peer on the network from
synchronizing the client.
NTP symmetric peer The symmetric passive peer is Symmetric

mode restricted from processing the time passive peer
request, so that the synchronization
range of the symmetric passive
peer is controlled.
NTP broadcast mode The client is restricted from being NTP broadcast
synchronized to a server, so that the client
client will not be synchronized to
an unreliable broadcast NTP server
on the network.
The ntp-service access command ensures the security to the minimal extent. A
safer method is to perform identity authentication. See the ntp-service
authentication enable command for relevant configuration.
Precautions
Check the configuration of the ACL rule before configuring the NTP access control
authority in the ACL. When the ACL rule is permit, the peer device with the source
IP address specified in this rule can access the NTP service on the local device. The
access right of the peer device is configured using the ntp-service access
command. When the ACL rule is deny, the peer device with the source IP address
specified in this rule cannot access the NTP service on the local device.

Fat AP and Cloud AP
Example
# Enable the peer in IPv4 ACL 2000 to perform time request, query control and
time synchronization on the local device.
[HUAWEI] ntp-service access peer 2000
# Enable the server in IPv4 ACL 2002 to perform time request and query control
on the local device.
[HUAWEI] ntp-service access server 2002
5.6.5 ntp-service access limited

Function
The ntp-service access limited command enables control on the rate of incoming
NTP packets.
The undo ntp-service access limited command disables control on the rate of
incoming NTP packets.
By default, control on the rate of incoming NTP packets is disabled.
Format
ntp-service access limited acl-number
undo ntp-service access limited
Parameters
acl-number Indicates the basic access control The value is an integer that
list (ACL) number for IPv4 ranges from 2000 to 2999.
addresses.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
After the KOD function is enabled on the server, you can run the ntp-service
access limited command to enable control on the rate of incoming NTP packets.
When the rate of incoming NTP packets reaches the upper threshold, the server
sends the kiss code.

Fat AP and Cloud AP
Precautions
Before enabling control on the rate of incoming NTP packets, check the ACL rule
configuration. When the ACL rule is deny, the server sends the kiss code DENY.
When the ACL is permit and the rate of incoming NTP packets reaches the upper
threshold, the server sends the kiss code RATE.
Example
# Enable control on the rate of incoming NTP packets.
[HUAWEI] ntp-service access limited 2005
5.6.6 ntp-service authentication enable

Function
The ntp-service authentication enable command enables identity authentication
for NTP.
The undo ntp-service authentication enable command disables the identity
authentication.
By default, identity authentication is disabled.
Format
ntp-service authentication enable
undo ntp-service authentication enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
On networks requiring high security, authentication must be enabled for NTP. The
NTP client authenticates NTP servers using a password and synchronizes time with
only the authenticated server. This improves network security.
Example
# Enable identity authentication for NTP.
[HUAWEI] ntp-service authentication enable

Fat AP and Cloud AP
5.6.7 ntp-service authentication-keyid

Function
The ntp-service authentication-keyid command sets NTP authentication key.
The undo ntp-service authentication-keyid command removes NTP
authentication key.
By default, no authentication key is set.
Format
ntp-service authentication-keyid key-id authentication-mode { md5 | hmac-
sha256 } [ cipher ] password
undo ntp-service authentication-keyid key-id
Parameters
key-id Indicates the key number. Key ID is an integer and ranges

from 1 to 4294967295.
authentication- Indicates MD5 -

mode md5 authentication mode.
authentication- Indicates HMAC-SHA256 -

mode hmac- authentication mode.
sha256
cipher Indicates that the -

configured password is
displayed in cipher text.
If this parameter is not
specified, the configured
password is displayed in
cipher text.

Fat AP and Cloud AP
password Specifies the When quotation marks are used

authentication password around the string, spaces are
in plain text or in cipher allowed in the string.
text.
The keyword is a string of case
sensitive characters, spaces
supported.
● 1 to 255 characters in plain
text.
● 48 to 348 characters in
cipher text.
To improve password security,
the password must be a
combination of at least two of
the following: digits, letters, and
special characters, and the
password length must be equal
to or larger than 8.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a network that requires high security, the NTP authentication must be enabled.
You can configure password authentication between client and server, which
guarantee the client only to synchronize with server successfully authenticated,
and improve network security. If the NTP authentication function is enabled, a
reliable key should be configured at the same time. Keys configured on the client
and the server must be identical.
NOTE
In NTP symmetric peer mode, the symmetric active peer functions as a client and the
symmetric passive peer functions as a server.
Follow-up Procedure
You can configure multiple keys for each device. After the NTP authentication key
is configured, you need to set the key to reliable using the ntp-service reliable
authentication-keyid command. If you do not set the key to reliable, the NTP key
does not take effect.
Precautions

Fat AP and Cloud AP
MD5 authentication has potential risks. To ensure security, you are advised to use
the HMAC-SHA256 algorithm, which is more secure, for NTP authentication.
You can configure a maximum of 1024 keys for each device.
If the NTP authentication key is a reliable key, it automatically becomes unreliable
when you delete the key. You do not need to run the undo ntp-service reliable
authentication-keyid command.
Example
# Set the HMAC-SHA256 identity authentication key. The key ID number is 10,
and the key is Betterkey.
[HUAWEI] ntp-service authentication-keyid 10 authentication-mode hmac-sha256 BetterKey
# Set authentication text to BetterKey123 in HMAC-SHA256 authentication with

cipher option.
[HUAWEI] ntp-service authentication-keyid 10 authentication-mode hmac-sha256 cipher BetterKey123
5.6.8 ntp-service broadcast-client

Function
The ntp-service broadcast-client command configures the device to work in NTP
broadcast client mode.
The undo ntp-service broadcast-client command removes the device from the
NTP broadcast client mode.
By default, the device is not configured in the NTP broadcast client mode.
Format
ntp-service broadcast-client
undo ntp-service broadcast-client
Parameters
None
Views
VLANIF interface view
Default Level
Usage Guidelines
On a synchronization subnet, when the IP address of a server or a symmetric peer
is not determined, or when the clocks on a large number of devices need to be

Fat AP and Cloud AP
synchronized on the network, you can implement clock synchronization by

configuring the broadcast mode.
On a specified interface on the broadcast client, run the ntp-service broadcast-

client command to configure an interface on the local device to receive NTP
broadcast packets. When the local device automatically runs in the broadcast
client mode, the device can receive the synchronization packets sent by a
broadcast server. For the configuration of the broadcast server, see the ntp-service
broadcast-server command.
When the configuration is complete, you can run the display ntp-service sessions
command to obtain information about sessions between the broadcast server and
the local device.
Example
# Enable VLANIF100 to receive NTP broadcast messages.
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ip address 10.1.1.1 24
[HUAWEI-Vlanif100] ntp-service broadcast-client
5.6.9 ntp-service broadcast-server
Function
The ntp-service broadcast-server command configures the local device to work
in NTP broadcast server mode.
The undo ntp-service broadcast-server command removes the device from the
NTP broadcast server mode.
By default, the broadcast server mode is not configured.
Format
ntp-service broadcast-server [ version number | authentication-keyid key-id ] *
undo ntp-service broadcast-server
Parameters

version number Indicates the NTP version The value is an integer
number. that ranges from 1 to 4.
If this parameter is not specified,
the version number is a default
value.

Fat AP and Cloud AP

authentication- Indicates the authentication key Key ID is an integer and
keyid key-id number used to transmit a ranges from 1 to
message to broadcast clients. 4294967295.
If this parameter is not specified,
authentication is not performed.
Views
Default Level
Usage Guidelines
On a synchronization subnet, when the IP address of a server or a symmetric peer
is not determined, or when the clocks on a large number of devices need to be
synchronized on the network, you can implement clock synchronization by
configuring the broadcast mode.
On a specified interface on the broadcast server, run the ntp-service broadcast-

server command to configure an interface on the local device to send NTP
broadcast packets. When the local device automatically runs in the broadcast
server mode, the device can send synchronization packets to a broadcast client.
For the configuration of the broadcast client, see the ntp-service broadcast-client
command.
When the configuration is complete, you can run the display ntp-service sessions
command to obtain information about sessions between the broadcast server and
the client.
Example
# Enable VLANIF100 to send NTP broadcast packets, with the NTP version as 2
and the key number as 4.
[HUAWEI-Vlanif100] ntp-service broadcast-server version 2 authentication-keyid 4
5.6.10 ntp-service discard

Function
The ntp-service discard command sets the minimum inter-packet interval and the
average inter-packet interval of NTP.
The undo ntp-service discard command restores the minimum inter-packet

interval and the average inter-packet interval of NTP to the default values.

Fat AP and Cloud AP
By default, the minimum inter-packet interval is set to the first power of 2 in

seconds, namely, 2 seconds, and the average inter-packet interval is set to the fifth
power of 2 in seconds, namely, 32 seconds.
Format
ntp-service discard { min-interval min-interval-val | avg-interval avg-interval-
val } *
undo ntp-service discard
Parameters
min-interval Specifies the minimum inter-packet The value of min-
min-interval-val interval of NTP. interval-val is an
integer that ranges
The actual value of the minimum inter- from 1 to 8.
packet interval of NTP is the value
obtained by raising 2 to the power of
min-interval-val, expressed in seconds.
avg-interval Specifies the average inter-packet The value of avg-

avg-interval-val interval of NTP. interval-val is an
integer that ranges
The actual value of the average inter- from 1 to 8.
packet interval of NTP is the value
obtained by raising 2 to the power of
avg-interval-val, expressed in seconds.
Views
System view
Default Level
Usage Guidelines
The minimum inter-packet interval and the average inter-packet interval of NTP
are set using the ntp-service discard command. To generate kiss code RATE, we
need to set the minimum inter-packet interval and the average inter-packet
interval of NTP.
Example
# Set both the minimum inter-packet interval and the average inter-packet
interval of NTP to the fourth power of 2, expressed in seconds, namely, 16
seconds.

Fat AP and Cloud AP
[HUAWEI] ntp-service discard min-interval 4 avg-interval 4
5.6.11 ntp-service enable

Function
The ntp-service enable command enables the NTP service on the local device.
The undo ntp-service enable command disables the NTP service on the local
device.
By default, the NTP service on the local device is enabled. In the factory
configuration file, the NTP service is disabled.
Format
ntp-service enable
undo ntp-service enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
The NTP function can be used on a device only after the NTP service on the device
is enabled.
Example
# Enable the NTP service on the local device.
[HUAWEI] ntp-service enable
5.6.12 ntp-service in-interface disable

Function
The ntp-service in-interface disable command disables an interface from
receiving NTP packets.
The undo ntp-service in-interface disable command enables an interface to
receive NTP packets.
By default, an interface is enabled to receive NTP packets.

Fat AP and Cloud AP
Format
ntp-service in-interface disable
undo ntp-service in-interface disable
Parameters
None
Views
Default Level
Usage Guidelines
The ntp-service in-interface disable command provides a method for access
control.
You can disable the interface connected to external devices from receiving NTP
packets in the following scenarios:
● An unreliable clock server exists on the interface. By default, all the interfaces
can receive NTP packets after NTP is enabled on the device. However, an
unreliable clock source makes NTP clock data inaccurate.
● The NTP clock data is modified when the interface is attacked maliciously.
Example
# Disable VLANIF100 from receiving NTP packets.
[HUAWEI-Vlanif100] ntp-service in-interface disable
5.6.13 ntp-service kod-enable
Function
The ntp-service kod-enable command enables the KOD function.
The undo ntp-service kod-enable command disables the KOD functions.
By default, the KOD function is disabled.
Format
ntp-service kod-enable
undo ntp-service kod-enable

Fat AP and Cloud AP
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The Kiss-o'-Death (KOD) function is a brand new access control technology put
forward by NTPv4, and the KOD function is mainly used for a server to provide
information, such as a status report and access control, for a client. After the KOD
function is enabled on the server, the server sends the kiss code DENY or RATE to
the client according to the operating status of the system.
When the kiss code is generated in a specific situation, run the command ntp-
service kod-enable.
Follow-up Procedure
After the KOD function is enabled on the server, you can run the ntp-service
access limited command to enable control on the rate of incoming NTP packets.
When the rate of incoming NTP packets reaches the upper threshold, the server
sends the kiss code.
Example
# Enable the KOD function.
[HUAWEI] ntp-service kod-enable
5.6.14 ntp-service max-dynamic-sessions
Function
The ntp-service max-dynamic-sessions command sets the maximum dynamic
NTP sessions that can be set up.
The undo ntp-service max-dynamic-sessions command restores the maximum

dynamic NTP sessions to the default value.
By default, up to 100 NTP dynamic sessions are allowed to be set up.
Format
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions

Fat AP and Cloud AP
Parameters
number Indicates the number of The number of dynamic NTP sessions

dynamic sessions allowed to is an integer that ranges from 0 to
be set up. 100. The default value is 100.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
A maximum of 128 sessions can be established on the same device running the
NTP service in the same period, including static and dynamic sessions. In both
unicast server/client mode and symmetric peer mode, command lines are used to
establish static sessions. The dynamic sessions are established in broadcast mode.
Excessive dynamic sessions directly affect the establishment of static sessions. A
user can limit the number of local dynamic sessions solve this problem.
Precautions
When the number of local dynamic sessions on the device is limited,
● NTP dynamic sessions established are not affected. That is, when the number
of the dynamic sessions exceeds the limit, the dynamic sessions established
are not deleted, but a new dynamic session cannot be established.
● The limit on the number of local dynamic sessions allowed should be
configured on the client because the server does not record the number of the
established NTP sessions.
Example
# Set the maximum NTP dynamic sessions allowed to be set up to 50.
[HUAWEI] ntp-service max-dynamic-sessions 50
5.6.15 ntp-service reliable authentication-keyid

Function
The ntp-service reliable authentication-keyid command specifies the
authentication key to be reliable.
The undo ntp-service reliable authentication-keyid command cancels the
current setting.

Fat AP and Cloud AP
By default, no authentication key is specified to be reliable.
Format
ntp-service reliable authentication-keyid key-id
undo ntp-service reliable authentication-keyid key-id
Parameters
key-id Indicates the key number. Key ID is an integer and ranges from 1 to
4294967295.
Views
System view
Default Level
Usage Guidelines
If the identity authentication is enabled, this command is used to specify that one
or more keys are reliable. That is, the client can only be synchronized with the
server that provides the reliable key. The client cannot be synchronized with the
server that provides unreliable keys.
Example
# Enable the identity authentication in NTP and adopt the HMAC-SHA256
encryption mode with key number as 37 and the key as BetterKey. Specify the key
to be reliable.
[HUAWEI] ntp-service authentication enable
[HUAWEI] ntp-service authentication-keyid 37 authentication-mode hmac-sha256 BetterKey
[HUAWEI] ntp-service reliable authentication-keyid 37
5.6.16 ntp-service server disable

Function
The ntp-service server disable command disables NTP server functionality.
The undo ntp-service server disable command enables NTP server functionality.
By default, NTP server functionality is enabled.
Format
ntp-service server disable

Fat AP and Cloud AP
undo ntp-service server disable
Parameters
None
Views
System view
Default Level
Usage Guidelines
For the security purpose, NTP server functionality can be disabled when the device
does not need to act as a server.
Example
# Disable NTP server functionality.
[HUAWEI] ntp-service server disable
5.6.17 ntp-service source-interface
Function
The ntp-service source-interface command specifies the local source interface
that sending and receiving NTP packets.
The undo ntp-service source-interface command cancels the current setting.
By default, the local source interface is not specified for sending and receiving NTP
packets. The local source interface is automatically determined based on the
route.
Format
ntp-service source-interface interface-type interface-number
undo ntp-service source-interface
Parameters
interface-type interface- Indicates the local interface that sends the -

number NTP packets.

Fat AP and Cloud AP
Views
System view
Default Level
Usage Guidelines
Usage Scenario
Configure the local source interface for sending/receiving NTP packets, so that the
IP address of another interface on the device cannot be used as the destination
address of a reply packet, which is convenient for a user to subsequently deploy a
flow control policy. If the interface is not specified, the source IP address of the
NTP packets is selected according to the route.
Precautions
In the broadcast mode, the NTP service is performed on a specific interface, that
is, the source interface. Therefore, the ntp-service source-interface command is
invalid for the broadcast mode.
Example
# Specify VLANIF100 as the source interface to send all the NTP packets.
[HUAWEI] ntp-service source-interface vlanif 100
5.6.18 ntp-service unicast-peer

Function
The ntp-service unicast-peer command configures NTP peer mode.
The undo ntp-service unicast-peer command cancels the NTP peer mode.
By default, the NTP peer mode is not configured.
Format
ntp-service unicast-peer ip-address [ version number | maxpoll max-number |
minpoll min-number | authentication-keyid key-id | source-interface interface-
type interface-number | preference ]*
undo ntp-service unicast-peer ip-address

Fat AP and Cloud AP
Parameters
ip-address Indicates the IPv4 address of The parameter ip-

the remote peer. address is a host address
and cannot be the
broadcast address, the
multicast address or the
IP address of a reference
clock.
version number Indicates the NTP version Version number is an

number. If this parameter is integer data type and
not specified, the default ranges from 1 to 4. By
version number is used. default, it is 3.
authentication- Indicates the authentication Key ID is an integer and

keyid key-id key number used when ranges from 1 to
transmitting messages to the 4294967295.
remote peer.If this parameter is
not specified, authentication is
not performed.
maxpoll max- Indicates the maximum NTP The value is an integer

number poll interval. that ranges from 10 to
17.
minpoll min-number Indicates the minimum NTP The value is an integer

poll interval. that ranges from 3 to 6.
source-interface Indicates the source interface -

interface-type from which the symmetric
interface-number active end sends NTP packets
to the symmetric passive end.
The source IP address of the
NTP packets is the IP address
of this interface.
preference Indicates the remote peer as -

the preferred one. By default,
the remote peer is not
preferred.
Views
System view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
When the clock of a device on the network needs to be synchronized in symmetric

peer mode, you can run the ntp-service unicast-peer command to configure a
remote node as the symmetric peer of the device. The local device runs in
symmetric active peer mode. In this mode, the device and the remote peer can be
synchronized with each other.
Example
# Configure the peer 10.10.1.1 to provide the synchronizing time for the local
device. The local device can also provide synchronizing time for the peer. The
version number is 3. The IP address of the NTP packets is the address of
VLANIF100.
[HUAWEI] ntp-service unicast-peer 10.10.1.1 version 3 source-interface vlanif 100
5.6.19 ntp-service unicast-server
Function
The ntp-service unicast-server command configures the NTP unicast server/client
mode.
The undo ntp-service unicast-server command cancels the NTP unicast server/
client mode.
By default, the NTP server mode is not configured.
Format
ntp-service unicast-server ip-address [ version number | authentication-keyid
key-id | maxpoll max-number | minpoll min-number | source-interface interface-
type interface-number | preference ] *
undo ntp-service unicast-server ip-address
Parameters
ip-address Indicates the IPv4 address of The parameter ip-address

the remote server. is a host address and
cannot be the broadcast
address, the multicast
address or the IP address
of a reference clock.

Fat AP and Cloud AP
version number Indicates the NTP version Version number is an

number. If this parameter is not integer and ranges from
specified, the default version 1 to 4. By default, the
number is used. version number is 3.
authentication- Indicates the authentication key Key ID is an integer and

keyid key-id number used when messages ranges from 1 to
are transmitted to the remote 4294967295.
server. If this parameter is not
specified, authentication is not
performed.
maxpoll max- Specifies the NTP maximum It is an integer ranging

number poll interval. The NTP poll from 10 to 17, in
interval of the system floats seconds. The default
between the minimum value value is 10 seconds in
and maximum value. NTPv1, NTPv2, NTPv3,
and NTPv4.
minpoll min- Specifies NTP minimum poll It is an integer ranging

number interval. The NTP poll interval from 3 to 6, in seconds.
of the system floats between The default value is 6
the minimum value and seconds.
maximum value.
source-interface Indicates the source interface -

interface-type from which the unicast client
interface-number sends NTP packets to the
unicast server. The source IP
address of the NTP packets is
the IP address of this interface.
preference Indicates the remote server as -

the preferred one. By default,
the remote server is not
preferred.
Views
System view
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
When the clock of a device on the network needs to be synchronized in unicast

server/client mode, the command can be run, and the remote server specified by
ip-address is used as the local clock server. The local device runs in client mode. In
this mode, the local client can be synchronized to the remote server, but the
remote server cannot be synchronized to the local client.
Example
# Configure the server 10.10.1.1 to provide the synchronizing time for the local
device. The NTP version number is 3.
[HUAWEI] ntp-service unicast-server 10.10.1.1 version 3
5.7 PoE Configuration Commands

NOTE
PoE OUT is supported only by the following models: AP8082DN, AP8182DN, AP4050DN-E,
AP4050DN-HD, AP7050DN-E, AP2050DN-E, AP2051DN-E, AD9431DN-24X, AD9430DN-24,
AD9430DN-12.
The display current power-workmode command is available for all APs supporting PoE IN and
PoE OUT, except the AD9430DN-24 and AD9431DN-24X.
5.7.1 display current power-workmode
Function
The display current power-workmode command displays the current power
mode of APs.
This command is available for all APs except the AD9430DN-24 and
AD9431DN-24X.
Format
display current power-workmode
Parameters
None
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
In DC or PoE power supply mode, APs may fail to work in its full power mode
because the power provided may not meet requirements of this mode. You can
run this command to check the current power mode of the AP.
Example
# Display the current power mode of the AP.
<HUAWEI> display current power-workmode
Current power workmode is AT (FULL), decided by AP capability
Table 5-44 Description of the display current power-workmode command

output
Item Description
Current power Current power mode of the AP, which is determined

workmode by the maximum capability of the AP.
● The power mode of an AP can be AF, AT, or BT,
which represents 802.3af, 802.3at, or 802.3bt,
respectively.
● The working mode of an AP can be Full, Limited,
or Disabled. In Full mode, functions of the AP are
unrestricted. In Limited mode, functions of the AP
are partially restricted. In Disabled mode, the AP
restarts due to insufficient power supply, and you
are not advised to use the AP in this mode.
The current power mode of an AP depends on the
following:
● LLDP: LLDP negotiation result
● Hardware detect: hardware detection result
● AP capability: its own highest capability
5.7.2 display poe device
Function
The display poe device command displays information about the device
supporting Power over Ethernet (PoE).
Format
display poe device
Parameters
None

Fat AP and Cloud AP
Views
All views
Default Level
Usage Guidelines
Before using the PoE function, run the display poe device command to check
whether the device supports the PoE function. If the command output is displayed,
the device supports the PoE function.
Example
# Display information about the device supporting PoE.
<HUAWEI> display poe device
slot 0 : POE
Table 5-45 Description of the display poe device command output
Item Description
Slot 0 The device supports PoE.
5.7.3 display poe information
Function
The display poe information command displays PoE running information about
the device.
Format
display poe information [ slot slot-id ]
Parameters
slot slot-id Displays the PoE state The value is an integer

information about a and the value range
device in a specified slot. depends on the device
If this parameter is not configuration.
specified, the PoE
information about all
device is displayed.

Fat AP and Cloud AP
Views
All views
Default Level
Usage Guidelines
This command displays information including the maximum output power set by
the user, current power consumption, peak power consumption, and power
management mode.
Example
# Display the PoE running information about the device.
<HUAWEI> display poe information
PSE Information of slot 0:
User Set Max Power(mW) : 380000
POE Power Supply(mW) : 380000
Available Total Power(mW) : 371784
Total Power Consumption(mW): 8216
Power Peak Value(mW) : 11284
Power-Management Mode : auto
Power High Inrush : disable
Power AF Inrush : disable
Table 5-46 Description of the display poe information command output

Item Description
User Set Max Maximum output power set by the user.

Power(mW) To set the value, run the poe max-power command.
POE Power PoE power supply, which is determined by the PoE

Supply(mW) power module configured on the device.
Available Total Total available power.

Power(mW)
Total Power Total output power.

Consumption(mW)
Power Peak Peak value of the output power.

Value(mW)
Power-Management Power management mode, including auto and manual

Mode modes.
To set the mode, run the poe power-management
command.

Fat AP and Cloud AP
Item Description
Power High Inrush State of power high inrush function, including enabled
and disabled state. By default, the power high inrush
function is in disabled state.
To set the state, run the poe high-inrush enable
command.
Power AF Inrush Whether to set the PoE standard to IEEE 802.3af.

● enable: The current PoE standard is IEEE 802.3af.
● disable: The current PoE standard is IEEE 802.3at.
By default, a central AP provides PoE power in
compliance with IEEE 802.3at.
To configure this parameter, run the poe af-inrush
enable command.
5.7.4 display poe power
Function
The display poe power command displays current power information on
interfaces.
Format
display poe power [ slot slot-id | interface interface-type interface-number ]
Parameters
slot slot-id Displays PoE power The value is fixed as 0.

information in a
specified slot.
specified, all PoE
device is displayed.

Fat AP and Cloud AP
interface interface-type Displays PoE power -

interface-number information about a
specified interface.
● interface-type
type.
number.
specified, the output
power of all interfaces
on the device is
displayed.
Views
All views
Default Level
Usage Guidelines
The display poe power command displays information including the current
actual power, maximum output power set for an interface, and class, reference
power, and average power of PDs on the interface.
If this parameter is not specified, the output power of all interfaces on the device
is displayed.
Example
# Display power information about interfaces on the device whose ID is 0.
<HUAWEI> display poe power slot 0
Codes: REFPW(Reference power), USMPW(User set max power),
CURPW(Current power), PKPW(Peak power), AVGPW(Average power)
PortName Class REFPW(mW) USMPW(mW) CURPW(mW) PKPW(mW) AVGPW(mW)

--------------------------------------------------------------------------------
GigabitEthernet0/0/1 - - 15400 0 0 0
GigabitEthernet0/0/11 2 7000 15400 3710 3816 3487
GigabitEthernet0/0/12 2 7000 15400 2968 3180 2960

Fat AP and Cloud AP
Table 5-47 Description of the display poe power slot command output
Item Description
PortName Interface name.
Class Class of a PD on an interface.

The system classifies PDs into five classes, namely, class
0 to class 4, according to their maximum power. If no
PD is connected to interface, a hyphen (-) is displayed.
If the maximum power of a PD exceeds the output
power level of the device, class 4 is displayed.
REFPW(mW) Reference power of a PD.

The system can identify the reference power of each
PD. The value varies according to types of PDs. When
the maximum output power of a PD exceeds that of
the device, the reference power of the PD is displayed
as the maximum output power of the device.
The mapping between PD classes and the reference
power is as follows:
● 0: The reference power is 15.4 W.
● 1: The reference power is 4 W.
USMPW(mW) Maximum output power set for an interface.
CURPW(mW) Current power of the PDs on an interface.
PKPW(mW) Peak power of the PDs on an interface.

The value is a statistical value, which equals the
current maximum power consumption of the PDs on
the interface.
AVGPW(mW) Average power of the PDs on an interface.

The value is a statistical value, which equals the
average power consumption from the power-on of the
interface till now.

Fat AP and Cloud AP
# Display power information about GigabitEthernet0/0/3.

<HUAWEI> display poe power interface gigabitethernet 0/0/3
Port PD power(mW) : 3710
Port PD class :2
Port PD reference power(mW) : 7000
Port user set max power(mW) : 15400
Port PD peak power(mW) : 3816
Port PD average power(mW) : 3487
Table 5-48 Description of the display poe power interface command output
Item Description
Port PD power(mW) Output power of an interface.
Port PD class Class of a PD on an interface.

0 to class 4, according to their maximum power. If no
PD is connected to interface, a hyphen (-) is displayed.
If the maximum power of a PD exceeds the output
power level of the device, class 4 is displayed.
Port PD reference Reference power of a PD.

power(mW) The system can identify the reference power of each
PD. The value varies according to types of PDs. When
the maximum output power of a PD exceeds that of
the device, the reference power of the PD is displayed
as the maximum output power of the device.
The mapping between PD classes and the reference
power is as follows:
Port user set max Maximum output power set for an interface.
power(mW)
Port PD peak Peak power of the PDs on an interface.

power(mW) The value is a statistical value, which equals the
current maximum power consumption of the PDs on
the interface.
Port PD average Average power of the PDs on an interface.

power(mW) The value is a statistical value, which equals the
average power consumption from the power-on of the
interface till now.
5.7.5 display poe power-state

Fat AP and Cloud AP
Function
The display poe power-state command displays the PoE power supply status of a
device.
Format
display poe power-state [ slot slot-id | interface interface-type interface-
number ]
Parameters
slot slot-id Displays the power The value is an integer,

supply status of and the value is 0.
interfaces supporting
PoE in a specified slot.
interface interface-type Displays the PoE power -

interface-number supply status of a
● interface-type
type.
number.
specified, the PoE power
supply status of all
interfaces on the device
is displayed.
Views
All views
Default Level
Usage Guidelines
The display poe power-state command displays information including whether
an interface is enabled to check compatibility of non-standard PDs, power supply
status on of an interface, class of PDs on an interface, power supply priority, and
maximum output power of an interface.

Fat AP and Cloud AP
Example
# Display the PoE power supply status of GigabitEthernet 0/0/3.
<HUAWEI> display poe power-state interface gigabitethernet 0/0/3
Port legacy detect : disable
Port power enabled : enable
Port power ON/OFF : on
Port power status : Powered
Port PD class :3
Port reference power(mW) : 15400
Port power priority : Low
Port max power(mW) : 15400
Port current power(mW) : 2794
Port peak power(mW) : 2794
Port average power(mW) : 2741
Port current(mA) : 52.73
Port voltage(V) : 53.00
Table 5-49 Description of the display poe power-state interface command output
Item Description
Port legacy detect Whether an interface is enabled to check compatibility

of non-standard PDs.
To enable an interface to check compatibility of non-
standard PDs, run the poe legacy enable command.
Port power enabled Whether PoE is enabled on an interface.

To enable PoE on an interface, run the poe enable
command.
Port power ON/OFF Whether the interface is powered on.

● On: indicates that the interface is powered on.
● Off: indicates that the interface is powered off.

Fat AP and Cloud AP
Item Description
Port power status Power supply status of an interface. The status can be:
● Test mode: indicates the testing state.
● Detecting: indicates the detection state.
● Disabled: indicates that PoE is disabled on the
interface.
● Chip fault: indicates that the chip of the interface
fails.
● Power-deny: indicates that the reference power is
greater than the maximum output power of an
interface.
● Classification overcurrent: indicates that the current
of the PDs on the interface exceeds the threshold.
● Unknown class: indicates that the class of the PD is
unknown.
● Power overcurrent: indicates that the current of the
PD on the interface exceeds the maximum current
of the interface.
● Power-on failed: indicates that the interface fails to
be powered on.
● Power-ready: indicates that the interface is ready to
be powered on.
● Powering: indicates that the PSE starts to power on
the interface.
● Powered: indicates that the interface is powered on.
● Over loaded: indicates that the power is overloaded.
● Time-range power-off: indicates that the interface is
in the power-off time range.
● Legacy disable: indicates that compatibility
detection for PDs is disabled. That is, the device
cannot identify or provide power for the non-
standard PD.
Port PD class Class of a PD connected to an interface.

0 to class 4, according to their maximum power.

Fat AP and Cloud AP
Item Description
Port reference Reference power of an interface.

power(mW) The system can identify the maximum power of a PD,
classify the PD into a certain level, and define the
reference power of each level. The mappings between
PD types and reference power values are:
● 0: reference power 15.4 W
● 1: reference power 4 W
● 3: reference power 15.4 W
Port power priority Power supply priority of an interface. The priority is as

follows:
● Critical: indicates the highest priority.
● High: indicates the second highest priority.
● Low: indicates the lowest priority.
To set the priority, run the poe priority command.
Port max power(mW) Maximum output power of an interface.

NOTE
A maximum output power of 15400 mW indicates that the
device complies with 802.3af. A maximum output power of
30000 mW indicates that the device complies with 802.3at.
Port current Current output power of an interface.

power(mW)
Port peak power(mW) Peak output power of an interface.
Port average Average output power of an interface.

power(mW)
Port current(mA) Output current of an interface.
Port voltage(V) Output voltage of an interface.
# Display the PoE power supply status of the device.

<HUAWEI> display poe power-state slot 0
PORTNAME POWERON/OFF ENABLED PRIORITY STATUS
--------------------------------------------------------------------------------
GigabitEthernet0/0/1 off enable Low Detecting
GigabitEthernet0/0/3 on enable Low Powered

Fat AP and Cloud AP
Table 5-50 Description of the display poe power-state slot command output
Item Description
PORTNAME Name of an interface.
POWERON/OFF Whether the interface is powered on.

● On: indicates that the interface is powered on.
● Off: indicates that the interface is powered off.
ENABLED Whether PoE is enabled on an interface.

To enable PoE on an interface, run the poe enable
command.
PRIORITY Power supply priority of an interface. The priority is as

follows:
● Critical: indicates the highest priority.
● High: indicates the second highest priority.
● Low: indicates the lowest priority.
To set the priority, run the poe priority command.

Fat AP and Cloud AP
Item Description
STATUS Power supply status of an interface. The status is

classified into following types:
● Test mode: indicates the testing state.
● Detecting: indicates the detection state.
● Disabled: indicates that PoE is disabled on the
interface.
● Chip fault: indicates that the chip of the interface
fails.
● Power-deny: indicates that the reference power is
greater than the maximum output power of an
interface.
● Classification overcurrent: indicates that the current
of the PDs on the interface exceeds the threshold.
● Unknown class: indicates that the class of the PD is
unknown.
● Power overcurrent: indicates that the current of the
PD on the interface exceeds the maximum current
of the interface.
● Power-on failed: indicates that the interface fails to
be powered on.
● Power-ready: indicates that the interface is ready to
be powered on.
● Powering: indicates that the PSE starts to power on
the interface.
● Powered: indicates that the interface is powered on.
● Over loaded: indicates that the power is overloaded.
● Time-range power-off: indicates that the interface is
in the power-off time range.
● Legacy disable: indicates that compatibility
detection for PDs is disabled. That is, the device
cannot identify or provide power for the non-
standard PD.
5.7.6 display poe-power
Function
The display poe-power command displays information about the PoE power
supply.
Format
display poe-power [ slot slot-id ]

Fat AP and Cloud AP
Parameters
slot slot-id Specifies the slot ID of a The value is an integer,

device. and the value is 0.
Views
All views
Default Level
Usage Guidelines
The display poe-power displays information including the available total PoE
power, percentage of the reserved power, power alarm threshold, and PoE power
module.
Example
# Display information about the PoE power supply of the devices.
<HUAWEI> display poe-power
Slot 0
Total Available POE Power(mW) : 246400
Reserved POE Power Percent : 20 %
POE Power Threshold Percent : 90 %
POE Power 1
Power Value(mW) : 123200
Type : AD9430DN-12
Supported Mode : Redundancy, Balance
POE Power 2
Power Value(mW) :-
Type :-
Supported Mode :-
Table 5-51 Description of the display poe-power command output
Item Description
Total Available POE Total power that can be provided for PDs.
Power(mW)
Reserved POE Power Percentage of the reserved power to the total power.
Percent To set the percentage, run the poe power-reserved
command.
POE Power Threshold Alarm threshold of the power consumption percentage.

Percent To set the threshold, run the poe power-threshold
command.
POE Power 1 PoE power supply 1.

Fat AP and Cloud AP
Item Description
POE Power 2 PoE power supply 2.
Power Value(mW) Power of a PoE power supply.
Type Type of a PoE power supply.
Supported Mode Supported PoE power supply mode. The value can be:
● Redundancy: redundancy backup mode
● Balance: current balance mode
5.7.7 poe af-inrush enable

Function
The poe af-inrush enable command configures the IEEE802.3at-compliant device
to provide power in conformance to IEEE802.3af.
The undo poe af-inrush enable command configures the device to provide power
in conformance to IEEE802.3at.
By default, A device provides power for PDs in conformance to IEEE802.3at.
Format
poe af-inrush enable [ slot slot-id ]
undo poe af-inrush enable [ slot slot-id ]
Parameters
slot slot-id Specifies the slot ID of The value is 0, indicating

the card. the MPU of the device.
Views
System view
Default Level
Usage Guidelines
Usage Scenarios
The device that conforms to IEEE802.3at cannot power non-standard PDs that do
not support inrush current. To power these PDs, configure the device to provide

Fat AP and Cloud AP
power in conformance to IEEE802.3af. When all PDs connected to the device are
standard PDs, run the undo poe af-inrush enable command to cancel the
configuration.
Precautions
● The poe af-inrush enable command takes effect only on PoE devices
conforming to IEEE802.3at.
● The poe af-inrush enable command does not take effect on an interface if
the poe force-power command has been executed on the interface.
● The poe force-power command is applied to some non-standard PDs that
cannot be powered on. After running this command, some devices that need
inrush current may not be powered on.
● After running the poe af-inrush enable command, remove the non-standard
PDs and then install them so that the PDs can be powered on.
After running the poe af-inrush enable command, remove the non-standard PDs
and then install them so that the PDs can be powered on.
Example
# Configure the device to provide power in conformance to IEEE802.3af.
[HUAWEI] poe af-inrush enable slot 0
Warning: This operation may cause PD work abnormal. Continue?[Y/N]:y
5.7.8 poe enable

Function
The poe enable command enables the PoE function on an interface.
The undo poe enable command disables the PoE function on an interface.
By default, the PoE function is enabled on an interface.
Format
poe enable
undo poe enable
Parameters
None
Views
GE interface view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Before providing power for the PD connected to the interface, ensure the PoE
function on the interface is enabled. IF the PoE function is not enabled, run the
poe enable command to enable the PoE function on the interface.
In automatic mode, the power-on or power-off of interfaces is determined by the
PoE power and interface power priority. When the PoE power is sufficient, the
device does not power off one interface. To stop providing power for one PD, run
the undo poe enable command.
Example
# Disable the PoE function on GigabitEthernet0/0/1.
[HUAWEI-GigabitEthernet0/0/1] undo poe enable
5.7.9 poe force-power

Function
The poe force-power command enables forcible powering on a PoE interface.
The undo poe force-power command disables forcible powering on a PoE
interface.
By default, forcible powering is disabled on a PoE interface.
Format
poe force-power
undo poe force-power
Parameters
None
Views
GE interface view
Default Level
Usage Guidelines
Usage Scenarios
If the power of the system is sufficient, you can run the poe force-power
command on the interface connected to PDs when the PSE cannot detect the PDs.
Precautions

Fat AP and Cloud AP
If the interface connects to a non-PD device, configuring forcible powering on the

interface may damage the non-PD device. Exercise caution when using the poe
force-power command.
Example
# Enable forcible powering on GigabitEthernet0/0/1.
[HUAWEI-GigabitEthernet0/0/1] poe force-power
Warning: Is there a valid PD connected to this interface? Yes or No?[Y/N]:y
5.7.10 poe high-inrush enable

Function
The poe high-inrush enable command configures an interface to allow
generation of the high pulse current during power-on.
The undo poe high-inrush enable command configures an interface not to allow
generation of the high pulse current during power-on.
By default, interfaces do not allow generation of the high pulse current during
power-on.
Format
poe high-inrush enable [ slot slot-id ]
undo poe high-inrush enable [ slot slot-id ]
Parameters
slot slot-id Specifies the The value is 0, indicating the

slot ID of the MPU of the device.
card.
Views
System view
Default Level
Usage Guidelines
High inrush current is generated when a non-standard PD is powered on. In this
case, the PSE cuts off the power of the PD to protect itself. If the PSE is required to
provide power for the PD, the PSE must allow high inrush current. The high inrush
current may damage device components.

Fat AP and Cloud AP
Example
# Enable the device to allow generation of the high pulse current during power-
on.
[HUAWEI] poe high-inrush enable
5.7.11 poe { power-off | power-on } interface
Function
The poe { power-off | power-on } interface command manually powers on or
powers off the PD of an interface.
Format
poe { power-off | power-on } interface interface-type interface-number
Parameters
power-off Powers off an interface. -
power-on Powers on an interface. -
interface-type interface- Specifies the type and -

number number of the interface
that needs to be
powered on or powered
off manually.
Views
System view
Default Level
Usage Guidelines
Usage Scenarios
In manual power management mode, run the poe { power-off | power-on }
interface command to power on or power off interfaces. To check whether the
command runs successfully, run the display poe power-state command.
Precautions
When the available power of the device is insufficient and the device cannot
provide power for a new PD, the poe power-on interface command is invalid.

Fat AP and Cloud AP
Before powering on or powering off an interface, ensure that:
● The power management mode has been in manual mode through running
the poe power-management command.
● PDs have been connected to the interface.
● The PoE function of the interface has been enabled.
● The classification of the PDs connected to the interface has finished and the
PDs have been ready for being powered on.
Example
# Manually power on GigabitEthernet0/0/1 interface.
[HUAWEI] poe power-on interface gigabitethernet 0/0/1
5.7.12 poe legacy enable
Function
The poe legacy enable command enables the power sourcing equipment (PSE) to
check the compatibility of the power device (PD).
The undo poe legacy enable command disables the PSE from checking the
compatibility of the PD.
By default, the PSE does not check the capability of the PD.
Format
poe legacy enable
undo poe legacy enable
Parameters
None
Views
GE interface view
Default Level
Usage Guidelines
When compatibility check is enabled, the device can detect and provide power for
the PD that does not comply with the 802.3af or 802.3at standard. If compatibility
check is not enabled, the device cannot detect and provide power for the non-
standard PD.

Fat AP and Cloud AP
Example
# Enable GigabitEthernet0/0/1 to check the compatibility of the PD.
[HUAWEI-GigabitEthernet0/0/1] poe legacy enable
Warning: Is there a valid PD connected to this interface? Yes or No?[Y/N]:y
5.7.13 poe max-power

Function
The poe max-power command sets the maximum output power of a device.
The undo poe max-power command restores the maximum output power of a
device to the default value.
By default, the maximum output power of the device is the total power that the
PoE power supply provides for PDs. Therefore, the configured maximum output
power must be smaller than the total power that the PoE power supply provides
for PDs.
Format
poe max-power max-power [ slot slot-id ]
undo poe max-power [ [ max-power ] slot slot-id ]

Fat AP and Cloud AP
Parameters
max-power Specifies the maximum The value range is as

output power of a follows:
device. ● AP4050DN-HD: 15400
mW to 13300 mW
● AP7050DN-E: 15400
mW to 45000 mW
● AD9431DN-24X and
AD9430DN-24: 15400
mW to 380000 mW
● AD9430DN-12: 15400
mW to 65000 mW
● The maximum output
power of an
AP4050DN-E is
variable, as follows:
– In 802.3at power
supply mode, the
output power is
less than 7 W
when no expansion
card or USB flash
drive is inserted.
supply mode, the
output power is
less than 5.5 W
when one
expansion card and
no USB flash drive
is inserted.
supply mode, PoE
out is prohibited
when two or more
expansion cards or
a USB flash drive is
inserted.
– In 802.3af power
supply mode, PoE
out is prohibited.
slot slot-id Specifies the slot ID. The value is 0.
Views
System view

Fat AP and Cloud AP
Default Level
Usage Guidelines
Usage Scenarios
By default, the system automatically obtains the maximum PoE power supported
by the device. You can run the poe max-power command to set the maximum
output power to ensure stable PoE power supply when the total power of the
device is insufficient.
Precautions
If the maximum output power that you set is smaller than the total power
required by PDs, PDs with lower priority are powered off or cannot be powered on
manually.
Example
# Set the maximum output power of the device to 45000 mW.
[HUAWEI] poe max-power 45000 slot 0
5.7.14 poe power-management
Function
The poe power-management command sets the power management mode of
the device.
The undo poe power-management command restores the default power

management mode of the device.
By default, the device uses the automatic power management mode.
Format
poe power-management { auto | manual } [ slot slot-id ]
undo poe power-management { auto | manual } [ slot slot-id ]
Parameters
auto Specifies the power -

management mode to
automatic mode.
manual Specifies the power -

management mode to
manual mode.

Fat AP and Cloud AP
slot slot-id Specifies the slot ID of a The value is 0, indicating

board. the MPU of the device.
Views
System view
Default Level
Usage Guidelines
Usage Scenarios
In automatic power management mode, the device first provides power for the
interfaces with higher priority and powers off the interfaces of lower priority when
the power is insufficient. When the power is sufficient, all interfaces connected to
PDs are powered on. To stop providing power for some interfaces, run the undo
poe enable command to disable the PoE function on the interfaces. If the PoE
function is enabled and disabled frequently, faults may occur on the interfaces. To
prevent the faults, you can set the power management mode to manual mode. In
manual mode, the power-on and power-off of an interface are controlled
manually and not affected by the interface power priority.
Precautions
● If all the interfaces are of the same priority, the power supply priority of the
interface with a smaller interface number is higher in automatic mode.
● You can view the power management mode by running the display poe
information command.
Example
# Set the power management mode of a device to automatic mode.
[HUAWEI] poe power-management auto
5.7.15 poe power-off time-range
Function
The poe power-off time-range command makes a configured PoE power-off
time range effective on an interface.
The undo poe power-off time-range command cancels the configuration.
By default, a device is not configured with PoE power-off time range.

Fat AP and Cloud AP
Format
poe power-off time-range time-range-name
undo poe power-off time-range
Parameters
time-range-name Specifies a name for a The value is a string of 1

PoE power-off time to 32 case-sensitive
range. characters and must
begin with a letter. In
addition, the word all
cannot be specified as a
time range name.
Views
GE interface view
Default Level
Usage Guidelines
Usage Scenario
The poe power-off time-range command makes a PoE power-off time range set
in the system view effective on an interface. If the current time is within the
specified time range, the PD connected to the interface cannot be powered on.
The undo poe power-off time-range command cancels the configuration. The
time range does not take effect on the PD connected to the interface; however,
the configuration of the time range is still saved.
NOTE
The poe power-off time-range command is only applied to automatic power management
mode.
Before running the poe power-off time-range command, you must ensure a PoE
power-off time range has been configured through running the time-range
command in the system view.
Example
# Configure a PoE power-off time range from 10:00 to 11:00 for PDs connected to
GigabitEthernet0/0/1.
[HUAWEI] time-range PoE 10:00 to 11:00 daily

Fat AP and Cloud AP

[HUAWEI-GigabitEthernet0/0/1] poe power-off time-range PoE
5.7.16 poe power-reserved
Function
The poe power-reserved command sets the percentage of the reserved PoE
power against the total PoE power.
The undo poe power-reserved command restores the default percentage of the
reserved PoE power against the total PoE power.
By default, 20% of the total power is reserved.
Format
poe power-reserved power-reserved [ slot slot-id ]
undo poe power-reserved [ power-reserved slot slot-id | slot slot-id ]
Parameters
power-reserved Specifies the percentage The value is an integer

of the reserved PoE that ranges from 0 to
power against the total 100, in percentage.
PoE power. The default value is 20.

Views
System view
Default Level
Usage Guidelines
Usage Scenarios
The device can dynamically allocate power to each interface according to the
power consumption of each interface. The power consumption of a PD keeps
changing when the PD is running. The system periodically calculates the total
power consumption of all the PDs. If the total power consumption exceeds the
upper threshold of the device, the system cuts off the power of the PDs on the
interfaces of low priority to ensure that other PDs can run normally.
Sometimes, however, the power consumption increases sharply and the available
power of the system cannot support the burst increase of power. At this time, the

Fat AP and Cloud AP
system has not calculated and found that the total power consumption exceeded
the upper threshold; therefore, the system does not cut off power low-priority
interfaces in time. As a result, the PoE power supply is shut down for overload
protection, and all PDs are powered off.
This problem can be solved by running the poe power-reserved command to set
proper reserved power. When there is a burst increase in power consumption, the
reserved power can support the system running. Then the system has time to
power off interfaces of low priority to ensure stable running of other PDs.
Precautions
● The reserved power should not be set greater than 20%. If the reserved PoE
power is greater than 20% of the total PoE power, the power capacity of the
device is affected.
● To set the maximum output power of a device, run the poe max-power
command. In this case, the device calculates the reserved power based on the
set maximum output power. If the maximum output power is not set, the
available PoE power is the power provided by the PoE power module.
Example
# Set the percentage of reserved PoE power to the total PoE power to 30%.
[HUAWEI] poe power-reserved 30
Warning: This operation may power off some PDs of slot 0.Continue?[Y/N]:y
5.7.17 poe power-threshold

Function
The poe power-threshold command sets the alarm threshold of the PoE power
consumption percentage.
The undo poe power-threshold command restores the default alarm threshold of
the PoE power consumption percentage.
The default alarm threshold of the PoE power consumption percentage is 100%
for the AD9431DN-24X and 90% for other APs.
Format
poe power-threshold threshold-value [ slot slot-id ]
undo poe power-threshold [ threshold-value slot slot-id | slot slot-id ]

Fat AP and Cloud AP
Parameters
threshold-value Specifies the alarm The value is an integer

threshold of the PoE that ranges from 0 to
power consumption 100, in percentage.
percentage. When the
power consumption
reaches this value, a PoE
power alarm is
generated.

Views
System view
Default Level
Usage Guidelines
You can run this command to set the alarm threshold of the PoE power
consumption percentage. If the total PoE power is 369.6 W and the alarm
threshold is 90%, an alarm is generated when the power consumption is greater
than 332.64 W. When the power consumption falls below 332.64 W, the alarm is
cleared.
Example
# Set the alarm threshold of the PoE power consumption percentage to 80%.
[HUAWEI] poe power-threshold 80
5.7.18 poe priority

Function
The poe priority command sets the power priority of a PoE interface.
The undo poe priority command restores the default power priority of a PoE
interface.
By default, the power supply priority of an interface is low.
Format
poe priority { critical | high | low }

Fat AP and Cloud AP
undo poe priority
Parameters
critical Indicates the highest -

priority.
high Indicates the second -

highest priority.
low Indicates the lowest -

priority.
Views
GE interface view
Default Level
Usage Guidelines
When the output power of a device is insufficient, the device in automatic power
management mode provides power for the interfaces of the higher power supply
priorities first and cuts off power of the interfaces of the lower power supply
priorities. If all the interfaces are of the same priority, the power supply priority of
the interface with a smaller interface number is higher.
Example
# Set the power supply priority of GigabitEthernet0/0/1 to critical.
[HUAWEI-GigabitEthernet0/0/1] poe priority critical

Fat AP and Cloud AP
Command Reference 6 Interface Management Commands
6 Interface Management Commands
About This Chapter
6.1 Basic Interface Configuration Commands

6.2 Ethernet Interface Configuration Commands
6.3 Logical Interface Configuration Commands
6.1 Basic Interface Configuration Commands
6.1.1 bandwidth (interface view)

Function
The bandwidth command specifies the interface bandwidth acquired by the NMS
from the MIB.
The undo bandwidth command cancels the configured interface bandwidth
acquired by the NMS from the MIB.
By default, no interface bandwidth acquired by the NMS from the MIB is set.
Format
bandwidth bandwidth [ kbps ]
undo bandwidth

Fat AP and Cloud AP
Parameters
bandwidth Specifies the bandwidth of an interface. The value is an integer

ranging from 1 to
1000000, in Mbit/s.
kbps Indicates that the unit of the interface -

bandwidth is kbit/s.
If this parameter is not specified, the
interface bandwidth is expressed in Mbit/s.
Views
Interface view
Default Level
Usage Guidelines
The bandwidth command mainly ensures that the network management station
(NMS) can acquire the bandwidth of an interface. The NMS can check the
interface bandwidth through the two objects ifSpeed and ifHighSpeed in IF-MIB.
● If the configured bandwidth is smaller than 4000 Mbit/s, ifSpeed and
ifHighSpeed are respectively displayed as bandwidth x 1000 x 1000 and
bandwidth.
● If the configured bandwidth is equal to or larger than 4000 Mbit/s, ifSpeed
and ifHighSpeed are respectively displayed as 4294967295 (0XFFFFFFFF) and
bandwidth.
Example
# Set the bandwidth of GE0/0/1 to 10000 Mbit/s.
[HUAWEI-GigabitEthernet0/0/1] bandwidth 10000
6.1.2 description (interface view)

Function
The description command configures the description for an interface.
The undo description command restores the default description of an interface.
By default, the description of an interface is "HUAWEI, AP Series, interface-type

interface-number Interface".

Fat AP and Cloud AP
Format
description description
undo description
Parameters
description Specifies the interface The value is a string of 1

description. to 242 characters. The
character string is case
sensitive. It can contain
blanks but cannot
contain the question
mark (?).
Views
Interface view
Default Level
Usage Guidelines
Usage Scenario
To facilitate device management and maintenance, you can configure descriptions
for interfaces. An interface description can contain the device where the interface
is located, interface type, and remote device. For example: To-[DeviceB]GE-0/0/1
indicates that an interface of this device is connected to GE0/0/1 of device B.
Precautions
The interface description is displayed from the first non-space character.
Example
# Configure the description of GE0/0/1 as To-[DeviceB]GE-0/0/1, indicating that
this device is connected to device B through GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] description To-[DeviceB]GE-0/0/1
6.1.3 display default-parameter interface

Function
The display default-parameter interface command displays the default interface
configuration, including the interface status, MTU, interval for collecting traffic

Fat AP and Cloud AP
statistics, alarm threshold, interface description, whether the alarm function is

enabled to send an alarm to the NMS when the interface status changes.
Format
display default-parameter interface interface-type interface-number
Parameters
interface-type interface- Displays the default configuration of a -

number specified interface.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Default configurations are not saved in the configuration file. To check the default
configuration of an interface, run the display default-parameter interface
command on the interface.
The displayed information varies according to interfaces.
Example
# Display the default configuration of GE0/0/1.
<HUAWEI> display default-parameter interface gigabitethernet 0/0/1
Interface state: undo shutdown
Flow-stat interval: 300s
Trap-threshold: input-rate 100, output-rate 100
Snmp trap updown: enable
Description: HUAWEI, AP Series, GigabitEthernet0/0/1 Interface
# Display the default configuration of the interface VLANIF 2.

<HUAWEI> display default-parameter interface vlanif 2
Interface state: undo shutdown
MTU: 1500
Flow-stat interval: 300s
Description: HUAWEI, AP Series, Vlanif2 Interface

Fat AP and Cloud AP
Table 6-1 Description of the display default-parameter interface command

output
Item Description
Interface state Default status of an interface:

● shutdown: The default status of a physical interface
is shutdown.
● undo shutdown: The default status of a logical
interface is undo shutdown.
To change the interface status, run the shutdown
command or the undo shutdown command in the
interface view.
MTU Default MTU value of the interface.
Flow-stat interval Interval for collecting traffic statistics on the interface.

To set the interval for collecting traffic statistics on an
interface, run the set flow-stat interval (interface
view) command in the interface view.
Trap-threshold Alarm threshold for outbound and inbound bandwidth

usage on the interface.
To set the alarm threshold for outbound and inbound
bandwidth usage on an interface, run the trap-
threshold command in the interface view.
Snmp trap updown Whether an alarm is sent to the NMS when the
interface status changes:
● disable: No alarm is sent to the NMS when the
interface status changes.
● enable: An alarm is sent to the NMS when the
interface status changes.
To configure an interface to send an alarm to the NMS
when the interface status changes, run the enable
snmp trap updown command in the interface view.

To configure the description for an interface, run the
description (interface view) command in the
interface view.
6.1.4 display interface

Function
The display interface command displays interface running status and statistics.

Fat AP and Cloud AP
Format
display interface [ interface-type [ interface-number | main ] | main ]
Parameters
interface-type Displays the running -

[ interface-number ] status of an interface.
● interface-type
type.
number.
If the interface type is
specified but no interface
number is specified,
running status of all the
interfaces of this type is
displayed.
main Displays running status -

and traffic statistics
about an interface.
● If an interface has no
sub-interfaces, status
about the interface
are displayed whether
you specify the main
parameter or not.
● If an interface has
sub-interfaces, status
about the interface
and sub-interfaces are
displayed if you do
not specify the main
parameter.
Views
All views
Default Level
1: Monitoring level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
The running status and statistics of an interface includes the physical status, basic
configuration, and packet forwarding of the interface. You can use the display
interface command to collect traffic statistics or locate faults on an interface.
Precautions
If no interface type is specified, the running status and statistics of all the
interfaces is displayed. If the interface type is specified but no interface number is
specified, running status of all the interfaces of this type is displayed.
Example
# Display the running status, basic configuration, and packet forwarding on Layer
2 Ethernet interface GigabitEthernet0/0/1.
<HUAWEI> display interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 current state : UP
Line protocol current state : UP
Description:HUAWEI, AP Series, GigabitEthernet0/0/1 Interface
Switch Port, PVID : 1, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is dcd2-fc21-5d40
Last physical up time : 2013-03-20 19:05:41 UTC-05:13
Last physical down time : 2013-03-20 19:03:54 UTC-05:13
Current system time: 2013-03-22 12:34:24-05:13
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: DISABLE
Mdi : AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 0 bits/sec,Record time: -
Output peak rate 0 bits/sec,Record time: -
Input: 0 packets, 0 bytes

Unicast: 0, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Alignments: 0
Symbols: 0, Ignoreds: 0
Frames: 0
Output: 0 packets, 0 bytes

Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%

Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%

Fat AP and Cloud AP
Table 6-2 Description of the display interface command output

Item Description
current state Current interface status:

● DOWN: indicates that the interface is disabled.
● UP: indicates that the interface is enabled.
Line protocol current Link layer protocol status of the interface:

state ● DOWN: indicates that the link layer protocol of the
interface fails or no IP address is assigned to the
interface.
● UP: indicates that the link layer protocol of the
interface is running properly.
Description Interface description. To configure the description for an

interface, run the description command.
Switch Port, PVID Default VLAN ID of the interface.
TPID Indicates the type of frames that are supported on the

interface.
By default, TPID is displayed as 0x8100, indicating an
802.1Q frame.
This field is displayed only when the interface is a Layer
2 interface.
The Maximum Frame Maximum frame length allowed by the interface. The
Length value varies according to the device model.
IP Sending Frames' Format of the frame contained in the sent IP packet,

Format which can be PKTFMT_ETHNT_2, Ethernet_802.3, or
Ethernet_SNAP.
Hardware address MAC address of the device.
Last physical up time Last time the interface went Up physically. If this field
displays "-", the physical status of the interface does not
change.
Last physical down Last time the interface went Down physically. If this
time field displays "-", the physical status of the interface
does not change.
Current system time Current system time.

Fat AP and Cloud AP
Item Description
Port Mode Working mode of the interface:

● COMMON COPPER: The interface works as an
electrical interface.
● COMMON FIBER: The interface works as an optical
interface.
If the interface is a combo interface:
● COMBO AUTO: The combo interface automatically
selects the working mode.
● FORCE FIBER: The combo interface is configured as
an optical interface.
● FORCE COPPER: The combo interface is configured as
an electrical interface.
Speed Current rate of the interface.
Loopback Loopback configuration of the interface. To configure

this parameter, run the loopback command.
Duplex Duplex mode of the interface.
Negotiation Auto-negotiation mode of the interface.
Mdi Network cable type of the interface.
Last 300 seconds Incoming packet rate (bits per second and packets per
input rate second) within the last 300 seconds.
Last 300 seconds Outgoing packet rate (bits per second and packets per
output rate second) within the last 300 seconds.
Input peak rate Maximum incoming packet rate.
Output peak rate Maximum outgoing packet rate.
Input Total number of received packets.
Output Total number of sent packets.
Unicast Number of unicast packets received or sent by the

interface.
Multicast Number of multicast packets received or sent by the

interface.
Broadcast Number of broadcast packets received or sent by the

interface.
Jumbo Number of jumbo frames received or sent by the

interface.

Fat AP and Cloud AP
Item Description
Discard Number of packets discarded by the interface during

physical layer detection. These packets are discarded
because the interface is congested.
Layer 2 Ethernet interfaces of the device do not support
this statistical item.
Total Error Number of error packets found during physical layer

detection.
CRC Number of CRC error packets received by the interface.
Giants Number of jumbo frames with correct Frame Check

Sequence (FCS) received by the interface.
Jabbers Number of jumbo frames with incorrect FCS received by

the interface, including alignment errors (the number of
bytes that a packet contains is not an integer).
Throttles Number of undersized frames with incorrect FCS

received by the interface. Undersized frames are the
frames that are shorter than 64 bytes and have the
correct format and valid CRC field.
Runts Number of undersized frames with correct FCS received

by the interface. Undersized frames are the frames that
are shorter than 64 bytes and have the correct format
and valid CRC field.
Alignments Number of received frames with alignment errors.
Symbols Number of received frames with coding errors.
Ignoreds Number of received MAC control frames with OpCode

not being PAUSE.
Frames Number of packets with incorrect 802.3 length.
Collisions Number of collision frames. A collision frame is a packet

that is not sent due to a detected collision.
ExcessiveCollisions Number of excessive frames that are not sent after 16

consecutive collisions occur. These frames are not sent
due to excessive collisions.
Late Collisions Number of frames that experience conflict events and

are delayed. The first 512 bits of these frames have
been sent but these frames are delay because conflicts
are detected.
Deferreds Number of deferred packets. A deferred packet refers to

a packet that is delayed due to a detected collision.
Input bandwidth Threshold for inbound bandwidth usage.

utilization threshold

Fat AP and Cloud AP
Item Description
Output bandwidth Threshold for outbound bandwidth usage.

Input bandwidth Inbound bandwidth usage.

utilization
Output bandwidth Outbound bandwidth usage.

utilization
6.1.5 display interface brief

Function
The display interface brief command displays brief information about the status
and configuration of interfaces.
Format
display interface brief [ main ]
Parameters
main Displays brief -

information about an
Ethernet main interface.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The display interface brief command displays brief information about interfaces,
including the physical status, link layer protocol status, inbound and outbound
bandwidth usage within a certain period, and numbers of sent and received error
packets. This information helps locate faults on interfaces.
Precautions
To clear statistics on an interface, run the reset counters interface command.

Fat AP and Cloud AP
Example
# Display brief information about the status and configuration of interfaces.
<HUAWEI> display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/1 up up 0.01% 0.01% 0 0
LoopBack0 up up(s) 0% 0% 0 0
LoopBack1 up up(s) 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Vlanif1 up down -- -- 0 0
Vlanif100 down down -- -- 0 0
Vlanif2001 up up -- -- 0 0
Wlan-Bss0 up up -- -- 0 0
Wlan-Radio0/0/0 up up -- -- 0 0
Wlan-Radio0/0/1 up up -- -- 0 0
Table 6-3 Description of the display interface brief command output

Item Description
Interface Type and number of an interface.
PHY Physical status of an interface:

● up: indicates that the interface is working properly.
● down: indicates that the physical layer of the interface
fails.
● *down: Administratively Down, indicating that the
administrator has run the shutdown command on the
interface.
● (l): indicates that the loopback function is enabled on
the interface.
Protocol Link layer protocol status of the interface:

● down: indicates that the link layer protocol of the
interface fails.
the interface.
● (s): indicates that the spoofing function is enabled on
the interface.
● (e): indicates that the link layer of the interface is in
EFM Down state.
● (d): indicates that the protocol module of the interface
is suppressed.
● --: indicates that the link layer protocol status is not
obtained.

Fat AP and Cloud AP
Item Description
InUti Instantaneous bandwidth usage in the inbound direction

of an interface.
When the average bandwidth usage is smaller than
0.01% and greater than 0, the value 0.01% is displayed.
When the interface bandwidth becomes lower, the
bandwidth usage may be displayed as 100% because the
traffic volume is not adjusted in time. "--" indicates that
an interface does not support the display of bandwidth
usage.
OutUti Instantaneous bandwidth usage in the outbound direction

of an interface.
When the average bandwidth usage is smaller than
0.01% and greater than 0, the value 0.01% is displayed.
When the interface bandwidth becomes lower, the
bandwidth usage may be displayed as 100% because the
traffic volume is not adjusted in time. "--" indicates that
an interface does not support the display of bandwidth
usage.
inErrors Number of error packets received by an interface. The

value becomes 0 when you run the reset counters
interface command in the user view or when the number
of received packets reaches the maximum value
0xFFFFFFFF.
outErrors Number of error packets sent by an interface. The value

becomes 0 when you run the reset counters interface
command in the user view or when the number of sent
packets reaches the maximum value 0xFFFFFFFF.
6.1.6 display interface description

Function
The display interface description command displays the description of an
interface.
Format
display interface description [ interface-type [ interface-number ] ]

Fat AP and Cloud AP
Parameters
interface-type Displays the description -

[ interface-number ] of a specified interface.
If an interface type is
number is specified, the
description of all
interfaces of the
specified type is
displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display interface command can also display the description of an interface.
To quickly view the description of an interface, you are advised to use the display
interface description command.
If no interface type is specified, the description of all interfaces is displayed. If an

interface type is specified but no interface number is specified, the description of
all interfaces of the specified type is displayed.
Example
# Display the description of GE0/0/1.
<HUAWEI> display interface description gigabitethernet 0/0/1
PHY: Physical
(l): loopback
(s): spoofing
(e): ETHOAM down
(d): Dampening Suppressed
Interface PHY Protocol Description
GE0/0/1 down down HUAWEI, AP Series, GigabitEthernet0/0/1 Interface
Table 6-4 Description of the display interface description command output
Item Description

Fat AP and Cloud AP
Item Description

● down: indicates that the physical layer of the interface
fails.
● *down: Administratively Down, indicating that the
interface.
the interface.
Protocol Link layer protocol status of the interface:

● down: indicates that the link layer protocol of the
interface fails.
the interface.
● (s): indicates that the spoofing function is enabled on
the interface.
● (e): indicates that the link layer of the interface is in
EFM Down state.
● (d): indicates that the protocol module of the interface
is suppressed.
● --: indicates that the link layer protocol status of the
interface is not obtained.
6.1.7 display interface counters

Function
The display interface counters command displays packet statistics on physical
interfaces.
Format
display interface [ interface-type ] counters { inbound | outbound }
Parameters
interface-type Displays statistics about -

packets sent and
received by an interface.

Fat AP and Cloud AP
inbound Displays statistics about -

packets received by an
interface.
outbound Displays statistics about -

packets sent by an
interface.
Views
All views
Default Level
Usage Guidelines
Usage Scenario
The display interface counters command can be used when you need to:
● Check whether an interface is sending and receiving packets normally during

interface fault diagnosis.
● Collect traffic statistics on an interface.
● Check whether an interface can send and receive multicast packets after the
multicast function is configured.
If no interface type is specified, the statistics of packets sent and received by all
interfaces are displayed. If an interface type is specified, the statistics about
packets sent and received by all interfaces of this type are displayed.
Follow-up Procedure
If you want to collect new traffic statistics, run the reset counters interface
command to clear the current statistics.
Example
# Display statistics about packets received by an interface.
<HUAWEI> display interface gigabitethernet counters inbound
Interface Total UniCast MultiCast BroadCast Err
(pkts) (pkts) (pkts) (pkts) (pkts)
GE0/0/1 375795 37306 14122 324367 0
NOTICE
OverFlow :more than 14 decimal digits (8 digits for column "Err").
-- :not supported.

Fat AP and Cloud AP
Table 6-5 Description of the display interface counters command output
Item Description
Total Total number of packets sent and received by an

interface.
UniCast Number of unicast packets sent or received by an

interface.
MultiCast Number of multicast packets sent or received by an

interface.
BroadCast Number of broadcast packets sent or received by an

interface.
Err Number of error packets sent or received by an

interface.
OverFlow :more than The character OverFlow is displayed when the statistics
14 decimal digits (8 value for each type exceeds the maximum value that
digits for column can be displayed.
"Err"). ● For Err frames, OverFlow is displayed when the value
exceeds 8 decimal numbers.
● For other data, OverFlow is displayed when the value
exceeds 14 decimal numbers.
-- :not supported. The device does not support statistics collection for the
specific type.
6.1.8 display ip interface
Function
The display ip interface command displays the IP configuration and statistics on
interfaces. The statistics include the number of packets and bytes received and
sent by interfaces, number of multicast packets sent and received by interfaces,
and number of broadcast packets received, sent, forwarded, and discarded by
interfaces.
The display ip interface brief command displays brief information about

interface IP addresses, including the IP address, subnet mask, physical status, link-
layer protocol status, and number of interfaces in different states.
Format
display ip interface [ interface-type interface-number ]
display ip interface brief [ interface-type [ interface-number ] ]
display ip interface brief [ interface-type ] &<1-8>

Fat AP and Cloud AP
Parameters
interface-type Specifies the type and number of an interface. If no -
interface-number interface is specified, IP configuration and statistics
about all interfaces are displayed.
brief Displays brief information, including the IP address, -

subnet mask, physical status, link-layer protocol
status, and number of interfaces in different states.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display ip interface brief command to view the following
information:
● IP configurations of all interfaces
● IP configurations of interfaces of the specified type and a specified interface
● IP configurations of interfaces that have IP addresses
This command, however, cannot display the IP configurations of Layer 2 interfaces
or Eth-Trunk member interfaces.
NOTE
● You can run the display interface description command to view the interface
description.
● You can run the display interface command to view detailed information about the
running status and statistics on the interface.
Example
# Display IP information about VLANIF15.
<HUAWEI> display ip interface vlanif 15
Vlanif15 current state : UP
The Maximum Transmit Unit : 1500 bytes
input packets : 766390, bytes : 41540847, multicasts : 681817
output packets : 242239, bytes : 14679482, multicasts : 172333
Directed-broadcast packets:
received packets: 0, sent packets: 0
forwarded packets: 0, dropped packets: 0
Internet Address is 10.1.1.119/24
Broadcast address : 10.1.1.255
TTL being 1 packet number: 164035
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0

Fat AP and Cloud AP
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
Table 6-6 Description of the display ip interface command output

Item Description
current state : Physical status of the interface:

● UP: indicates that the interface is physically
Up.
● DOWN: indicates that the interface is
physically Down.
● Administratively down: indicates that the
administrator has run the shutdown
Line protocol current state : Link layer protocol status of the interface:
● UP: The link layer protocol of the interface
is running properly.
● DOWN: The link layer protocol of the
interface is Down or no IP address is
configured on the interface.
The Maximum Transmit Unit : MTU of the interface. The default MTU of an
Ethernet interface or a serial interface is 1500
bytes. Packets longer than the MTU are
fragmented before being transmitted. If
fragmentation is not allowed, the packets are
discarded.
input packets : 766390, bytes : Total number of packets, bytes, and multicast
41540847, multicasts : 681817 packets received by the interface.
output packets : 242239, Total number of packets, bytes, and multicast

bytes : 14679482, multicasts : packets sent by the interface.
172333
Directed-broadcast packets: Number of packets broadcast on the interface

directly.
received packets: Total number of received packets.
sent packets: Total number of sent packets.

Fat AP and Cloud AP
Item Description
forwarded packets: Total number of forwarded packets.
dropped packets: Total number of discarded packets.
Internet Address is IP address assigned to the interface and mask

length.
Broadcast address : Broadcast address of the interface.
TTL being 1 packet number: Number of packets with TTL 1.
TTL invalid packet number: Number of packets with invalid TTL.
ICMP packet input number: Number of received ICMP packets.
Echo reply: Number of Echo Reply packets.
Unreachable: Number of Destination Unreachable packets.
Source quench: Number of Source Quench packets.
Routing redirect: Number of Redirect packets.
Echo request: Number of Echo Request packets.
Router advert: Number of Router Advertisement packets.
Router solicit: Number of Router Solicitation packets.
Time exceed: Number of Time Exceeded packets.
IP header bad: Number of IP header error packets.
Timestamp request: Number of Timestamp Request packets.
Timestamp reply: Number of Timestamp Reply packets.
Information request: Number of Information Request packets.
Information reply: Number of Information Reply packets.
Netmask request: Number of Address Mask Request packets.
Netmask reply: Number of Address Mask Reply packets.
Unknown type: Number of unknown packets.
6.1.9 display ip interface description
Function
The display ip interface description command displays IP-related information
(such as the IP address, subnet mask, physical layer status, link layer protocol
status, and number of interfaces in different states) and description of an
interface.

Fat AP and Cloud AP
Format
display ip interface description [ interface-type [ interface-number ] | interface-
type &<1-8> ]
Parameters
interface-type Indicates the interface type. If no interface type is -

specified, IP-related configurations and statistics of all
interfaces are displayed.
interface- Indicates the interface number, which is used together -

number with interface-type to identify an interface. If no
interface number is specified, IP-related configurations
and statistics of interfaces in the same type are
displayed.
interface-type Indicates that the command can display IP-related -

information about interfaces of multiple types. The
command can display IP-related information about
interfaces in a maximum of eight types.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
Instead of running the display ip interface brief and display interface
description commands, you can run the display ip interface description
command to view both IP-related information and description of an interface,
which facilitates the user operation.
Example
# View IP-related information and description of a specified interface.
<HUAWEI> display ip interface description
Codes:
Ana(Analogmodem), Asy(Async), Cell(Cellular),
Dia(Dialer), Eth(Ethernet) GE(GigabitEthernet),
H(Hssi), Ima(Ima-group), Loop(LoopBack),
MTun(MTunnel), S(Serial), Tun(Tunnel),
VE(Virtual-Ethernet), VT(Virtual-Template)
d(dampened), D(down), *D(administratively down),

Fat AP and Cloud AP
^D(standby), l(loopback), s(spoofing),

U(up), E(E-Trunk down)
------------------------------------------------------------------------------
Number of interfaces whose physical status is Up: 3
Number of interfaces whose physical status is Down: 1
Number of interfaces whose protocol status is Up: 2
Number of interfaces whose protocol status is Down: 2
Interface IP Address/Mask Phy Prot Description

NULL0 unassigned U U(s)
Vlanif1 unassigned U D
Vlanif102 unassigned D D
Vlanif400 192.168.40.1/24 U U

Fat AP and Cloud AP
Table 6-7 Description of the display ip interface description command output

Item Description
Codes: The following information provides the full

spelling and explanation of the abbreviated
interface names, physical status, and link
layer protocols.
● Full spelling of the abbreviated interface
names is as follows:
– Ana: Analogmodem interfaces
– Asy: Async interfaces
– Cell: Cellular interfaces
– Dia: Dialer interfaces
– Eth: Ethernet interfaces
– GE: GigabitEthernet interfaces
– H: HSSI interfaces
– Ima: IMA-Group interfaces
– Loop: Loopback interfaces
– MTun: MTunnel interfaces
– S: Serial interfaces
– Tun: Tunnel interfaces
– VE: Virtual-Ethernet interfaces
– VT: Virtual-Template interfaces
● Explanation of the abbreviated physical
status of the interface is as follows:
– U: indicates that the physical status of
the interface is Up. U(l) indicates that
the interface is enabled with the
loopback function.
– D: indicates that the physical status of
the interface is Down.
– *D: indicates that the network
– ^D: indicates that the FIB module is in
the standby state.
– s: indicates that the interface is in
spoofing status.
– E: indicates the physical status of the
Eth-Trunk.
● Explanation of the abbreviated link layer
protocol status is as follows:
– U: indicates that the status of the link
layer protocol on the interface is Up.

Fat AP and Cloud AP
Item Description
U(s) indicates that the link layer

protocol of the interface is Up even
though the interface is not configured
with an IP address. (s) is an inherent
attribute of the interface and will be
displayed when the interface is
configured with an IP address. (d)
indicates that the protocol module of
the interface is dampened.
– D: indicates that the link layer protocol
of the interface is Down or no IP
address is assigned to the interface.
Number of interfaces whose Indicates the number of interfaces whose

physical status is Up: physical status is Up.
Number of interfaces whose Indicates the number of interfaces whose

physical status is Down: physical status is Down.
Number of interfaces whose Indicates the number of interfaces whose link

protocol status is Up: layer protocol is Up.
Number of interfaces whose Indicates the number of interfaces whose link

protocol status is Down: layer protocol is Down.
Interface Indicates the name and number of an

interface.
IP Address/Mask Indicates the IP address and subnet mask of

an interface.
Phy Indicates the physical status of an interface.
Prot Indicates the link layer protocol status of an

interface.
Description Indicates the description of an interface,

expressed in characters. A maximum of 20
characters can be displayed. When the length
of the description is greater than 20
characters, only the first 17 characters are
displayed and the last 3 characters are
replaced by ellipsis (...). If the description of
an interface is the default setting, no
information is displayed.

Fat AP and Cloud AP
6.1.10 display this interface

Function
The display this interface command displays interface information in the current
interface view.
Format
display this interface
Parameters
None
Views
Interface view
Default Level
1: Monitoring level
Usage Guidelines
In the interface view, you can run the display this interface command to rapidly
view the status of the interface and packet statistics on the interface.
Although the default level of the display this interface command is monitoring
level, this command must be run in the interface view. Therefore, to run this
command, you need to be of the configuration level or higher.
Example
# Display information about GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] display this interface
GigabitEthernet0/0/1 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, AP Series, GigabitEthernet0/0/1 Interface
Switch Port, PVID : 1, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is dcd2-fcf9-b5ca
Last physical up time : -
Last physical down time : 2011-12-12 03:36:09 UTC+08:00
Current system time: 2011-12-12 10:51:31+08:00
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Input peak rate 0 bits/sec,Record time: -
Output peak rate 0 bits/sec,Record time: -


Fat AP and Cloud AP
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Alignments: 0
Symbols: 0, Ignoreds: 0
Frames: 0

Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%

Output bandwidth utilization threshold: 100.00%
Table 6-8 Description of the display this interface command output

Item Description
current state Current interface status:

● DOWN: indicates that the interface is disabled.
● UP: indicates that the interface is enabled.
Line protocol current Link layer protocol status of the interface:

state ● DOWN: indicates that the link layer protocol of the
interface fails or no IP address is assigned to the
interface.
● UP: indicates that the link layer protocol of the
interface is running properly.
PVID Default VLAN ID of the interface.
TPID Type of frames that are supported on the interface.

By default, this field displays 0x8100, indicating an
802.1Q frame. If the device does not support 802.1Q
frames, the interface discards the 802.1Q frames
immediately after receiving them.
This field is displayed only for a Layer 2 interface.
The Maximum Frame Maximum frame length allowed by the interface.

Length
IP Sending Frames' Format of the frame contained in the sent IP packet,

Format which can be PKTFMT_ETHNT_2, Ethernet_802.3, or
Ethernet_SNAP.
Hardware address MAC address of the device.

Fat AP and Cloud AP
Item Description
change.
does not change.

If the time zone is configured and the daylight saving
time is used, the time is in YYYY/MM/DD HH:MM:SS
UTC±HH:MM DST format.
Port Mode Working mode of the interface:

● COMMON COPPER: The interface works as an
● COMMON FIBER: The interface works as an optical
interface.
Speed Current rate of an interface.
Loopback Loopback configuration of the interface.
Duplex Duplex mode of the interface.
Negotiation Auto-negotiation mode of the interface.
Mdi Network cable type of the interface.
Last 300 seconds Incoming packet rate (bits per second and packets per
input rate second) within the last 300 seconds.
Last 300 seconds Outgoing packet rate (bits per second and packets per
output rate second) within the last 300 seconds.
Input peak rate 0 Maximum rate of incoming packets and time when the
bits/sec,Record time maximum rate is reached.
Output peak rate 0 Maximum rate of outgoing packets and time when the
bits/sec,Record time maximum rate is reached.
Input Total number of received packets.
Output Total number of sent packets.
Unicast Number of unicast packets received or sent by the

interface.
Multicast Number of multicast packets received or sent by the

interface.
Broadcast Number of broadcast packets received or sent by the

interface.

Fat AP and Cloud AP
Item Description
Jumbo Number of jumbo frames received or sent by the

interface.
Discard Number of packets discarded by the interface during

physical layer detection.
Total Error Number of error packets found during physical layer

detection.
CRC Number of CRC error packets received by the interface.
Giants Number of jumbo frames with correct FCS received by

the interface.
Jabbers Number of jumbo frames with incorrect FCS received by

the interface, including alignment errors (the number of
bytes that a packet contains is not an integer).
Throttles Number of undersized frames with incorrect FCS

received by the interface.
Runts Number of undersized frames with correct FCS received

by the interface.
Alignments Number of received frames with alignment errors.
Symbols Number of received frames with coding errors.
Ignoreds Number of received MAC control frames with OpCode

not being PAUSE.
Frames Number of packets with incorrect 802.3 length.
Collisions Number of sent packets with 1 to 15 conflict events.
ExcessiveCollisions Number of packets with 16 conflict events and failing to

be sent.
Late Collisions Number of packets with conflict and delayed.
Deferreds Number of delayed packets without conflict.
Input bandwidth Threshold for inbound bandwidth usage.

Output bandwidth Threshold for outbound bandwidth usage.

Input bandwidth Inbound bandwidth usage.

utilization
Output bandwidth Outbound bandwidth usage.

utilization

Fat AP and Cloud AP
6.1.11 interface
Function
The interface command displays the interface view.
Format
interface interface-type interface-number
undo interface interface-type interface-number
Parameters
interface-type Specifies the type and number of an interface. The -

interface-number interface type and number can be closely next to
each other or separated by a space character.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
After the specified interface view is displayed, you can set attributes for the
interface.
Precautions
● The interface command can display only the view of an existing physical
interface and cannot create a physical interface.
● The interface command can create a logical interface and display the view of
the logical interface.
● After an RU goes online, the central AP generates a virtual Ethernet interface.
If you cannot enter the Ethernet interface view, run the wired-port-profile
(WLAN view) command to enter the AP wired port profile view to configure
the Ethernet interface.
Example
# Display the view of GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1]

Fat AP and Cloud AP
6.1.12 reset counters if-mib interface
Function
The reset counters if-mib interface command clears interface traffic statistics in
the Network Management System (NMS).
Format
reset counters if-mib interface [ interface-type [ interface-number ] ]
Parameters
interface-type Clears traffic statistics on a specified interface in the -
[ interface- NMS.
number ]
● interface-type specifies the interface type.
● interface-number specifies the interface number.
If an interface type is specified but no interface
number is specified, traffic statistics on all interfaces
of the specified type are cleared.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Before collecting traffic statistics on a specific interface within a period in the

NMS, clear existing traffic statistics on this interface in the NMS.
NOTE
For details on how to view interface traffic statistics in the NMS, see the NMS
documentation.
Precautions
● If no interface type and number are specified, traffic statistics of all interfaces
in the NMS are cleared.
● After you run the reset counters if-mib interface command, traffic statistics
on all interfaces in the NMS are cleared. Therefore, confirm the action before
you run this command.

Fat AP and Cloud AP
● Running the reset counters if-mib interface command does not affect the
interface traffic statistics displayed by the display interface command. To
clear the interface traffic statistics displayed by the display interface
command, run the reset counters interface command.
Example
# Clear traffic statistics on GE0/0/1 in the NMS.
<HUAWEI> reset counters if-mib interface gigabitethernet 0/0/1
6.1.13 reset counters interface
Function
The reset counters interface command clears traffic statistics about a specified
interface.
Format
reset counters interface [ interface-type [ interface-number ] ]
Parameters
interface-type Clears traffic statistics on -

[ interface-number ] a specified interface.
● interface-type
type.
number.
If an interface type is
number is specified,
traffic statistics on all
interfaces of the
specified type are
cleared.
Views
User view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
Before collecting traffic statistics on an interface within a certain period, run the
reset counters interface command to clear existing traffic statistics.
Precautions
● Statistics cannot be restored after being cleared. Therefore, exercise caution
before clearing the statistics.
● Traffic accounting is based on the packet statistics on an interface. The
clearing of the packet statistics on an interface by using the reset counters
interface command affects the traffic accounting result. Therefore, do not
randomly clear the packet statistics on an interface in a normal application
environment.
● If no interface type is specified, traffic statistics on all types of interfaces are
cleared. If an interface type is specified but no interface number is specified,
traffic statistics on all interfaces of the specified type are cleared.
● Running the reset counters interface command clears the last part of the
display interface command output. That is, statistics about received and
transmitted packets on the interface are cleared.
Example
# Clear traffic statistics on all interfaces.
<HUAWEI> reset counters interface
# Clear traffic statistics on VLANIF10.

<HUAWEI> reset counters interface vlanif 10
6.1.14 restart (interface view)

Function
The restart command restarts an interface.
Format
restart
Parameters
None
Views
GE interface view, Ethernet interface view, VLANIF interface view, MultiGE
interface view, Eth-Trunk interface view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
After modifying parameters of an interface, run the restart command to make the
modification take effect.
Precautions
● Restarting an interface during data transmission will cause data frame loss or
service interruption. Exercise caution when you use the restart command.
● Running the restart command is equivalent to running the shutdown
command and the undo shutdown command in sequence.
Example
# Restart GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] restart
6.1.15 set flow-stat interval (interface view)

Function
The set flow-stat interval command sets the interval for collecting the traffic
statistics on interfaces.
The undo set flow-stat interval command restores the default interval for
collecting traffic statistics on interfaces.
By default, the interval for collecting traffic statistics on interfaces is 300 seconds.
Format
set flow-stat interval interval-time
undo set flow-stat interval
Parameters
interval-time Specifies the interval for The value is an integer

collecting traffic statistics that ranges from 10 to
on interfaces. 600, in seconds. In
addition, the value must
be a multiple of 10. The
default value is 300s.
Views
Interface view

Fat AP and Cloud AP
Default Level
Usage Guidelines
Usage Scenario
By using the set flow-stat interval command to set the interval for collecting
traffic statistics on interfaces, you can collect and analyze traffic statistics
according to your needs. You can also take traffic control measures based on the
traffic statistics to prevent network congestion and service interruption.
● When congestion occurs, set the interval for collecting traffic statistics on an
interface to less than 300 seconds, or 30 seconds if congestion worsens. Then
observe the traffic distribution on the interface within a short period of time.
If data packets cause congestion, take proper measures to control the rate of
the packets.
● When the network bandwidth is sufficient and services are running properly,
set the interval for collecting traffic statistics on an interface to more than
300 seconds. If the value of any traffic parameter is not within the specified
range, change the interval for collecting traffic statistics to observe the traffic
volume in real time.
Precautions
● The interval configured in the system view takes effect on all the interfaces
that use the default interval.
● The interval configured in the interface view takes effect only on the current
interface.
● The interval configured in the interface view takes precedence over the
interval configured in the system view.
Example
# Set the interval for collecting traffic statistics on GE0/0/1 to 400s.
[HUAWEI-GigabitEthernet0/0/1] set flow-stat interval 400
6.1.16 shutdown (interface view)

Function
The shutdown command disables an interface.
The undo shutdown command enables an interface.
By default, interfaces are enabled.
Format
shutdown
undo shutdown

Fat AP and Cloud AP
Parameters
None
Views
GE interface view, Ethernet interface view, VLANIF interface view, MultiGE
interface view, Eth-Trunk interface view
Default Level
Usage Guidelines
Usage Scenario
After modifying parameters of an interface, run the shutdown and undo
shutdown commands to make the modification take effect.
When an interface is not connected to a cable or fiber, you can use the shutdown
command to disable the interface to prevent exceptions caused by interference.
Precautions
● Disabling an interface during data transmission will cause data frame loss or
service interruption. Exercise caution when you use the shutdown command.
● Some logical interfaces, such as loopback, and null interfaces, do not support
the shutdown and undo shutdown commands.
● If you run the shutdown command in the Eth-Trunk interface view, all Eth-
Trunk member interfaces are disabled.
● Running the shutdown and undo shutdown commands is equivalent to
running the restart command.
● To ensure that the cloud AP is managed by the SDN controller, you cannot
run the shutdown command on the cloud AP to disable the following
interfaces:
– Physical interface and VLANIF interface used to communicate with the
SDN controller
– VLANIF interface corresponding to the management VLAN
Example
# Shut down GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] shutdown
6.1.17 shutdown interval

Function
The shutdown interval command sets the minimum interval for re-enabling an
interface.

Fat AP and Cloud AP
The undo shutdown interval command restores the default minimum interval for
re-enabling an interface.
By default, the minimum interval for re-enabling an interface is 0 seconds.
Format
shutdown interval interval-value
undo shutdown interval
Parameters
interval-value Specifies the minimum The value is an integer

interval for re-enabling that ranges from 5 to 15,
an interface. in seconds.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
In some cases, for example, when parameters of an interface are modified but the
modification does not take effect immediately, run the shutdown and undo
shutdown commands to re-enable the interface. Then the modification can take
effect. To shorten the waiting time, run the shutdown interval command to set
the minimum interval for re-enabling an interface.
Precautions
● The minimum interval configured using this command also applies to the
restart command.
Example
# Set the minimum interval for re-enabling an interface to 5 seconds.
[HUAWEI] shutdown interval 5
6.2 Ethernet Interface Configuration Commands

Fat AP and Cloud AP
6.2.1 am isolate
Function
The am isolate command isolates the current interface from a specified interface
unidirectionally.
The undo am isolate command cancels unidirectional isolation between the
current interface and a specified interface. If no interface is specified,
unidirectional isolation between the current interface and all the other interfaces
is canceled.
By default, no unidirectional isolation is configured between the current interface
and a specified interface
NOTE
Only the AD9431DN-24X support this function.
Format
am isolate { interface-type interface-number }&<1-8>
undo am isolate [ interface-type interface-number ]&<1-8>
Parameters

number number of the interface
from which the current
interface is isolated
unidirectionally.
● interface-type
specifies the type of
the interface.
specifies the number
of the interface.
Views
GE interface view, XGE interface view, port group view, Eth-Trunk interface view
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
The am isolate command isolates interfaces unidirectionally. For example, if

interface A is isolated from interface B unidirectionally, packets sent from interface
A cannot reach interface B, but packets sent from interface B can reach interface
A. Unidirectional isolation needs to be configured in the following scenarios:
● When multiple hosts connect to different interfaces of a device and a host

sends many broadcast packets to the other hosts, isolate the interface
connected to the host from other interfaces unidirectionally. Then the other
hosts do not receive packets from the host.
● Interfaces in a port isolation group are isolated from each other, but
interfaces in different port isolation groups can communicate. To isolate
interfaces in different port isolation groups, configure unidirectional isolation
between these interfaces.
By default, only Layer 2 packets of the current interface are isolated from a
specified interface, but Layer 3 packets are not isolated. To isolate both Layer 2
and Layer 3 packets on interfaces unidirectionally, run the port-isolate mode all
command.
Precautions
An interface can be unidirectionally isolated from another type of interface.

However, an interface cannot be unidirectionally isolated from itself or from the
management interface. In addition, an Eth-Trunk cannot be unidirectionally
isolated from its member interfaces.
Example
# Isolate GE0/0/1 from GE0/0/2 unidirectionally.
[HUAWEI-GigabitEthernet0/0/1] am isolate gigabitethernet 0/0/2
6.2.2 auto duplex
Function
The auto duplex command configures the duplex mode on an Ethernet electrical
interface in auto-negotiation mode.
The undo auto duplex command restores the default duplex mode on an
Ethernet electrical interface in auto-negotiation mode.
By default, the duplex mode on an Ethernet electrical interface is negotiated with

the peer interface.
Format
auto duplex { half | full } *
undo auto duplex

Fat AP and Cloud AP
Parameters
half Sets the duplex mode on -

an Ethernet electrical
interface in auto-
negotiation mode to
half-duplex.
full Sets the duplex mode on -

an Ethernet electrical
interface in auto-
negotiation mode to full-
duplex.
Views
GE interface view, MultiGE interface view
Default Level
Usage Guidelines
Usage Scenario
In auto-negotiation mode, interfaces on both ends of a link negotiate their duplex

mode. If the negotiated duplex mode is not the required one, you can run the
auto duplex command to set the required duplex mode in auto-negotiation
mode. For example, two interfaces on both ends support full-duplex mode and
half-duplex mode. If the two interfaces negotiate to work in half-duplex mode,
but they are required to work in full-duplex mode, you can run the auto duplex
full command to set the full-duplex mode for the two interfaces.
Prerequisites
The Ethernet interface works in auto-negotiation mode.
Precautions
● For details about the duplex modes that various Ethernet interfaces support,
see see Overview of Ethernet Interfaces in the Configuration Guide-
Overview of Ethernet Interfaces.
● In auto-negotiation mode, a GE electrical interface that works at a rate of
1000 Mbit/s supports the full-duplex mode. If the duplex mode is changed to
half-duplex, the GE electrical interface works at a maximum rate of 100
Mbit/s.
NOTE
The interfaces on both ends of a link must have the same duplex mode.

Fat AP and Cloud AP
Example
# Configure Ethernet electrical interface GE0/0/1 in auto-negotiation mode to
work in half-duplex mode.
[HUAWEI-GigabitEthernet0/0/1] auto duplex half
6.2.3 auto speed

Function
The auto speed command configures the auto-negotiation rate of an Ethernet
The undo auto speed command restores the default auto-negotiation rate of an
Ethernet electrical interface.
By default, Ethernet electrical interfaces on both ends can negotiate to any rate
they support.
Format
auto speed { 10 | 100 | 1000 | 2500 | 5000 } *
undo auto speed
Parameters
10 Sets the auto- -

negotiation rate of an
Ethernet electrical
interface to 10 Mbit/s.
100 Sets the auto- -

Ethernet electrical

Ethernet electrical

Ethernet electrical

Ethernet electrical

Fat AP and Cloud AP
NOTE
Only MultiGE interfaces support the parameters 2500/5000.

The auto-negotiation rate configured for an Ethernet interface cannot exceed the
interface's capability. For example, the auto-negotiation rate of a GE interface cannot be set
to 2500 Mbit/s.
Views
Default Level
Usage Guidelines
Usage Scenario
In auto-negotiation mode, interfaces on both ends of a link negotiate their rate. If

the negotiated rate is not the required one, run the auto speed command to set
the auto-negotiation rate range to limit the negotiated rate. For example, if two
interfaces negotiate to work at a rate of 1000 Mbit/s, but they are required to
work at a rate of 100 Mbit/s, you can run the auto speed 100 command to set
the rate of the interfaces to 100 Mbit/s.
Prerequisites
The Ethernet interface works in auto-negotiation mode.
Example
# Configure Ethernet electrical interface GE0/0/1 to work at a rate of 100 Mbit/s
in auto-negotiation mode.
[HUAWEI-GigabitEthernet0/0/1] auto speed 100
6.2.4 cable-snr-test
Function
The cable-snr-test command checks the network cable quality and displays the
check result.
NOTE
This function is supported only by MultiGE electrical interfaces on the AP6052DN, AP7050DN-E,
AP7052DN, AP7152DN, AP7052DE, AP8082DN, and AP8182DN.
Format
cable-snr-test

Fat AP and Cloud AP
Parameters
None
Views
MultiGE interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can check the quality of the network cable on a MultiGE electrical interface to
determine whether the network cable quality meets communication requirements.
Precautions
● This command checks real-time quality of the network cable on an interface,
and the network cable quality changes with the external environment.
● A MultiGE electrical interface supports the network cable quality check only
when it works at the rate of 2.5 Gbit/s or higher.
● An interface does not support the network cable quality check when it is
Down or in loopback detection mode.
Example
# Check the network cable quality on MultiGE0/0/1.
[HUAWEI] interface MultiGE 0/0/1
[HUAWEI-MultiGE0/0/1] cable-snr-test
Info: The current network cable is of good quality.
6.2.5 display interface ethernet brief

Function
The display interface ethernet brief command displays brief information about
all Ethernet interfaces.
Format
display interface ethernet brief [ main ]
Parameters
main Displays brief -

Ethernet main interfaces.

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can use the display interface ethernet brief command to view brief
information about Ethernet interfaces, including the physical status, auto-
negotiation mode, duplex mode, bandwidth, and average inbound and outbound
bandwidth usages within the last period of time. This information helps you locate
and rectify faults.
Precautions
To clear statistics on an interface, run the reset counters interface command.
Example
# Display brief information about all Ethernet interfaces.
<HUAWEI> display interface ethernet brief
PHY: Physical
(l): loopback
InUti/OutUti: input utility/output utility
Interface PHY Auto-Neg Duplex Bandwidth InUti OutUti Trunk
GigabitEthernet0/0/1 up enable full 1000M 0.01% 0.01% --
Table 6-9 Description of the display interface ethernet brief command output
Item Description
Interface Type and number of an interface. All interfaces are displayed in

alphabetical order. Information about the following interfaces can
be displayed:
● GE interface

Fat AP and Cloud AP
Item Description

● up: indicates that the interface works properly.
● down: indicates that the physical layer of the interface fails.
● *down: refers to Administratively Down, indicating that the
administrator has run the shutdown (interface view) command
on the interface.
● ^down: refers to standby, indicating that this interface is a
backup interface.
● (l): refers to loopback, indicating that the loopback function is
enabled on the interface.
Auto- Whether auto-negotiation is enabled on an interface:

Neg ● enable: indicates that auto-negotiation is enabled on the
interface.
● disable: indicates that auto-negotiation is disabled on the
interface.
To configure the auto-negotiation mode for an interface, run the
negotiation auto command.
Duplex Duplex mode of an interface:

● full: indicates the full-duplex mode.
● half: indicates the half-duplex mode.
● In auto-negotiation mode, use the auto duplex command to
configure the duplex mode of an interface.
● In non-auto negotiation mode, use the duplex command to
configure the duplex mode of an interface.
Bandwidt Bandwidth on the interface.

h
InUti Average inbound bandwidth usage within the last 5 minutes.

Average inbound bandwidth usage = Average inbound rate within
the last 5 minutes/Interface bandwidth
When the average bandwidth usage is smaller than 0.01% and
larger than 0, the value 0.01% is displayed. When the interface
bandwidth becomes smaller, for example, the bandwidth is changed
using the speed command, or when an Eth-Trunk member interface
becomes Down or is removed from the Eth-Trunk, the bandwidth
usage may be displayed as 100% because the communication traffic
is not adjusted in time.

Fat AP and Cloud AP
Item Description
OutUti Average outbound bandwidth usage within the last 5 minutes.

Average outbound bandwidth usage = Average outbound rate
within the last 5 minutes/Interface bandwidth
When the average bandwidth usage is smaller than 0.01% and
larger than 0, the value 0.01% is displayed. When the interface
bandwidth becomes smaller, for example, the bandwidth is changed
using the speed command, or when an Eth-Trunk member interface
becomes Down or is removed from the Eth-Trunk, the bandwidth
usage may be displayed as 100% because the communication traffic
is not adjusted in time.
Trunk Number of the Eth-Trunk to which an interface is added.
6.2.6 display port-isolate group
Function
The display port-isolate group command displays the configuration of a port
isolation group.
NOTE
Format
display port-isolate group { group-id | all }
Parameters
group-id Displays the The value is an integer

configuration of a that ranges from 1 to 64.
specified port isolation
group.
all Displays the -

configurations of all port
isolation groups.
Views
All views

Fat AP and Cloud AP
Default Level
1: Monitoring level
Usage Guidelines
The port isolation feature isolates interfaces in a VLAN. By adding interfaces to a
port isolation group, you can implement Layer 2 isolation between these
interfaces. To view the configuration of the port isolation group, run the display
port-isolate group command.
Example
# Display the configurations of all port isolation groups.
<HUAWEI> display port-isolate group all
The ports in isolate group 3:
GigabitEthernet0/0/1
The ports in isolate group 4:
6.2.7 duplex
Function
The duplex command configures the duplex mode on an Ethernet electrical
interface in non-auto-negotiation mode.
The undo duplex command restores the default duplex mode on an Ethernet
electrical interface in no-auto-negotiation mode.
By default, an Ethernet electrical interface works in full-duplex mode when auto-

negotiation is disabled on the interface.
Format
duplex { full | half }
undo duplex
Parameters
full Configures the Ethernet -

interface to work in full-
duplex mode when auto-
negotiation is disabled
on the interface.

Fat AP and Cloud AP
half Configures the Ethernet -

interface to work in half-
duplex mode when auto-
negotiation is disabled
on the interface.
Views
GE interface view
Default Level
Usage Guidelines
Usage Scenario
The duplex mode of an interface needs to be set in the following scenarios:
● To enable an interface to send and receive packets at the same time, set the
full-duplex mode on the interface.
● To disable an interface from sending and receiving packets at the same time,
set the half-duplex mode on the interface.
Prerequisites
The interface works in non-auto negotiation mode.
Precautions
● A GE electrical interface that works at 1000 Mbit/s supports only the full-
duplex mode. A GE electrical interface and its peer interface do not need to
negotiate the duplex mode.
NOTE
The interfaces on both ends of a link must have the same duplex mode.
Example
# Configure Ethernet electrical interface GE0/0/1 to work in half-duplex mode
when non-auto negotiation is disabled on the interface.
[HUAWEI-GigabitEthernet0/0/1] undo negotiation auto
[HUAWEI-GigabitEthernet0/0/1] duplex half

Fat AP and Cloud AP
6.2.8 log-threshold
Function
The log-threshold command sets the inbound and outbound bandwidth usage
thresholds for generating a log.
The undo log-threshold command restores the default inbound and outbound
bandwidth usage thresholds for generating a log.
The default inbound and outbound bandwidth usage thresholds for generating a
log is 100.
Format
log-threshold { input-rate | output-rate } bandwidth-in-use [ resume-rate
resume-threshold ]
undo log-threshold { input-rate | output-rate }
Parameters
input-rate Specifies the inbound -

bandwidth.
output-rate Specifies the outbound -

bandwidth.
bandwidth-in-use Specifies the bandwidth The value is an integer that

usage threshold for ranges from 1 to 100.
generating a log, prompting
for a bandwidth increase
request.
resume-rate Specifies the bandwidth The value is an integer that

resume-threshold usage threshold for ranges from 1 to the value of
generating a log, indicating bandwidth-in-use. The
that bandwidth usage has default value is the value of
been restored. bandwidth-in-use.
Views
GE interface view, MultiGE interface view, XGE interface view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Monitoring bandwidth usage helps you learn about current device load. If the
bandwidth usage exceeds a configured threshold, a log or an alarm is generated,
indicating that bandwidth resources become insufficient and need an increase. For
example, if bandwidth usage exceeds 95% of total bandwidth, an alarm is
generated, indicating that bandwidth is exhausted. Some services may be
interrupted before the bandwidth increases. To help prevent service interruption,
setting two bandwidth usage thresholds, one for generating a log and the other
for generating an alarm helps you increase bandwidth in time.
NOTE
Outbound bandwidth usage = (Outbound interface rate/Outbound physical interface

bandwidth) x 100
Inbound bandwidth usage = (Inbound interface rate/Inbound physical interface bandwidth) x
100
If the offset between the value of bandwidth-in-use and the value of resume-
threshold is too small, log information may be frequently displayed.
Example
# Configure GE0/0/1 to generate a log when the outbound interface rate exceeds
80% of the bandwidth.
[HUAWEI-GigabitEthernet0/0/1] log-threshold output-rate 80
# Configure GE0/0/1 to generate a log when the outbound interface rate exceeds
80% of the bandwidth and to generate a log indicating that bandwidth usage has
been restored, when the outbound interface rate is lower than 60% of the
bandwidth.
[HUAWEI-GigabitEthernet0/0/1] log-threshold output-rate 80 resume-rate 60
6.2.9 loopback
Function
The loopback command enables loopback detection on an interface.
The undo loopback command disables loopback detection on an interface.
By default, loopback detection is not configured.
NOTE
The AD9431DN-24X do not support the parameter remote.
Format
loopback { internal | remote }
undo loopback

Fat AP and Cloud AP
Parameters
internal Configures internal -

loopback detection on a
remote Configures remote -

loopback detection on
an interface.
Views
Default Level
Usage Guidelines
Usage Scenario
Loopback detection can be enabled to test some special functions, for example,
locating faults on the Ethernet. After loopback detection is enabled, the Ethernet
interface works in full-duplex mode. After loopback detection is disabled, the
original duplex mode of the Ethernet interface is restored.
After internal loopback detection is enabled on an interface, packets sent from the
interface are sent back to this interface.
After remote loopback detection is configured, the local interface sends a packet
received from the peer interface back to the peer interface, rather than forwarding
the packet to the destination address.
Follow-up Procedure
Use a dedicated test tool to check whether the number of packets received and
the number of packets sent on the Ethernet interface are the same. If not, the
hardware is faulty. If yes, the hardware works properly.
Precautions
Loopback detection interrupts the operation of Ethernet interfaces and links. After
loopback detection is performed, run the undo loopback command to disable
loopback detection immediately.
Example
# Configure internal loopback detection on GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] loopback internal
Info: This may interrupt the operation of Ethernet interfaces and links.Continue
? [Y/N]:y

Fat AP and Cloud AP
6.2.10 negotiation auto
Function
The negotiation auto command configures an Ethernet interface to work in auto-
negotiation mode.
The undo negotiation auto command configures an Ethernet interface to work in

non-auto-negotiation mode.
By default, an Ethernet interface works in auto-negotiation mode.
Format
negotiation auto
undo negotiation auto
Parameters
None
Views
GE interface view
Default Level
Usage Guidelines
Usage Scenario
Earlier Ethernet worked in 10M half-duplex mode and required mechanisms such
as Carrier Sense Multiple Access (CSMA)/Collision Detection (CD) to ensure
system stability. As Ethernet technology develops, full-duplex Ethernet and 100
Mbit/s Ethernet emerge. This greatly improves Ethernet performance. Auto-
negotiation technology allows new Ethernet to be compatible with earlier
Ethernet. In auto-negotiation mode, interfaces on both ends of a link negotiate
their operating parameters, including the duplex mode and rate. If the negotiation
succeeds, the two interfaces work at the same operating parameters.
You can configure an interface to work in auto-negotiation mode only when

interfaces on both ends support the auto-negotiation mode.
● If interfaces on both ends support auto-negotiation and are required to work
in auto-negotiation mode, run the negotiation auto command.
● If one of the two interfaces does not support auto-negotiation or is not
required to work in auto-negotiation mode, run the undo negotiation auto
command.
Precautions

Fat AP and Cloud AP
● For details about the auto-negotiation configuration supported by Ethernet

interfaces, see Overview of Ethernet Interfaces in the Configuration Guide-
Overview of Ethernet Interfaces.
● By default, GE interfaces do not support flow control auto-negotiation.
Example
# Configure GE0/0/1 to work in non-auto negotiation mode.
6.2.11 port-down holdoff-timer

Function
The port-down holdoff-timer command sets the delay time for an interface to
report the Down event.
The undo port-down holdoff-timer command configures an interface to report
the Down event immediately.
By default, an interface reports the Down event immediately.
Format
port-down holdoff-timer holdoff-timer
undo port-down holdoff-timer
Parameters
holdoff-timer Specifies the delay time The value is an integer

for an interface to report that ranges from 50 to
the Down event. 3000, in milliseconds.
Views
Default Level
Usage Guidelines
When an interface becomes Down, services on the interface are interrupted even
if this interface becomes Up soon. To prevent services from being interrupted, set
the delay in reporting a Down event on the interface so that the system still
considers that this interface is in Up state within the delay time.

Fat AP and Cloud AP
Example
# Set the delay time for an interface to report the Down event to 100 ms.
[HUAWEI] interface gigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet 0/0/1] port-down holdoff-timer 100
6.2.12 port-isolate enable

Function
The port-isolate enable command enables port isolation.
The undo port-isolate enable command disables port isolation.
By default, port isolation is disabled.
NOTE
Format
port-isolate enable [ group group-id ]
undo port-isolate enable [ group group-id ]
Parameters
group group-id Specifies the ID of a port The value is an integer

isolation group. that ranges from 1 to 64.
Views
GE interface view, XGE interface view, port group view
Default Level
Usage Guidelines
Usage Scenario
To implement Layer 2 isolation between interfaces, add different interfaces to
different VLANs. This, however, wastes VLAN resources. To save VLAN resources,
enable port isolation to isolate interfaces in a VLAN. That is, you can add
interfaces to a port isolation group to implement Layer 2 isolation between these
interfaces. Port isolation provides secure and flexible networking schemes for
customers.
Precautions

Fat AP and Cloud AP
● After port isolation is configured, ports are isolated at Layer 2 but can
communicate at Layer 3 by default. To configure both Layer 2 isolation and
Layer 3 isolation, run the port-isolate mode all command.
● Interfaces in a port isolation group are isolated from each other, but
interfaces in different port isolation groups can communicate. If group-id is
not specified, interfaces are added to port isolation group 1 by default.
Example
# Enable port isolation on GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] port-isolate enable group 1
6.2.13 port-isolate mode
Function
The port-isolate mode command sets the port isolation mode.
By default, ports are isolated at Layer 2 but can communicate at Layer 3.
NOTE
Format
port-isolate mode { l2 | all }
Parameters
l2 Indicates that ports are -

isolated at Layer 2 but
can communicate at
Layer 3.
all Indicates that ports are -

isolated at both Layer 2
and Layer 3.
Views
System view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
To disable members in a port isolation group from communicating at Layer 2 but

allow them to access public resources, such as printer and server, run the port-
isolate mode command to set the port isolation mode to l2.
To disable members in a port isolation group from communicating at both Layer 2

and Layer 3, run the port-isolate mode command to set the port isolation mode
to all.
Precautions
● To isolate ports at both Layer 2 and Layer 3, run the port-isolate mode all
command.
● To isolate ports at Layer 2 but allow them to communicate at Layer 3, run the
port-isolate mode l2 command.
Example
# Configure Layer 2 isolation and Layer 3 communication.
[HUAWEI] port-isolate mode l2
6.2.14 speed
Function
The speed command sets the rate for an Ethernet interface in non-auto
negotiation mode.
The undo speed command restores the default rate of an Ethernet interface in
non-auto negotiation mode.
By default, an Ethernet interface works at its highest rate when it works in non-
auto negotiation mode.
Format
speed { 10 | 100 | 1000 | 2500 | 5000 } *
undo speed
Parameters
10 Indicates that the interface works -

at 10 Mbit/s.

at 100 Mbit/s.

Fat AP and Cloud AP

at 1000 Mbit/s.

at 2500 Mbit/s.

at 5000 Mbit/s.
NOTE
Only MultiGE interfaces support the parameters 2500/5000.

The maximum rate configured for an Ethernet interface cannot exceed the interface's
capability. For example, the maximum rate of a GE interface cannot be set to 2500 Mbit/s.
Views
Default Level
Usage Guidelines
Usage Scenario
In non-auto negotiation mode, if interfaces on two connected devices work at
different rates, use the speed command to change the rates of the interfaces to
be the same so that the two devices can communicate.
Precautions
● If the remote interface does not support the auto negotiation mode, run the
undo negotiation auto command on the local interface to configure the
interface to work in non-auto negotiation mode. You can then change the
rate of the local interface to be the same as the rate of the remote interface
to ensure proper communication.
Example
# Configure GE0/0/1 to work at 100 Mbit/s in non-auto negotiation mode.
[HUAWEI-GigabitEthernet0/0/1] speed 100

Fat AP and Cloud AP
6.2.15 trap-threshold
Function
The trap-threshold command sets the inbound and outbound bandwidth usage
thresholds for generating a trap.
The undo trap-threshold command restores the default inbound and outbound
bandwidth usage thresholds for generating a trap.
The default inbound or outbound bandwidth usage threshold for generating a trap
is 100.
Format
trap-threshold { input-rate | output-rate } bandwidth-in-use [ resume-rate
resume-threshold ]
undo trap-threshold { input-rate | output-rate }
Parameters
input-rate Indicates inbound -

bandwidth.
output-rate Indicates outbound -

bandwidth.
bandwidth-in-use Specifies the bandwidth The value is an integer that

usage threshold for ranges from 1 to 100.
generating a trap.
resume-rate Specifies the bandwidth The value is an integer that

resume-threshold usage threshold for ranges from 1 to bandwidth-
clearing a trap. in-use. The default value is
bandwidth-in-use.
Views
GE interface view, XGE interface view, MultiGE interface view
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
The bandwidth usage represents the load on a device. If the bandwidth usage
exceeds the threshold, bandwidth of the device is insufficient for services and
needs expansion. For example, if the bandwidth usage exceeds 95%, an alarm is
generated to indicate that bandwidth resources are used up. Services may be
interrupted before system expansion. You can set the upper and lower thresholds
for bandwidth usage. When the bandwidth usage exceeds the lower threshold, the
system generates a log. When the bandwidth usage exceeds the upper threshold,
the system triggers an alarm.
NOTE
Outbound bandwidth usage = (Outbound interface rate/Outbound physical interface

bandwidth) x 100
Inbound bandwidth usage = (Inbound interface rate/Inbound physical interface bandwidth) x
100
The interface rate and bandwidth are expressed in bits per second.
To set a lower threshold, run the log-threshold command.

The trap-threshold command sets the bandwidth usage threshold for generating
a trap. The trap-threshold with the following parameters provides various
functions:
● trap-threshold input-rate bandwidth-in-use resume-rate resume-threshold:
sets the inbound bandwidth usage threshold for generating a trap.
– If inbound bandwidth usage exceeds the threshold specified in
bandwidth-in-use, an hwIfMonitorInputRateRising trap is generated,
indicating that inbound bandwidth usage exceeds the configured
threshold.
– If inbound bandwidth usage falls below the threshold specified in
resume-threshold, an hwIfMonitorInputRateResume trap is generated,
indicating that inbound bandwidth usage falls between the configured
threshold for clearing a trap.
● trap-threshold output-rate bandwidth-in-use resume-rate resume-
threshold: sets the outbound bandwidth usage threshold for generating a
trap.
– If outbound bandwidth usage exceeds the threshold specified in
bandwidth-in-use, an hwIfMonitorOutputRateRising trap is generated,
indicating that outbound bandwidth usage exceeds the configured
threshold.
– If outbound bandwidth usage falls below the threshold specified in
resume-threshold, an hwIfMonitorOutputRateResume trap is generated,
indicating that outbound bandwidth usage falls between the configured
threshold for clearing a trap.
Precautions
● When the bandwidth usage exceeds the threshold for generating a trap, the
system generates a trap. When the bandwidth usage falls below the threshold
for clearing a trap, the system clears the trap.
● If the offset between the value of bandwidth-in-use and the value of resume-
threshold is too small, trap information may be frequently displayed.
● The log threshold must be lower than the trap threshold, providing efficient
protection for services. For example, when the inbound bandwidth usage

Fat AP and Cloud AP
reaches 80%, a log is generated. If the inbound bandwidth usage continues to

increase and reaches 95%, a trap is generated. This ensures that a log is
generated for inbound bandwidth usage of 80%, and a trap is generated for
inbound bandwidth usage of 95%. Either the log or the trap prompts for a
bandwidth increase, preventing service interruption.
Example
# Configure GE0/0/1 to generate a trap when the outbound bandwidth usage
exceeds 60%.
[HUAWEI-GigabitEthernet0/0/1] trap-threshold output-rate 60
# Configure GE0/0/1 to generate a trap when the outbound bandwidth usage

exceeds 80% and clear the trap when the outbound bandwidth usage falls below
60%.
[HUAWEI-GigabitEthernet0/0/1] trap-threshold output-rate 80 resume-rate 60
6.2.16 virtual-cable-test
Function
The virtual-cable-test command tests the cable connected to an Ethernet
electrical interface and displays the test result.
Format
virtual-cable-test
Parameters
None
Views
GE interface view, XGE interface view, multi-GE interface view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run the virtual-cable-test command to check whether the cable works
properly. According to the command output, you can locate and rectify cable
faults.
● If the cable works properly, the total length of the cable is displayed.
● If the cable cannot work properly, the distance between the interface and the
failure point is displayed.

Fat AP and Cloud AP
Precautions
● Only the electrical interface or combo interface working as an electrical
interface supports the VCT function.
● Running the virtual-cable-test command may affect services on the interface
in a short period of time.
● The VCT function is supported only when the local and peer ends work at
1000 Mbit/s in auto-negotiation mode. The VCT function is supported only by
the R230D when its interfaces work at 100 Mbit/s in auto-negotiation mode.
● When the cable works properly, the VCT function is not supported by all or
some interfaces of the following APs. The cable length is 0 in the command
output of interfaces.
– AD9431DN-24X, AP4030DN and R230D: all interfaces
– AD9430DN-24: GE0 through GE5 and GE7 through GE23
– AP7050DN-E: GE0
– AP8082DN and AP8182DN: all GE interfaces
– AD9430DN-12: all interfaces except GE1, GE3, GE12, and GE13
– AP8030DN and AP4030TN: GE0
– AP5030DN: GE1
● If the cable cannot work properly, the distance between the interface and the
failure point is displayed.
● The test result is only for reference and may be inaccurate for cables of some
vendors.
● The test result is related to the signal attenuation of a cable. When the cable
length is shorter than 3 m, the signal attenuation mostly results from the
connector rather than the cable itself. Therefore, the test result is inaccurate.
● VCT detection cannot be performed on multiple interfaces of the device at the
same time.
● For wire sequence of cables, see Testing the Connection of Assembled Cables
in the Hardware Installation and Maintenance Guide.
Example
# Test the cable connected to GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] virtual-cable-test
Warning: The command will stop service for a while. Continue? [Y/N]y
Pair A length: 4 meter(s)
Pair B length: 4 meter(s)
Pair C length: 4 meter(s)
Pair D length: 4 meter(s)
Pair A state: OK
Pair B state: OK
Pair C state: OK
Pair D state: OK

Fat AP and Cloud AP
Table 6-10 Description of the virtual-cable-test command output
Item Description
Pair A/B/C/D Four pairs of circuits in a network cable.
Pair A length Length of a network cable.

● The length is the distance between
the interface and the failure point if a
failure occurs.
● The length is the actual length of the
cable when the cable works properly.
The test result is for reference only.
Pair A state Network cable status:

● OK: indicates that the circuit pair is
terminated normally.
● Open: indicates that the circuit pair is
not terminated.
● Short: indicates that the circuit pair is
short-circuited.
● Crosstalk: indicates that the circuit
pairs interfere with each other.
● Unknown: indicates that the circuit
pair has an unknown fault.
6.3 Logical Interface Configuration Commands
6.3.1 display interface loopback

Function
Using the display interface loopback command, you can view the status of a
loopback interface.
Format
display interface loopback [ loopback-number | main ]
Parameters
loopback- Specifies the number of a loopback interface. -

number
If loopback-number is not specified, the status of all
loopback interfaces is displayed.

Fat AP and Cloud AP
main Displays status and traffic statistics about a Loopback -

interface.
A Loopback interface has no sub-interfaces. Status and
traffic statistics about a Loopback interface are
displayed whether you specify the main parameter or
not.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
In the scenario where you need to monitor the status of an interface or locate an
interface fault, you can use the display interface loopback command to collect
the statistics on the interface including the status. Through the displayed
information, you can collect the traffic statistics and troubleshoot the interface.
Example
# Display the status of a specified loopback interface.
<HUAWEI> display interface loopback 6
LoopBack6 current state : UP
Line protocol current state : UP (spoofing)
Description:HUAWEI, AP Series, LoopBack6 Interface
Route Port,The Maximum Transmit Unit is 1500
Physical is Loopback
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 bytes
Output:0 bytes
Table 6-11 Description of the display interface loopback command output
Item Description
LoopBack6 current Physical status of a loopback interface. The physical

state status of a loopback interface is always Up after the
loopback interface is created.

Fat AP and Cloud AP
Item Description
Line protocol current Link layer protocol status of a loopback interface. The
state link layer protocol status of a loopback interface is
always Up after the loopback interface is created.
Description Indicates the description of the interface, which can be

set by using the description command.
Route Port,The Indicates the maximum transmission unit (MTU). The

Maximum Transmit default MTU is 1500 bytes. Packets longer than the
Unit is 1500 MTU are fragmented before being transmitted. If
fragmentation is not allowed, the packet is discarded.
Internet Address is Indicates the IP address of the interface.
Physical is Information about the physical layer of a loopback

interface.
Current system time Indicates the current system time.
Last 300 seconds Indicates the rates for sending and receiving the bytes
input rate and the packets by the interface in the last five minutes.
Last 300 seconds
output rate
Realtime 0 seconds Indicates the real-time rates of sending and receiving

input rate the bytes and the packets.
Realtime 0 seconds It refers to the interval between two display commands
output rate that are run on the same interface. The maximum value
is the statistical interval displayed in the previous piece
of information. This entry is displayed only when
information about a logical interface is viewed.
Input Indicates the total number of packets and the total

number of bytes received by the interface.
Output Indicates the total number of packets and the total

number of bytes sent by the interface.
Input bandwidth Indicates the percentage of the rate for receiving

utilization packets to the total bandwidth.
Output bandwidth Indicates the percentage of the rate for sending packets
utilization to the total bandwidth.
6.3.2 display interface null

Function
The display interface null command displays the status of a null interface.

Fat AP and Cloud AP
Format
display interface null [ 0 | main ]
Parameters
0 Specifies the number of the null interface. The value can

be 0 only.
main Displays status and traffic statistics about a Null -

interface.
A Null interface has no sub-interfaces. Status and
traffic statistics about a Null interface are displayed
whether you specify the main parameter or not.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The display interface null command displays the status of a null interface. The
interface status information includes: the physical status, link layer protocol status,
description, MTU, current system time, last time statistics about the null interface
are cleared, incoming and outgoing packet rates in bit/s and pps, total numbers of
packets and bytes received and sent by the null interface, and percentages of the
rates for receiving and sending packets to the total bandwidth.
Precautions
There is only one null interface, namely, NULL 0.
Example
# Display the status of Null 0 interface.
<HUAWEI> display interface null 0
NULL0 current state : UP
Description:HUAWEI, AP Series, NULL0 Interface
Internet protocol processing : disabled
Physical is NULL DEV

Fat AP and Cloud AP

Input: 0 bytes
Output:0 bytes
Table 6-12 Description of the display interface null command output

Item Description
NULL0 current state Physical status of the null interface.

The physical status of the null interface is always Up.
Line protocol current Link layer protocol status of the interface. The
state protocol status of the null interface is always Up.
Description Description of the interface, which can be set by

using the description command.
Route Port,The The MTU is 1500 bytes.

Maximum Transmit Unit
is 1500
Internet protocol Whether Internet protocol processing is enabled.

processing ● enabled: The Internet protocol processing is
enabled.
● disabled: The Internet protocol processing is
disabled.
Physical is NULL DEV The interface is null.
Last 300 seconds input Rates for sending and receiving the bytes and the
rate packets by the interface in the last five minutes.
Last 300 seconds output
rate
Realtime 0 seconds Real-time rates of sending and receiving the bytes

input rate and the packets.
Realtime 0 seconds It refers to the interval between two display
output rate commands that are run on the same interface. The
maximum value is the statistical interval displayed in
the previous piece of information. This entry is
displayed only when information about a logical
interface is viewed.
Input Total number of packets and the total number of

bytes received by the interface.
Output Total number of packets and the total number of

bytes sent by the interface.
Input bandwidth Percentage of the rate for receiving packets to the

utilization total bandwidth.

Fat AP and Cloud AP
Item Description
Output bandwidth Percentage of the rate for sending packets to the

utilization total bandwidth.
6.3.3 interface loopback
Function
The interface loopback command creates a loopback interface.
The undo interface loopback command deletes a loopback interface.
Format
interface loopback loopback-number
undo interface loopback loopback-number
Parameters
loopback-number Specifies the number of a The value is an integer that

loopback interface. ranges from 0 to 1023.
Views
System view
Default Level
Usage Guidelines
A loopback interface is always Up at the physical layer and link layer unless it is
manually shut down.
The IP address of a loopback interface is usually specified as the source address of

packets.
Example
# Create loopback interface 5.
[HUAWEI-LoopBack5]

Fat AP and Cloud AP
6.3.4 interface null
Function
Using the interface null command, you can enter the null interface view.
Format
interface null 0
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The Null0 interface never forwards or accepts any traffic. All traffic sent to this
interface is directly discarded. Unnecessary traffic can be sent to the Null0
interface to avoid using ACLs.
Precautions
There is only one null interface, named null0. This interface is always Up and
cannot be shut down or deleted.
Example
# Enter the view of the Null0 interface.
[HUAWEI] interface null 0
[HUAWEI-NULL0]
6.3.5 management-interface
Function
The management-interface command configures a VLANIF or dialer interface as
a management interface.
The undo management-interface command cancels the management interface

configuration.
By default, an interface is not configured as a management interface.

Fat AP and Cloud AP
Format
management-interface
undo management-interface
Parameters
None
Views
VLANIF interface view, dialer interface view
Default Level
Usage Guidelines
Usage Scenario
To manage a device through a VLANIF or dialer interface, run this command to
configure this interface as a management interface.
Precautions
If no interface on a device is configured as a management interface, the device
can be managed through all interfaces. Once an interface on the device is
configured as a management interface, you cannot manage the device through
the other interfaces.
A maximum of four interfaces can be configured as management interfaces.
If an interface is specified as the management interface using the management-
interface command, it will still be considered as the management interface after
the management-plane isolate enable command is executed.
Example
# Configure VLANIF 10 as a management interface.
[HUAWEI-Vlanif10] management-interface

Fat AP and Cloud AP 7 Network Interconnection Configurations
7 Network Interconnection Configurations

Commands
About This Chapter
7.1 MAC Address Table Configuration Commands

7.2 Ethernet Link Aggregation Commands
7.3 VLAN Configuration Commands
7.4 STP/RSTP/MSTP Configuration Commands
7.5 IPv4 Configuration Commands
7.6 ARP Configuration Commands
7.7 DHCP Configuration Commands
7.8 DNS Configuration Commands
7.9 NAT Configuration Commands
7.10 IP Performance Configuration Commands
7.11 IP Routing Basic Configuration Commands
7.12 Static Route Configuration Commands
7.13 IGMP Snooping Configuration Commands
7.1 MAC Address Table Configuration Commands
7.1.1 display bridge mac-address

Function
The display bridge mac-address command displays the bridge MAC address of a
device.

Format
display bridge mac-address
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When you need to view the bridge MAC address of a device, run the display
bridge mac-address command.
Example
# Display the bridge MAC address of a device.
<HUAWEI> display bridge mac-address
System bridge MAC address: 00e0-f74b-6d00
Table 7-1 Description of the display bridge mac-address command output

Item Description
System bridge Indicates the bridge MAC address of a device.

MAC address
7.1.2 display mac-address

Function
The display mac-address command displays the MAC address table of the
wireless access point. A MAC address entry contains the destination MAC address,
VLAN ID, outbound interface, and entry type.
Format
display mac-address mac-address [ vlan vlan-id ] [ verbose ]
display mac-address [ vlan vlan-id | interface-type interface-number ] *
[ verbose ]
display mac-address { authen | guest | security } [ vlan vlan-id | interface-type
interface-number ] * [ verbose ]

Parameters
mac-address Specifies the destination The value is in H-H-H

MAC address in an entry. format. H is a
hexadecimal number of
4 digits. The MAC
address cannot be
FFFF-FFFF-FFFF,
0000-0000-0000, or a
multicast MAC address.
vlan vlan-id Displays MAC address The value is an integer

entries in a specified that ranges from 1 to
VLAN. 4094.
interface-type interface- Displays the MAC address -

number entries with a specified
outbound interface.
● interface-type specifies
the type of the
outbound interface.
specifies the number of
the outbound interface.

information about MAC
address entries.
authen Displays the MAC address -

entries of the authen type.
guest Displays the MAC address -

entries of the guest type.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The MAC address table of the wireless access point stores MAC addresses of other
devices. When forwarding an Ethernet frame, the wireless access point searches
the MAC address table for the outbound interface according to the destination
MAC address and VLAN ID in the Ethernet frame.

The display mac-address command displays all MAC address entries, such as
dynamic MAC address entries, static MAC address entries, and blackhole MAC
address entries. A MAC address entry contains the destination MAC address, VLAN
ID, outbound interface, and entry type.
Follow-up Procedure
If any MAC address entry in the command output is incorrect, run the undo mac-
address command to delete the entry or run the mac-address command to add a
correct one.
Precautions
If you run the display mac-address command without parameters, all MAC
address entries are displayed.
When the wireless access point has a large number of MAC address entries, it is
recommended that you specify parameters in the command to filter the output
information. Otherwise, the following problems may occur due to excessive output
information:
● The displayed information is repeatedly refreshed, so you cannot find the
required information.
● The system traverses and retrieves information for a long time, and does not
respond to any request.
Example
# Display all MAC address entries.
<HUAWEI> display mac-address
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
4c1f-cc25-611b 100/- GE0/0/1 security
-------------------------------------------------------------------------------
Total items displayed = 1
Table 7-2 Description of the display mac-address command output

Item Description
MAC Address Destination MAC address in a MAC address entry.
VLAN/VSI ID of the VLAN or name of the VSI that a MAC address

belongs to.
Learned-From Interface on which the MAC address is learned.

Item Description
Type Type of a MAC address entry.

● static: indicates a static MAC address entry, which is
manually configured and will not be aged out.
● blackhole: indicates a blackhole MAC address entry,
which is manually configured and will not be aged out.
● dynamic: indicates a MAC address entry learned by the
wireless access point, which will be aged out when the
aging time expires.
● security: indicates a MAC address entry that an interface
learns after port security is enabled.
● sticky: indicates a MAC address entry that an interface
learns after the sticky MAC function is enabled.
● mux: indicates a MAC address entry learned by a MUX
VLAN enabled interface.
● snooping: indicates a static MAC address entry
generated based on the dynamic DHCP snooping
binding table.
7.1.3 display mac-address aging-time
Function
The display mac-address aging-time command displays the aging time of
dynamic MAC address entries in the MAC address table.
Format
display mac-address aging-time
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario

This command displays the aging time of dynamic MAC address entries on the
wireless access point. You can check whether the aging time is suitable for
network requirements and device performance.
Follow-up Procedure
If the aging time is unsuitable for requirements or device performance, run the
mac-address aging-time command to set the aging time properly.
Precautions
If the aging time is 0, dynamic MAC addresses will not be aged out. In this case,
MAC address entries increase sharply and the MAC address table will be full
quickly.
Example
# Display the aging time of dynamic MAC address entries.
<HUAWEI> display mac-address aging-time
Aging time: 300 second(s)
Table 7-3 Description of the display mac-address aging-time command output
Item Description
Aging time Aging time of dynamic MAC

address entries, in seconds. To set
the aging time, run the mac-
address aging-time command.
7.1.4 display mac-address blackhole
Function
The display mac-address blackhole command displays blackhole MAC address
entries.
Format
display mac-address blackhole [ vlan vlan-id ] [ verbose ]
Parameters
vlan vlan-id Displays blackhole MAC address entries in The value is an integer
a specified VLAN. vlan-id specifies the ID of that ranges from 1 to
a VLAN. 4094.
verbose Displays detailed information about -
blackhole MAC address entries.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The MAC address table contains the following MAC address entries:
● Blackhole MAC address entries that are used to discard packets with the
specified MAC addresses or destination MAC addresses. Blackhole MAC
address entries are manually configured and will not be aged out.
● Static MAC entries that are manually configured and will not be aged out.
● Dynamic MAC address entries that are learned by the wireless access point
and will be aged out when the aging time expires.
To check whether blackhole MAC address entries are configured correctly, run this
command. These entries ensure communication between authorized users.
Follow-up Procedure
If any blackhole MAC address entry in the command output is incorrect, run the
undo mac-address command to delete the entry or run the mac-address
command to add a correct one.
Precautions
If you run the display mac-address blackhole command without parameters, all
blackhole MAC address entries are displayed.
If the MAC address table does not contain any blackhole MAC address, no
Example
# Display all blackhole MAC address entries.
<HUAWEI> display mac-address blackhole
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
0022-0022-0033 100/- - blackhole
0000-0000-0001 200/- - blackhole
-------------------------------------------------------------------------------

Table 7-4 Description of the display mac-address blackhole command output

Item Description
MAC Address Destination MAC address in a blackhole MAC address entry.

belongs to.
Learned-From When the type of a MAC address entry is blackhole, "-" is

displayed.
7.1.5 display mac-address dynamic

Function
The display mac-address dynamic command displays dynamic MAC address
entries.
If no parameter is specified, all dynamic MAC address entries are displayed.
Format
display mac-address dynamic [ vlan vlan-id | interface-type interface-number ] *
[ verbose ]
Parameters
vlan vlan-id Displays dynamic MAC The value is an integer

address entries in a that ranges from 1 to
specified VLAN. 4094.
interface-type interface- Displays dynamic MAC -

number address entries with a
specified outbound
interface.
● interface-type
the outbound
interface.
of the outbound
interface.


information about
dynamic MAC address
entries.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The MAC address table needs to be updated constantly because the network
topology always changes. You can use this command to view learned MAC
addresses in real time.
Follow-up Procedure
If the displayed dynamic MAC address entries are invalid, run the undo mac-
address command to delete dynamic MAC address entries.
Precautions
If you run the display mac-address dynamic command without parameters, all
dynamic MAC address entries are displayed.
If the MAC address table does not contain any dynamic MAC address entry, no
When the wireless access point has a large number of dynamic MAC address
entries, it is recommended that you specify parameters in the command to filter
the output information. Otherwise, the following problems may occur due to
excessive output information:
● The displayed information is repeatedly refreshed, so you cannot find the
required information.
● The system traverses and retrieves information for a long time, and does not
respond to any request.
Example
# Display all dynamic MAC address entries.
<HUAWEI> display mac-address dynamic
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
0000-0000-0001 100/- GE0/0/1 dynamic

-------------------------------------------------------------------------------
Table 7-5 Description of the display mac-address dynamic command output
Item Description
MAC Address Destination MAC address in a dynamic MAC address entry.

belongs to.
Learned-From Interface that learns a MAC address.
7.1.6 display mac-address static
Function
The display mac-address static command displays static MAC address entries.
Format
display mac-address static [ vlan vlan-id | interface-type interface-number ] *
[ verbose ]
Parameters
vlan vlan-id Displays static MAC The value is an integer

address entries in a that ranges from 1 to
interface-type interface- Displays the static MAC -

number address entries on a

information about static
MAC address entries.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
The MAC address table contains the following MAC address entries:
● Static MAC entries that are manually configured and will not be aged out.
● Blackhole MAC address entries that are used to discard packets with the
specified source MAC addresses or destination MAC addresses. Blackhole MAC
address entries are manually configured and will not be aged out.
● Dynamic MAC address entries that are learned by the wireless access point
and will be aged out when the aging time expires.
To improve network security, configure static MAC address entries to ensure that
packets destined for specified MAC addresses are forwarded by the specified
interfaces. This prevents attack packets with bogus MAC addresses and guarantees
communication between the wireless access point and the upstream device or
server. After configuring static MAC address entries, you can run the display mac-
address static command to verify the configuration.
Follow-up Procedure
If any static MAC address entry is incorrect, run the undo mac-address command
to delete it.
Precautions
If you run the display mac-address static command without parameters, all static
MAC address entries are displayed.
If the MAC address table does not contain any static MAC address entry, no
Example
# Display all static MAC address entries.
<HUAWEI> display mac-address static
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
0000-0000-0033 100/- GE0/0/1 static
0000-0000-0001 200/- GE0/0/1 static
-------------------------------------------------------------------------------
Table 7-6 Description of the display mac-address static command output
Item Description
MAC Address Destination MAC address in a static MAC address entry.

Item Description

belongs to.
Learned-From Interface that learns a MAC address.
7.1.7 display mac-address summary

Function
The display mac-address summary command displays statistics on MAC address
entries.
Format
display mac-address summary
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The MAC address table of the device stores MAC addresses of other devices. When
forwarding an Ethernet frame, the wireless access point searches the MAC address
table for the outbound interface according to the destination MAC address and
VLAN ID in the Ethernet frame.
When the wireless access point has many MAC address entries of different types,
you can use the display mac-address summary command to view the summary
of MAC address entries in the system. In the command output, Local and Remote
identify the MAC address entries learned by the local device and MAC address
entries synchronized from other devices.
Example
# Display statistics on all MAC address entries in the system.
<HUAWEI> display mac-address summary
Summary information of slot 0:
-----------------------------------

Static : 0
Local interface : 10
Blackhole : 0
Dyn-Local : 0
Dyn-Remote : 0
Dyn-Trunk : 0
Sticky : 0
Security : 1
In-used : 1
Capacity : 4096
-----------------------------------
Table 7-7 Description of the display mac-address summary command output
Item Description
Static Number of static MAC address entries.
Local interface Local static MAC address.
Blackhole Number of blackhole MAC address entries
Dyn-Local Number of MAC address entries learned by the local

device.
Dyn-Remote Number of MAC address entries synchronized from other

device.
Dyn-Trunk Total number of MAC address entries learned by all trunk

interfaces.
Sticky Number of sticky MAC address entries.
Security Number of secure dynamic MAC address entries.
In-used Total number of existing MAC address entries.
Capacity Capacity of the MAC address table. The actual value varies
according to device models.
7.1.8 display mac-address total-number

Function
The display mac-address total-number command displays the number of MAC
address entries of a specified type.
Format
display mac-address total-number
display mac-address total-number [ vlan vlan-id | interface-type interface-
number ] *
display mac-address total-number vlan all
display mac-address total-number blackhole [ vlan vlan-id ]

display mac-address total-number dynamic [ vlan vlan-id | interface-type

interface-number ] *
display mac-address total-number static [ vlan vlan-id | interface-type

interface-number ] *
Parameters
dynamic Displays the number of -

dynamic MAC address
entries.
blackhole Displays the number of -

blackhole MAC address
entries.
static Displays the number of -

static MAC address
entries.
vlan vlan-id Displays the number of The value is an integer

MAC address entries in a that ranges from 1 to
vlan all Displays the number of -

MAC address entries in
all VLANs.
interface-type interface- Displays the number of -

number MAC address entries
learned by a specified
interface.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario

When the wireless access point has many MAC address entries of different types,
you can use the display mac-address total-number command to view statistics
on MAC address entries of a specified type.
Precautions
If no parameter is specified, the total number of MAC address entries in the
system is displayed.
If interface-type interface-number is not specified, the total number of MAC
addresses learned by all interfaces is displayed.
If vlan vlan-id is not specified, the total number of MAC addresses in all VLANs is
displayed.
Example
# Display the number of dynamic MAC address entries.
<HUAWEI> display mac-address total-number dynamic
Info: total number of mac-address is : 20
Table 7-8 Description of the display mac-address total-number command output

Item Description
Info: total number of mac- Total number of MAC address entries in the
address system.
7.1.9 display mac-limit

Function
The display mac-limit command displays the rules that limit the number of
learned MAC addresses.
Format
display mac-limit [ interface-type interface-number | vlan vlan-id ]

Parameters
interface-type interface- Displays the MAC -

number address limiting rule on
a specified interface.
● interface-type
the interface.
of the interface.
vlan vlan-id Displays the MAC The value is an integer

address limiting rules in that ranges from 1 to
a specified VLAN. 4094.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
To check whether MAC address limiting rules are configured correctly, run the
display mac-limit command. If a rule is incorrect, run the mac-limit command to
modify the rule.
Precautions
If the interface-type and interface-number are not specified, MAC address limiting
rules on all interfaces are displayed.
If vlan vlan-id is not specified, MAC address limiting rules in all VLANs are
displayed.
Example
# Display all the MAC address limiting rules.
<HUAWEI> display mac-limit
MAC limit is enabled
Total MAC limit rule count : 1
PORT VLAN/VSI SLOT Maximum Rate(ms) Action Alarm

----------------------------------------------------------------------------
GE0/0/1 - - 1 - discard disable

Table 7-9 Description of the display mac-limit command output

Item Description
Total MAC Limit Number of configured MAC address limiting rules.

rule count
PORT Name of an interface.
VLAN/VSI ID of a VLAN or a VSI name.
SLOT Slot ID of the board where a MAC address limiting rule is

configured.
Maximum Maximum number of MAC addresses that can be learned.

To set the maximum number of MAC addresses, run the
mac-limit command.
Rate(ms) Indicates the interval at which MAC addresses are

learned.
Action Action performed on packets when the number of

learned MAC addresses exceeds the maximum number.
● discard: discards packets with new source MAC
addresses.
● forward: forwards packets with new source MAC
addresses.
Alarm Whether an alarm is generated when the number of

learned MAC addresses exceeds the maximum.
● enable: indicates that an alarm is generated.
● disable: indicates that an alarm is not generated.
7.1.10 mac-address
Function
The mac-address command adds a static MAC address entry or a blackhole MAC
address entry.
The undo mac-address command deletes MAC address entries of a specified type.
Format
mac-address static mac-address interface-type interface-number vlan vlan-id
mac-address blackhole mac-address [ vlan vlan-id ]
undo mac-address blackhole [ mac-address ] [ vlan vlan-id ]
undo mac-address mac-address [ vlan vlan-id ]
undo mac-address static mac-address interface-type interface-number vlan vlan-
id

undo mac-address [ all | dynamic | static ] [ interface-type interface-number |

vlan vlan-id ] *
Parameters
blackhole Indicates blackhole MAC -

address entries.
static Indicates static MAC -

address entries, that is,
MAC address entries
configured manually.
mac-address Specifies the source or The value is in H-H-H

destination MAC format. H is a hexadecimal
address in a MAC number of 4 digits. The
address entry. MAC address cannot be
FFFF-FFFF-FFFF,
0000-0000-0000, or a
interface-type interface- Specifies the outbound -

number interface in a MAC
address entry.
● interface-type
the outbound
interface.
of the outbound
interface.
vlan vlan-id Specifies the ID of the The value is an integer

VLAN that the that ranges from 1 to
outbound interface 4094.
belongs to.
all Deletes all MAC address -

entries.
dynamic Deletes dynamic MAC -

address entries, that is,
the MAC address entries
learned by an interface.
Views
System view

Default Level
Usage Guidelines
Usage Scenario
MAC address entries are classified into the following types:
● Dynamic MAC address entries that are learned by an interface after MAC
address learning is enabled.
● Static MAC address entries that are manually configured. They take
precedence over dynamic MAC address entries.
● Blackhole MAC address entries that are manually configured. A data frame is
discarded if the source or destination MAC address matches a blackhole MAC
address entry.
Functions of static and blackhole MAC address entries are:
● Static MAC address entries prevent bogus packets with trusted device MAC
addresses sent from attackers and guarantee communication between the
wireless access point and the upstream device or server.
● Blackhole MAC address entries prevent untrusted devices from attacking the
The undo mac-address command is used in the following scenarios:
● The upstream device or server has changed or the untrusted device has been
removed, and the corresponding static MAC address entry or blackhole MAC
address entry needs to be deleted.
● Dynamic address entries become invalid and need to be deleted to trigger
MAC address relearning.
Prerequisites
The interface has been added to a VLAN.
Precautions
You can configure multiple static MAC address entries or blackhole MAC address
entries by running the mac-address command multiple times.
If you configure a static or blackhole MAC address entry when the MAC table is
full, the wireless access point processes the MAC address entry as follows:
● If a dynamic MAC address entry with the same MAC address exists in the
MAC address table, the wireless access point replaces the dynamic MAC
address entry with the configured entry.
● If no dynamic MAC address entry with the same MAC address exists in the
MAC address table, the MAC address entries cannot be added to the MAC
address table.
When using the undo mac-address command, pay attention to the following
points:
● If interface-type interface-number is not specified, MAC address entries of a
specified type on all interfaces are deleted.

● If vlan vlan-id is not specified, MAC address entries of a specified type in all
VLANs are deleted.
Example
# Add a static MAC address entry to the MAC address table. The destination MAC
address is 0003-0003-0003. The outbound interface is gigabitethernet0/0/1, which
belongs to VLAN 4.
[HUAWEI] mac-address static 0003-0003-0003 gigabitethernet 0/0/1 vlan 4
# Configure a blackhole MAC address entry to discard the Ethernet frames whose
destination MAC address is 0004-0004-0004 and VLAN ID is VLAN 5.
[HUAWEI] mac-address blackhole 0004-0004-0004 vlan 5
# Delete all dynamic MAC address entries.

[HUAWEI] undo mac-address dynamic
7.1.11 mac-address aging-time
Function
The mac-address aging-time command sets the aging time of dynamic MAC
address entries.
The undo mac-address aging-time command restores the default aging time of
dynamic MAC address entries.
By default, the aging time of dynamic MAC address entries is 300 seconds.
Format
mac-address aging-time aging-time
undo mac-address aging-time
Parameters
aging-time Specifies the aging time The value is 0 or an

of dynamic MAC address integer that ranges from
entries. 60 to 65535, in seconds.
The value 0 indicates
that dynamic MAC
address entries will not
be aged out.

Views
System view
Default Level
Usage Guidelines
Usage Scenario
The network topology changes frequently, and the wireless access point will learn
many MAC addresses. You can run the mac-address aging-time command to set
a proper aging time for dynamic MAC address entries so that aged MAC address
entries are deleted from the MAC address table. This reduces MAC address entries
in the MAC address table.
The system starts an aging timer for each dynamic MAC address entry. If a
dynamic MAC address entry is not updated within a certain period (twice the
aging time), the entry is deleted. If the entry is updated within this period, the
aging timer of this entry is reset. If the aging time is short, the wireless access
point is sensitive to network changes.
When setting the aging time of dynamic MAC address entries, follow these rules:
● Set a longer aging time on a stable network and a shorter aging time on an
unstable network.
● The capacity of the MAC address table on a low end device is small; therefore,
set a relatively short aging time on low end devices to save the MAC address
table space.
Precautions
If the aging time is 0, dynamic MAC addresses will not be aged out. In this case,
MAC address entries increase sharply and the MAC address table will be full
quickly.
If you run the mac-address aging-time command multiple times, only the latest
Dynamic MAC address entries are lost after system restart. Static MAC address
entries and blackhole MAC address entries are not aged or lost.
Example
# Set the aging time of dynamic MAC address entries to 500 seconds.
[HUAWEI] mac-address aging-time 500
7.1.12 mac-address learning disable

Function
The mac-address learning disable command disables MAC address learning.

The undo mac-address learning disable command enables MAC address

learning.
By default, MAC address learning is enabled.
Format
(Interface view) mac-address learning disable [ action { discard | forward } ]
(VLAN view) mac-address learning disable
undo mac-address learning disable
Parameters
action Indicates the action that -

the interface takes after
MAC address learning is
disabled.
NOTE
● This parameter takes
effect only in the
interface view, and the
specified interface
must be a Layer 2
interface.
● You can use this
parameter to
determine whether
packets are forwarded
when the specified
interface does not
need to learn MAC
addresses.
By default, an interface
forwards the packets
carrying new MAC
addresses after MAC
address learning is
disabled.
discard Discards the packets -

whose source MAC
addresses do not match
the MAC address table.
forward Forwards the packets -

according to the MAC
address table.

Views
VLAN view, GE interface view, Eth-Trunk interface view, XGE interface view,
Default Level
Usage Guidelines
Usage Scenario
If you want an interface to forward only packets with certain MAC addresses, use
this command. For example, if an interface is connected to a server, configure a
static MAC address entry with the MAC address of the server, and then disable
MAC address learning and set the action to discard on the interface. The
configuration prevents other servers or terminals from accessing the interface and
improves network stability and security.
When a wireless access point with MAC address learning enabled receives an
Ethernet frame, it records the source MAC address and inbound interface of the
Ethernet frame in a MAC address entry. When receiving other Ethernet frames
destined for this MAC address, the wireless access point forwards the frames
through the corresponding outbound interface according to the MAC address
entry. MAC address learning reduces broadcast packets on a network.
You can use the mac-address learning disable command to disable MAC address
learning on an interface. The action performed on received packets can be set to
discard or forward.
● When the action is set to forward, the wireless access point forwards packets
according to the MAC address table. If a packet does not match any MAC
address entry, the wireless access point broadcasts the packet.
● When the action is set to discard, the wireless access point searches for the
source MAC address of the packet in the MAC address table. If the source
MAC address is found in the MAC address table, the wireless access point
forwards the packet according to the MAC address entry. If the source MAC
address is not found, the wireless access point discards the packet. The default
action is forward.
Precautions
The action cannot be configured in the VLAN view.
After MAC address learning is disabled on an interface, the device does not learn
new MAC addresses on the interface, but untrusted terminals can still access the
network.
Example
# Disable MAC address learning in VLAN 2.
[HUAWEI] vlan 2
[HUAWEI-vlan2] mac-address learning disable

7.1.13 mac-learning priority
Function
The mac-learning priority command sets the MAC address learning priority of an
interface.
The undo mac-learning priority command restores the default MAC learning
priority of an interface.
By default, the MAC address learning priority of an interface is 0.
Format
mac-learning priority priority-id
undo mac-learning priority
Parameters
priority priority-id Specifies the MAC The value is an integer

address learning priority that ranges from 0 to 3. A
of an interface. larger value indicates a
higher priority.
Views
GE interface view, Eth-Trunk interface view, XGE interface view, MultiGE interface
view
Default Level
Usage Guidelines
Usage Scenario
An uplink interface of the AP is connected to a server, and downlink interfaces are

connected to users. To prevent unauthorized users from using the server MAC
address to connect to the AP, run the mac-learning priority command to set the
priority of the uplink interface to be higher than the user-side interfaces. When
these interfaces learn the same MAC address, the MAC address entry learned by
the uplink interface overrides MAC address entries learned by the user-side
interfaces. Therefore, the AP will not learn MAC addresses of unauthorized users,
and authorized users can access the server and use network resources.
You can run the undo mac-learning priority allow-flapping command to forbid
MAC address flapping between interfaces with the same priority.

Both the undo mac-learning priority allow-flapping command and the mac-
learning priority command can prevent MAC address flapping. The difference
between the two commands is as follows:
● The undo mac-learning priority allow-flapping command prevents MAC

address flapping between interfaces with the same priority. If an attacker uses
the server MAC address to connect to the AP after the server is powered off,
the AP learns the MAC address of the forged server. After the real server is
powered on, the AP cannot learn the correct server MAC address.
● The mac-learning priority command prevents MAC address flapping between
interfaces with different priorities. If an attacker uses the server MAC address
to connect to the AP after the server is powered off, the AP learns the MAC
address of the forged server. After the real server is powered on, the AP can
learn the correct server MAC address.
Precautions
If you run the mac-learning priority command multiple times in the same
interface view, only the latest configuration takes effect.
Example
# Set the MAC address learning priority of GigabitEthernet0/0/1 to 3.
[HUAWEI-GigabitEthernet0/0/1] mac-learning priority 3
7.1.14 mac-learning priority allow-flapping

Function
The mac-learning priority allow-flapping command allows MAC address
flapping between interfaces with the same priority.
The undo mac-learning priority allow-flapping command prevents MAC address

flapping between interfaces with the same priority.
By default, MAC address flapping between interfaces with the same priority is
allowed.
Format
mac-learning priority priority-id allow-flapping
undo mac-learning priority priority-id allow-flapping
Parameters
priority priority-id Specifies the MAC The value is an integer

address learning priority that ranges from 0 to 3. A
of an interface. larger value indicates a
higher priority.

Views
System view
Default Level
Usage Guidelines
Usage Scenario
An uplink interface of the AP is connected to a server, and downlink interfaces are

connected to users. To prevent unauthorized users from using the server MAC
address to connect to the AP, you can run the undo mac-learning priority allow-
flapping command to forbid MAC address flapping between interfaces with the
same priority. MAC address then will not be learned by multiple interfaces. This
prevents attackers from using the MAC addresses of valid devices to attack the AP.
Both the mac-learning priority command and the undo mac-learning priority
allow-flapping command can prevent MAC address flapping. The difference
between the two commands is as follows:
● The undo mac-learning priority allow-flapping command prevents MAC

address flapping between interfaces with the same priority. If an attacker uses
the server MAC address to connect to the AP after the server is powered off,
the AP learns the MAC address of the forged server. After the real server is
powered on, the AP cannot learn the correct server MAC address.
● The mac-learning priority command prevents MAC address flapping between
interfaces with different priorities. If an attacker uses the server MAC address
to connect to the AP after the server is powered off, the AP learns the MAC
address of the forged server. After the real server is powered on, the AP can
learn the correct server MAC address.
Example
# Forbid MAC address flapping between interfaces with priority 1.
[HUAWEI] undo mac-learning priority 1 allow-flapping
7.1.15 mac-limit
Function
The mac-limit command configures a rule to limit the number of MAC addresses
that can be learned.
The undo mac-limit command deletes the rule.
By default, the number of learned MAC addresses is not limited.

Format
(Interface view) mac-limit { action { discard | forward } | alarm { disable |
enable } | maximum max-num }*
(VLAN view) mac-limit { alarm { disable | enable } | maximum max-num }*

undo mac-limit
Parameters
action { discard | Indicates the action If no action is specified in

forward } performed when the the command, the
number of learned MAC default action discard is
address entries reaches used.
the limit.
● discard: discards
packets with new
source MAC
addresses.
● forward: forwards
packets with new
source MAC addresses
but does not add the
new MAC addresses
to the MAC address
table.
NOTE
This parameter cannot be
specified in the VLAN view.
alarm { disable | Indicates whether the If you do not set this

enable } system generates an parameter in the
alarm when the number command, the alarm
of learned MAC address function is enabled by
entries reaches the limit. default.
● disable: indicates that
no alarm is generated
when the number of
learned MAC
addresses reaches the
limit.
● enable: indicates that
an alarm is generated
when the number of
learned MAC
addresses reaches the
limit.

maximum max-num Sets the maximum The value is a decimal

number of MAC integer ranging from 0 to
addresses that can be 4096. The value 0
learned. indicates that the highest
NOTE rate of MAC address
If maximum is not set, you learning is not limited.
must run the mac-limit
command with maximum
specified. If you have run
the mac-limit command to
set the maximum number
of MAC addresses that can
be learned, you do not
need to set maximum
max-num when running
this command again.
Views
VLAN view, GE interface view, Eth-Trunk interface view, XGE interface view,
Default Level
Usage Guidelines
Usage Scenario
The mac-limit command limits the number of access users and prevents attacks
to the MAC address tables. You can enable the function to improve network
security.
Precautions
The action cannot be set in the VLAN view.
Example
# Configure the following MAC address learning rule on GigabitEthernet0/0/1:
● The maximum number of learned MAC addresses is 30.
● When the number of learned MAC addresses exceeds the maximum, and an
alarm is generated.
[HUAWEI] interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] mac-limit maximum 30 alarm enable

7.1.16 port bridge enable

Function
The port bridge enable command enables the port bridge function on an
interface. The interface then can forward packets whose source and destination
MAC addresses are both learned by this interface.
The undo port bridge enable command disables the port bridge function.
By default, the port bridge function is disabled on an interface.
Format
port bridge enable
undo port bridge enable
Parameters
None
Views
view
Default Level
Usage Guidelines
By default, an interface does not forward packets whose source and destination
MAC addresses are both learned by this interface. When the interface receives
such a packet, it discards the packet as an invalid packet.
After the port bridge function is enabled on the interface, the interface forwards
such a packet if the destination MAC address of the packet is in the MAC address
table.
The port bridge function is used in the following scenarios:
● The device connects to devices that do not support Layer 2 forwarding. When
users connected to these devices need to send packets, the packets are
directly sent to the device and forwarded by the device. These packets have
the same source and destination MAC address; therefore, you need to enable
port bridge to forward packets with the same source and destination MAC
address.
● The device is used as an access device in a data center and is connected to
servers. Each server is configured with multiple virtual machines. The virtual
machines need to transmit data to each other. If data between virtual
machines is transmitted on the server, the data transmission rate and server
performance may be affected. To improve the data transmission rate and

server performance, enable the port bridge function on the interfaces

connected to the servers so that the device forwards data packets between
the virtual machines.
Example
# Enable the port bridge function on GigabitEthernet0/0/1.
[HUAWEI] interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port bridge enable
7.2 Ethernet Link Aggregation Commands

NOTE
Ethernet link aggregation is supported only by the following models: AP6750-10T, AirEngine
5760-10, AP7060DN, AP5510-W-GP, AD9430DN-12, AD9430DN-24, AD9431DN-24X, AP2051DN,
AP2051DN-E, AP2051DN-S, AP4030TN, AP4051DN, AP4051DN-S, AP4151DN, AP4051TN,
AP5030DN, AP5050DN-S, AP5130DN, AP6050DN, AP6150DN, AP6052DN, AP7050DE,
AP7050DN-E, AP7052DN, AP7152DN, AP7052DE, AP8030DN, AP8130DN, AP8050DN,
AP8050DN-S, AP8150DN, AP8050TN-HD, AP8082DN, AP8182DN, AP9130DN, AP9131DN,
AP9132DN.
7.2.1 display eth-trunk
Function
The display eth-trunk command displays the configuration about an Eth-Trunk.
Format
display eth-trunk [ trunk-id [ interface interface-type interface-number |
verbose ] ]
Parameters

trunk-id Specifies the ID of an Eth-Trunk. The value is an
integer that
ranges from 0 to
7.
interface Specifies a member interface. -

interface-type
interface-number interface-type specifies the type of the
member interface.
interface-number specifies the number of
the member interface.


verbose Displays the detailed configuration of a -
specified Eth-Trunk, including the statistics
about interface traffic.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After configuring an Eth-Trunk on a device, you can run the display eth-trunk
command to check whether the configuration of the Eth-Trunk is correct.
When using the display eth-trunk command, note that:
● If no optional parameter is specified, the configurations of all Eth-Trunks are
displayed.
● If trunk-id is specified only, the configuration of a specified Eth-Trunk is
displayed.
● If trunk-id and interface interface-type interface-number are specified, the
configuration of member interfaces of the specified Eth-Trunk is displayed.
● If trunk-id is specified and verbose is configured, the detailed configuration of
a specified Eth-Trunk is displayed, including the statistics about interface
traffic.
Prerequisites
The interface specified in this command must be an existing one; otherwise, the
system prompts an error.
Precautions
If there is a great deal of statistics about traffic on Eth-Trunks, you are
recommended to specify Eth-Trunk ID or interface interface-type interface-
number to filter output information. Otherwise, the following problems may occur
due to excessive output information:
● The displayed information is repeatedly updated, and required information
cannot be located.
● The system does not respond because of long-time information traverse and
search.
Example
# Display the configuration of Eth-Trunk 1 in manual load balancing mode.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:

WorkingMode: NORMAL Hash arithmetic: According to src-dst-ip

Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: down Number Of Up Port In Trunk: 0
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet0/0/1 Up 1
Table 7-10 Description of the display eth-trunk command output

Item Description
WorkingMode Operation mode of the Eth-Trunk:

● NORMAL: manual load balancing mode
● : LACP mode
Hash arithmetic Hash algorithm used for load balancing

among member interfaces of the Eth-Trunk.
Least Active-linknumber Minimum number of active member links.
Max Bandwidth-affected- Maximum number connections that affect

linknumber the Eth-Trunk bandwidth.
Operate status Status of the Eth-Trunk:

● UP: The interface is Up.
● DOWN: The interface is Down.
Number Of Up Port In Trunk Number of Up member interfaces in the

Eth-Trunk.
PortName Name of a member interface.
Status Status of local member interfaces in

Manual Load Balancing Mode:
● Up: indicates that the interface is
properly started.
● Down: indicates that the interface is
faulty.
Weight Weight of the member interface.
7.2.2 display interface eth-trunk

Function
The display interface eth-trunk command displays the status of an Eth-Trunk.
Format
display interface eth-trunk [ trunk-id | main ]

Parameters
trunk-id Specifies the ID of an Eth-Trunk. The value is an

integer that
ranges from 0 to
7.
main Displays status and traffic statistics about an -

Eth-Trunk main interface.
If you do not specify the main parameter, status
and traffic statistics about both an Eth-Trunk
main interface and Eth-Trunk sub-interfaces are
displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display interface eth-trunk command to view the status and
weight of each member interface of the Eth-Trunk.
To monitor the status of an interface or locate an interface fault, you can use the
display interface eth-trunk command to collect the status of and statistics on
the interface. You can collect traffic statistics and locate faults on the interface
according to the command output.
Example
# Display the status of Eth-Trunk 2.
<HUAWEI> display interface Eth-Trunk 2
Eth-Trunk2 current state : DOWN
Description:HUAWEI, AP Series, Eth-Trunk5 Interface
Switch Port, PVID : 1, TPID : 8100(Hex), Hash arithmetic : According to src-d
st-ip,The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is dcd2-fcf9-b5ca
Broadcast: 0, Discard: 0
Total Error: 0

Broadcast: 0, Discard: 0
Total Error: 0


-----------------------------------------------------
PortName Status Weight
-----------------------------------------------------
-----------------------------------------------------
The Number of Ports in Trunk : 0
The Number of UP Ports in Trunk : 0
Table 7-11 Description of the display interface eth-trunk command output

Item Description
Eth-Trunk2 current state Status of the Eth-Trunk2:

● UP: indicates that the interface is
properly started.
faulty.
● Administratively Down: If the
administrator uses the shutdown
(interface view) command on the
interface, the state is Administratively
Down.
Line protocol current state Link layer protocol status of the interface:
● DOWN: indicates that the link layer
protocol of the interface fails or no IP
address is assigned to the interface.
● UP: indicates that the link layer protocol
of the interface is running properly.
Description Description of the interface.
Switch Port Layer 2 interface.
PVID ID of the VLAN to which the interface

belongs
TPID Type of frames that are supported on the

interface.
By default, this field displays 0x8100,
indicating an 802.1Q frame.
This field is displayed only for a Layer 2
interface.
Hash arithmetic Hash algorithm used for load balancing

among member interfaces of the Eth-
Trunk.
Maximal BW Maximum bandwidth.
Current BW Current bandwidth.
The Maximum Frame Length MTU of the Eth-Trunk.

Item Description
IP Sending Frames' Format Format of the frame contained in the sent

IP packet, which can be PKTFMT_ETHNT_2,
Ethernet_802.3, or Ethernet_SNAP.
Hardware address MAC address of the Eth-Trunk.

If the system is configured with a time
zone and is in the summer time, the time
is displayed in the format of YYYY/MM/DD
HH:MM:SS UTC±HH:MM DST.
Input bandwidth utilization Inbound bandwidth usage.
Output bandwidth utilization Outbound bandwidth usage.
Input Number of packets received by the

interface.
Output Number of packets sent by the interface.
packets Total number of packets that the interface

receives or sends.
bytes Total number of bytes that the interface

receives or sends.
Unicast Number of unicast packets that the

interface receives or sends.
Broadcast Number of broadcast packets that the

Multicast Number of multicast packets that the

Discard Number of packets discarded by the Eth-

Trunk during physical layer detection.
Total Error Number of error packets discovered by the

Eth-Trunk during physical layer detection.
PortName Name of the Eth-Trunk member interface.
Status Status of the Eth-Trunk member interface.
Weight Weight of the Eth-Trunk member interface

in load balancing.
The Number of Ports in Trunk Number of Eth-Trunk member interfaces.
The Number of UP Ports in Trunk Number of Eth-Trunk member interfaces in

Up state.

7.2.3 display trunk index-map
Function
The display trunk index-map command displays the mapping between Eth-Trunk
interface IDs and internal indexes.
Format
display trunk index-map
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
An ID is manually allocated to an Eth-Trunk during Eth-Trunk creation. For
example, the ID of Eth-Trunk 1 is 1. In addition, the device also allocates an
internal number to each Eth-Trunk. The internal number is the index. When
allocating indexes, the device traverses indexes in ascending order. The
unallocated index is used as the index of an Eth-Trunk. Therefore, the mapping
between Eth-Trunk IDs and indexes is unordered.
Example
# Display the mapping between Eth-Trunk interface IDs and internal indexes.
<HUAWEI> display trunk index-map
Index Interface Name
-----------------------------
1 Eth-Trunk10
2 Eth-Trunk20
3 Eth-Trunk5
Table 7-12 Description of the display trunk index-map command output
Item Description
Index Index of the Eth-Trunk.
Interface Name Name of the Eth-Trunk.

7.2.4 display trunk resource

Function
The display trunk resource command displays trunk resources that have been
used on a device.
Format
display trunk resource
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To learn about used trunk resources, run the display trunk resource command to
check the number of created trunks and the number of interfaces added to the
trunk interface.
Example
# Display trunk resources used on a device.
<HUAWEI> display trunk resource
Number of configured trunk interfaces is : 4
Interface Member Count
-----------------------------------------------------------
Eth-Trunk1 2
Eth-Trunk10 0
Eth-Trunk30 0
Eth-Trunk55 0
Table 7-13 Description of the display trunk resource command output

Item Description
Number of configured trunk Number of configured trunk interfaces.

interfaces is
Interface Trunk interface type:

● Eth-Trunk
Member Count Number of member interfaces added to a

trunk interface.

7.2.5 display trunkmembership eth-trunk

Function
The display trunkmembership eth-trunk command displays information about
member interfaces of an Eth-Trunk.
Format
display trunkmembership eth-trunk trunk-id
Parameters
trunk-id Specifies the ID The value is an integer that

of an Eth- ranges from 0 to 7.
Trunk.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After an Eth-Trunk interface is successfully configured, you can run the display
trunkmembership eth-trunk command to view the configuration of the Eth-
Trunk interface and its member interfaces.
In the scenario where you need to monitor the status of an interface or locate an
interface fault, you can use the display trunkmembership eth-trunk command
to view detailed information about an Eth-Trunk interface and its member
interfaces. You can troubleshoot the interface and its member interfaces according
to the queried information.
Prerequisites
An Eth-Trunk interface is correctly configured. The Eth-Trunk interface must be
created in advance; otherwise, the system prompts an error when you run the
display trunkmembership eth-trunk command.
Example
# Display information about member interfaces of Eth-Trunk 2.
<HUAWEI> display trunkmembership eth-trunk 2
Trunk ID: 2

Used status: VALID

TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 2
Number Of Up Ports in Trunk = 2
Operate status: up
Interface GigabitEthernet0/0/0, valid, operate up, weight=1

Interface GigabitEthernet0/0/1, valid, operate up, weight=1
Table 7-14 Description of the display trunkmembership eth-trunk command

output
Item Description
Trunk ID ID of the Eth-Trunk.
Used status Whether the Eth-Trunk is available:

● VALID: indicates that the Eth-Trunk is available.
● INVALID: indicates that the Eth-Trunk is unavailable.
TYPE Type of an Eth-Trunk.
Working Mode Working mode of an Eth-Trunk.

● Normal: indicates the manual load balancing mode.
Number Of Ports in Indicates the number of interfaces that are added to

Trunk the Eth-Trunk.
Number Of Up Ports Indicates the number of Up interfaces that are added

in Trunk to the Eth-Trunk.
Operate status Eth-Trunk status:

● up: indicates that the Eth-Trunk is in Up state.
● down: indicates that the Eth-Trunk is in Down state.
Interface,valid,operate, Detailed information about a member interface:

weight ● Interface: indicates the interface type and number.
● valid: indicates that the interface is available.
● operate: indicates the status of the interface.
● weight: indicates the weight of the interface in load
balancing.
7.2.6 eth-trunk
Function
The eth-trunk command adds an interface to an Eth-Trunk.
The undo eth-trunk command removes an interface from an Eth-Trunk.
By default, an interface does not belong to any Eth-Trunk.

Format
eth-trunk trunk-id
undo eth-trunk
Parameters
trunk-id Specifies the ID of an The value is an integer

Eth-Trunk interface. that ranges from 0 to 7.
Views
GE interface view, XGE interface view
Default Level
Usage Guidelines
To improve the connection reliability and increase the bandwidth, you can use the
eth-trunk command to bind multiple interfaces into an Eth-Trunk.
When you add an Ethernet interface to an Eth-Trunk, the interface must use the
default settings of certain attributes. Otherwise, the interface cannot be added to
the Eth-Trunk. The attributes that use the default settings include:
● Link type
● VLAN that the interface belongs to
● Interface priority
● Whether the interface allows BPDUs to pass through
● MAC address learning
● Adding the interface to a multicast group statically
● Discarding broadcast packets
● Discarding unknown multicast packets
● Discarding unknown unicast packets
Those attributes must remain consistent and cannot be changed individually. If the
preceding attributes of an Eth-Trunk are changed, the attributes of all the member
interfaces are changed accordingly.
It is recommended that you run the shutdown (interface view) command to

disable an interface before adding the interface to an Eth-Trunk. After adding
interfaces at both ends of a link to an Eth-Trunk, run the undo shutdown
(interface view) command to enable the interfaces. Otherwise, traffic
interruption or broadcast storms may occur.

It is recommended that you run the shutdown (interface view) command to

disable a member interface before running the undo eth-trunk command to
remove the member interface from an Eth-Trunk.
The number of member interfaces of the Eth-Trunk on devices at both ends must
be equal. The interfaces at both ends must be connected with straight-through
cables.
Example
# Add GigabitEthernet0/0/1 to Eth-Trunk 2.
[HUAWEI-GigabitEthernet0/0/1] eth-trunk 2
7.2.7 interface eth-trunk

Function
The interface eth-trunk command displays the view of an existing Eth-Trunk or
creates an Eth-Trunk and displays its view.
The undo interface eth-trunk command deletes an Eth-Trunk.
Format
interface eth-trunk trunk-id
undo interface eth-trunk trunk-id
Parameters
trunk-id Specifies the ID The value is an integer that ranges

of an Eth- from 0 to 7.
Trunk.
Views
System view
Default Level
Usage Guidelines
If the specified Eth-Trunk already exists, you can directly enter the Eth-Trunk
interface view by using the interface eth-trunk command.
You can delete an Eth-Trunk only if the Eth-Trunk does not contain any member
interface.

Example
# Create Eth-Trunk 2.
[HUAWEI] interface eth-trunk 2
[HUAWEI-Eth-Trunk2]
7.2.8 least active-linknumber
Function
The least active-linknumber command sets the lower threshold for the number
of active member links on an Eth-Trunk.
The undo least active-linknumber command restores the default lower threshold
for the number of active member links.
By default, the lower threshold for the number of active member links on an Eth-
Trunk is 1.
Format
least active-linknumber link-number
undo least active-linknumber
Parameters
link-number Specifies the lower threshold for the The value is an integer
number of active member links. ranging from 1 to 8.
Views
Eth-Trunk interface view
Default Level
Usage Guidelines
Usage Scenario
The number of active member links on an Eth-Trunk affects the status and
bandwidth of the Eth-Trunk. The bandwidth of an Eth-Trunk equals the total
bandwidth of all member interfaces in Up state.
The number of Up member links affects the status and bandwidth of the Eth-
Trunk. To ensure that the Eth-Trunk functions properly and is less affected by
member link status change, set the following threshold.

● Lower threshold for the number of active member links

When the number of active interfaces falls below this threshold, the Eth-Trunk
goes Down. This guarantees the Eth-Trunk a minimum available bandwidth.
For example, if the Eth-Trunk is required to provide a minimum bandwidth of
2 Gbit/s and each member link's bandwidth is 1 Gbit/s, the lower threshold
for the number of active member links must be set to at least 2.
To delete the configured lower threshold for the number of active member links or
restore the default value, use the undo least active-linknumber command or
least active-linknumber 1 command.
Prerequisites
The Eth-Trunk interface has been correctly configured.
Precautions
If you run the least active-linknumber command multiple times, only the latest
After the upper threshold for the number of active member links is configured,
● The Eth-Trunk interface goes Down when the number of active member links
falls below the configured lower threshold.
● The Eth-Trunk interface goes Up when the number of active member links
reaches the configured lower threshold.
Example
# Set the lower threshold for the number of active member links to 3.
[HUAWEI-Eth-Trunk1] least active-linknumber 3
7.2.9 load-balance
Function
The load-balance command sets a load balancing mode of an Eth-Trunk.
The undo load-balance command restores the default load balancing mode of an
Eth-Trunk.
By default, the load balancing mode is src-dst-ip.
Format
load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-dst-mac }
undo load-balance

Parameters
dst-ip Indicates load -

balancing based on
destination IP
addresses.
dst-mac Indicates load -

balancing based on
destination MAC
addresses.
src-ip Indicates load -

balancing based on
source IP addresses.
src-mac Indicates load -

balancing based on
source MAC
addresses.
src-dst-ip Indicates load -

balancing based on
source and
destination IP
addresses.
src-dst-mac Indicates load -

balancing based on
source and
destination MAC
addresses.
Views
Default Level
Usage Guidelines
Usage Scenario
To ensure proper load balancing between physical links of an Eth-Trunk and avoid
link congestion, use the load-balance command to set the load balancing mode
of the Eth-Trunk.
Load balancing is valid only for outgoing traffic; therefore, the load balancing
modes for the interfaces at both ends of the link can be different and do not
affect each other.

You can set the load balancing mode based on traffic models. When a parameter
of traffic changes frequently, you can set the load balancing mode based on this
parameter to ensure that the traffic is load balanced evenly. For example, if IP
addresses in packets change frequently, use the load balancing mode based on
dst-ip, src-ip, or src-dst-ip so that traffic can be properly load balanced among
physical links. If MAC addresses in packets change frequently and IP addresses are
fixed, use the load balancing mode based on dst-mac, src-mac, or src-dst-mac so
that traffic can be properly load balanced among physical links.
The device supports the following load balancing modes:
● dst-ip: load balancing based on destination IP address. In this mode, the

system obtains the specified three bits from each of the destination IP address
and the TCP or UDP port number in outgoing packets to perform the
Exclusive-OR calculation, and then selects the outgoing interface from the
Eth-Trunk table according to the calculation result.
● dst-mac: load balancing based on destination MAC address. In this mode, the
system obtains the specified three bits from each of the destination MAC
address, VLAN ID, Ethernet type, and incoming interface information to
perform the Exclusive-OR calculation, and then selects the outgoing interface
from the Eth-Trunk table according to the calculation result.
● src-ip: load balancing based on source IP address. In this mode, the system
obtains the specified three bits from each of the source IP address and the
TCP or UDP port number in incoming packets to perform the Exclusive-OR
calculation, and then selects the outgoing interface from the Eth-Trunk table
according to the calculation result.
● src-mac: load balancing based on source MAC address. In this mode, the
system obtains the specified three bits from each of the source MAC address,
VLAN ID, Ethernet type, and incoming interface information to perform the
● src-dst-ip: load balancing based on the Exclusive-OR result of the source IP
address and destination IP address. In this mode, the system performs the
Exclusive-OR calculation between the Exclusive-OR results of the dip and
dmac modes, and then selects the outgoing interface from the Eth-Trunk
table according to the calculation result.
● src-dst-mac: load balancing based on the Exclusive-OR result of the source
MAC address and destination MAC address. In this mode, the system obtains
three bits from each of the source MAC address, destination MAC address,
VLAN ID, Ethernet type, and incoming interface information to perform the
Precautions
If you run the load-balance command multiple times, only the latest
Example
# Set the load balancing mode of an Eth-Trunk to dst-mac.

[HUAWEI] interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1] load-balance dst-mac
7.2.10 mode
Function
The mode command configures the working mode of an Eth-Trunk.
The undo mode command restores the default working mode of an Eth-Trunk.
By default, an Eth-Trunk works in manual load balancing mode.
Format
mode manual load-balance
undo mode
Parameters
manual load-balance Indicates the manual load balancing mode. -
Views
Default Level
Usage Guidelines
Usage Scenarios
Currently, the device supports Eth-Trunks to work in the following modes:

● Manual load balancing mode
When one of the devices at the two ends of an Eth-Trunk link does not
support LACP, you can run the command to configure the Eth-Trunk interface
to work in manual load balancing mode. In addition, you can add multiple
member interfaces to increase the bandwidth between the two devices and
improve reliability.
The manual load balancing mode is a basic link aggregation mode. In this
mode, you must manually create an Eth-Trunk interface, add interfaces to the
Eth-Trunk interface. LACP is not involved.
In manual load balancing mode, all active member interfaces forward data
and perform load balancing.
Precautions

If you run the mode command multiple times, only the latest configuration takes
effect.
Example
# Configure Eth-Trunk 1 to work in manual load-balance mode.
[HUAWEI-Eth-Trunk1] mode manual load-balance
7.2.11 trunk-member trap

Function
The trunk-member trap in private-mib enable command configures Eth-Trunk
member interfaces to send trap messages through the private MIB.
The undo trunk-member trap in private-mib enable command configures Eth-
Trunk member interfaces to send trap messages through the public MIB.
By default, trap messages of the Eth-Trunk member interfaces are sent by the
public MIB.
Format
trunk-member trap in private-mib enable
undo trunk-member trap in private-mib enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
When a trunk member interface changes from Up to Down or from Down to Up,
you are informed of the status change so as to check whether the device fails or
recovers.
If you want to know to which trunk interface the member interface belongs, you
can run the trunk-member trap in private-mib enable command to configure
trunk member interfaces to send trap messages through the private MIB. This is
because the trap message sent through a private MIB carries information about
the trunk interface with the specified ID, whereas the trap messages sent through
the public MIB do not carry information about trunk interfaces with specified IDs.

Prerequisites
The trunk interfaces are correctly configured.
Precautions
After the trunk-member trap in private-mib enable command is configured,

trap messages are sent only through the private MIB. That is, you need to view the
sent trap messages by using the private MIB of Huawei.
Example
# Configure the Eth-Trunk member interface to send trap messages through the
private MIB.
[HUAWEI] trunk-member trap in private-mib enable
7.3 VLAN Configuration Commands
7.3.1 damping time
Function
The damping time command sets the VLAN damping time on a VLANIF interface,
that is, the delay before reporting a VLAN Down event to the VLANIF interface.
The undo damping time command restores the default dumping time.
The default damping time on a VLANIF interface is 0 seconds. That is, the VLANIF
interface is notified immediately after the VLAN becomes Down.
Format
damping time delay-time
undo damping time
Parameters
delay-time Specifies the delay The value ranges from 0

before reporting the to 20, in seconds. The
VLAN Down event to a default value is 0.
VLANIF interface.
Views

Default Level
Usage Guidelines
Usage Scenario
Software upgrade or active/standby switchover on the wireless access point may

cause frequent status changes on VLANIF interfaces. To prevent network flapping,
run the damping time command on VLANIF interfaces to configure the VLAN
damping function.
When all interfaces in a VLAN become Down, the wireless access point waits for a
period specified by delay-time and then reports the VLAN Down event to the
VLANIF interface.
Precautions
If any interface in the VLAN becomes Up within the delay time, the VLANIF
interface remains Up.
You can use the display interface vlanif command to view the VLAN damping
time.
If you run the damping time command multiple times in the same VLANIF
Example
# Set the VLAN damping time on VLANIF 10 to 10 seconds.
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI-Vlanif10] damping time 10
7.3.2 description (VLAN view)
Function
The description command sets the description of a VLAN.
The undo description command restores the default description of a VLAN.
By default, the description of a VLAN shows the VLAN ID. For example, the
description of VLAN 2 is "VLAN 0002".
Format
undo description

Parameters
description Specifies the description It is a string of 1 to 80

of a VLAN. characters. The
characters are case
sensitive. Spaces are
allowed.
Views
VLAN view
Default Level
Usage Guidelines
Usage Scenario
The description command is used to set the description of a VLAN, which is
convenient for identifying, memorizing, and maintaining the VLAN.
The display vlan vlan-id verbose command can display the description of a
specified VLAN.
Precautions
Set different descriptions for VLANs to distinguish.
If you run the description command multiple times in the same VLAN view, only
the last configuration takes effect.
Example
# Set the description of VLAN 2 as "test".
[HUAWEI] vlan 2
[HUAWEI-vlan2] description test
7.3.3 description (VLANIF interface view)

Function
The description command set the description of a VLANIF interface.
The undo description command restores the default description of a VLANIF
interface.
By default, the description of a VLANIF interface is in "HUAWEI, AP Series, Vlanif2
Interface" format.

Format
undo description
Parameters
description Specifies the description It is a string of 1 to 242

of a VLANIF interface. characters. The
characters are case
sensitive. Spaces are
allowed.
Views
Default Level
Usage Guidelines
Usage Scenario
To manage VLANIF interfaces conveniently, use the description command to set

VLANIF interface descriptions. The description of a VLANIF interface helps you
identify the VLANIF interface and know its functions.
You can use the display interface vlanif command to view the description of a
VLANIF interface.
Precautions
The description of a VLANIF interface should provide useful information.
Set different descriptions for VLANIF interfaces to distinguish VLANIF interfaces.
If you run the description command multiple times in the same VLANIF interface
view, only the latest configuration takes effect.
Example
# Set the description of VLANIF 2 to "test".
[HUAWEI] vlan 2
[HUAWEI-vlan2] quit
[HUAWEI-Vlanif2] description test

7.3.4 display interface vlanif

Function
The display interface vlanif command displays the status and configuration of a
VLANIF interface.
Format
display interface vlanif [ vlan-id | main ]
Parameters
vlan-id Specifies the ID of a The value is an integer

VLAN. and the value range
depends on the range of
existing VLANIF
interfaces. You can enter
the question mark (?) to
obtain the range of
VLAN IDs.
main Displays status and -

traffic statistics about a
VLANIF interface.
A VLANIF interface has
no sub-interfaces. Status
about a VLANIF interface
are displayed whether
you specify the main
parameter or not.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
To monitor an interface or locate an interface fault, you can use the display
interface vlanif command to view the interface status, interface configuration,
and traffic statistics on the interface.
Prerequisites

The specified VLANIF interface has been created.
Precautions
If vlan-id is not specified, the display interface vlanif command displays

information about all VLANIF interfaces in the system.
Example
# Display the status and configuration of VLANIF 3.
<HUAWEI> display interface vlanif 3
Vlanif3 current state : DOWN
Description:HUAWEI, AP Series, Vlanif3 Interface
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc01-00e1
Current system time: 2007-09-12 20:21:13
Input bandwidth utilization : --
Output bandwidth utilization : --
Table 7-15 Description of the display interface vlanif command output
Item Description
current state Status of a VLANIF interface. The value is UP or Down.
Line protocol current Status of the link-layer protocol on a VLANIF interface.

state The value is UP or Down.
Last line protocol up The last time the line protocol is up.
time
Description Description of a VLANIF interface.
Route Port Indicates that the interface is a Layer 3 interface.
The Maximum Specifies the MTU of a VLANIF interface.

Transmit Unit
Internet Address IP address of a VLANIF interface. If the VLANIF interface

does not have an IP address, the system displays
"Internet protocol processing: disabled."
IP Sending Frames' Encapsulation format of IP packets, which can be

Format PKTFMT_ETHNT_2, Ethernet_802.3, or Ethernet_SNAP.
Hardware address MAC address of the VLANIF interface.

If the system is configured with a time zone and is in
the summer time, the time is displayed in the format of
YYYY/MM/DD HH:MM:SS UTC±HH:MM DST.
Input/Output Inbound/outbound bandwidth utilization on an

bandwidth utilization interface.

7.3.5 display port vlan

Function
The display port vlan command displays information about interfaces of the
VLAN.
Format
display port vlan [ interface-type interface-number | active ] *
Parameters

number number of an interface
in the VLAN.
specified, information
about all interfaces in
the VLAN is displayed.
active Indicates the interface -

information of dynamic
entries in the VLAN.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run the display port vlan command to view information about interfaces
of the VLAN and check whether the VLAN is assigned by the command, protocols,
or services. If a fault occurs on an interface, you can locate the fault based on the
information about the interface and VLAN.
Prerequisite
A VLAN has been created and the Layer 2 interface has joined the VLAN.
Precautions
If a large number of mappings between interfaces and VLANs exist on the device,
you are advised to specify the interface or active to filter the command output.
Otherwise, the following problems may occur due to excessive output information:

● The displayed information is repeatedly refreshed, causing required

information to fail to be obtained.
● The system does not respond because of long-time information traverse and
search.
Example
# Display information about interfaces that belong to each VLAN on the device.
<HUAWEI> display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1 2001
# Display information about all dynamic entries.

<HUAWEI> display port vlan active
T=TAG U=UNTAG C=Configured H=HVRP G=GVRP V=VOICE-VLAN E=E-LMI
DA=Dynamic-authorization-VLAN UU=Unauthenticated-user-VLAN M=Mac-Flapping
LBDT=Loopback-detect LDT=Loop-detection
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
GE0/0/1 trunk 1(C) U: 1(C)
T: 2001(C)
Table 7-16 Description of the display port vlan command output
Item Description
Port Indicates the type and number of the interface.
Link Type Indicates the types of the interface link.
PVID Indicates the default VLAN ID of the interface. By

default, VLAN 1 is the default VLAN of all interfaces.
Trunk VLAN List ● Indicates the VLAN IDs that are dynamically added
by an interface.
● Indicates the VLAN IDs of packets that are statically
configured to pass through an interface.
VLAN List Indicates the VLAN IDs of packets that are statically
configured to pass through an interface.
7.3.6 display vlan

Function
The display vlan command displays information about all VLANs.
If no parameter is specified, brief information about all VLANs is displayed.
Format
display vlan [ vlan-id [ verbose ] ]

display vlan vlan-name vlan-name [ verbose ]
display vlan [ vlan-id1 [ to vlan-id2 ] | vlan-name vlan-name | brief | summary ]
Parameters

VLAN. that ranges from 1 to
4094.
vlan-id1 [ to vlan-id2 ] Specifies a range of ● The value of vlan-id1

VLAN IDs. is an integer that
● vlan-id1 specifies the ranges from 1 to
first VLAN ID. 4094.
● to vlan-id2 specifies ● The value of vlan-id2
the last VLAN ID. The is an integer that
value of vlan-id2 ranges from 1 to
must be greater than 4094.
or equal to the value
of vlan-id1. If to vlan-
id2 is not specified,
only information
about the VLAN
specified by vlan-id1
is displayed.
summary Displays summary of all -

VLANs.

information about a
specified VLAN.
vlan-name vlan-name Specifies a VLAN name. The value is a string of 1

to 31 case-sensitive
characters without
spaces.
brief Indicates brief -

information about
VLANs.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
The display vlan command displays VLAN configuration or packet statistics on

interfaces in a VLAN.
Example
# Display brief information about all VLANs.
<HUAWEI> display vlan
* : management-vlan
---------------------
The total number of vlans is : 6
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property
--------------------------------------------------------------------------------
1 common enable enable forward forward forward default
# Display detailed information about VLAN 100.

<HUAWEI> display vlan 100 verbose
* : Management-VLAN
---------------------
VLAN ID : 100
VLAN Name :
VLAN Type : Common
Description : VLAN 0100
Status : Enable
Broadcast : Enable
MAC Learning : Enable
Smart MAC Learning : Disable
Current MAC Learning Result : Enable
Statistics : Disable
Property : Default
VLAN State : Down
----------------
Tagged Port: GigabitEthernet0/0/1
----------------
Active Tag Port: GigabitEthernet0/0/1
-------------------
Interface Physical
GigabitEthernet0/0/1 DOWN
# Display summary of all VLANs.

<HUAWEI> display vlan summary
static vlan:
Total 8 static vlan exist(s).
1 10 to 12 20 100 200 470
dynamic vlan:
Total 0 dynamic vlan exist(s).
# Display brief of all VLANs.

<HUAWEI> display vlan brief
U:Up;D:Down;TG:Tagged;UT:Untagged;
VID Name Status Ports

--------------------------------------------------------------------------------
1 enable UT: GE0/0/1(U)
2001 enable TG: GE0/0/1(U)

Table 7-17 Description of the display vlan command output

Item Description
VID or VLAN ID ID of a VLAN.
Type or VLAN Type Type of a VLAN.

● mux: indicates a principal VLAN used in the
MUX VLAN function.
● mux-sub: indicates a subordinate VLAN used
in the MUX VLAN function.
● super: indicates a super-VLAN used for VLAN
aggregation.
● sub: indicates a sub-VLAN used for VLAN
aggregation.
● Common: indicates a common VLAN.
● *Common: indicates the management VLAN.
Ports Interfaces in a VLAN.
VLAN Name Name of a VLAN.
Description Description of a VLAN.
Status Status of a VLAN. The value is always Enable.
Broadcast Whether the broadcast function is enabled in a

VLAN.
● disable: The broadcast function is disabled.
● enable: The broadcast function is enabled.
MAC Learning/MAC-LRN Whether MAC address learning is enabled:

● disable: MAC address learning is disabled.
● enable: MAC addresses learning is enabled.
Broadcast/Multicast/Unicast Indicates whether broadcast packets, multicast

packets, or unicast packets are forwarded. The
value can be:
● forward: forwarding broadcast packets,
multicast packets, or unicast packets
● discard: discarding broadcast packets,
multicast packets, or unicast packets
Smart MAC Learning Whether smart MAC address learning is

enabled:
● disable: Smart MAC address learning is
disabled.
● enable: Smart MAC addresses learning is
enabled.
Current MAC Learning Result MAC address learning result.

Item Description
Statistics Whether the traffic statistics function is enabled

in a VLAN.
● disable: Traffic statistics function is disabled.
● enable: Traffic statistics function is enabled.
Property Property of a VLAN.

● Default: indicates a default VLAN.
● MutilcastVlan: indicates a multicast VLAN.
● UserVlan: indicates a user VLAN.
VLAN state Indicates the status of the VLAN. The value can
be:
● Up
● Down
The status of a VLAN is determined by the
status of member interfaces in the VLAN. A
VLAN is Up only when at least one member
interface in the VLAN is Up.
Tagged/Untagged Port Interfaces that are manually added to a VLAN in

tagged or untagged mode.
Active Tag/Active Untag Port Active interfaces that join a VLAN in tagged or
untagged mode.
static vlan VLANs that are created manually.
dynamic vlan VLANs that are learned dynamically.
7.3.7 interface vlanif

Function
The interface vlanif command creates a VLANIF interface and displays the
VLANIF interface view.
The undo interface vlanif command deletes a VLANIF interface.
By default, VLANIF interfaces are not created.
Format
interface vlanif vlan-id
undo interface vlanif vlan-id

Parameters
vlan-id Specifies the ID of the The value is an integer

VLAN that a VLANIF that ranges from 1 to
interface belongs to. 4094.
The device supports 129
VLANIF interfaces.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
When a device needs to communicate with devices at the network layer, you can
create a logical interface based on a VLAN on the device, namely, a VLANIF
interface. A VLANIF interface is a network layer interface and can be configured
with an IP address. The device then users the VLANIF interface to communicate
with devices at the network layer.
Prerequisites
The specified VLAN has been created using the vlan command before you create a
VLANIF interface.
Follow-up Procedure
Run the ip address to assign an IP address to the VLANIF interface.
Precautions
If the specified VLANIF interface exists, the interface vlanif command displays the
VLANIF interface view directly.
When a VLANIF interface is used as a management VLANIF interface where you
can telnet to the device, the user VLAN ID cannot be the same as the
management VLAN ID; otherwise, you will fail to telnet to the device.
Example
# Create VLANIF 2 and enter the VLANIF interface view.
[HUAWEI] vlan 2
[HUAWEI-vlan2] quit
[HUAWEI-Vlanif2]

7.3.8 ip pool (VLAN view)

Function
The ip pool command configures an IP address pool for a sub-VLAN.
The undo ip pool command deletes the IP address pool of a sub-VLAN.
By default, no IP address pool is configured for sub-VLANs.
Format
ip pool start-address [ to end-address ]
undo ip pool
Parameters
start-address Specifies the start IP address in an IP It is in dotted
address pool. decimal notation.
to end-address Specifies the end IP address in an IP address It is in dotted
pool. decimal notation.
If end-address is not specified, only one IP
address, that is, start-address, exists in the
IP address pool.
Views
VLAN view
Default Level
Usage Guidelines
Usage Scenario
After assigning an IP address to the super-VLAN by assigning the IP address to a
VLANIF interface, you can specify the IP address range for users in the VLAN. In
this manner, the ARP module filters out packets with IP addresses beyond the IP
address range so that the number of ARP packets can be exactly controlled.
If the super VLAN is enabled with proxy ARP, the system directly sends an ARP
Request packet from a user in the sub-VLAN to the destination sub-VLAN based
on the IP address carried in the packet, which reduces broadcast traffic.
The ip pool command can be used to set an IP address pool for the sub-VLAN. In
the IP address pool, a single IP address or a consecutive IP address segment can be
configured, but inconsecutive IP address segments cannot be configured.

Precautions
If only one IP address is assigned to the VLANIF interface of the super-VLAN, the
range of IP addresses in the IP address pool of a sub-VLAN is determined by the
mask length of the IP address assigned to the VLANIF interface.
If multiple IP addresses are assigned to the VLANIF interface of the super-VLAN,
the range of IP addresses in the IP address pool of a sub-VLAN is determined by
the difference between the largest and smallest IP addresses assigned to the
VLANIF interface.
After the ip pool command is run for a sub-VLAN, only ARP packets (such as ARP
Request, ARP Response, and Proxy ARP) for the IP addresses in the IP address pool
can be processed in the sub-VLAN.
Example
# Configure an IP address pool for VLAN 20, with IP addresses ranging from
10.10.10.10 to 10.10.10.20.
[HUAWEI] vlan 20
[HUAWEI-vlan20] ip pool 10.10.10.10 to 10.10.10.20
7.3.9 management-vlan
Function
Using the management-vlan command, you can configure a VLAN as a
management VLAN.
Using the undo management-vlan command, you can cancel the configuration.
By default, no VLAN is configured as a management VLAN.
Format
management-vlan
undo management-vlan
Parameters
None
Views
VLAN view
Default Level
Usage Guidelines
Usage Scenario

To use a network management system to manage multiple devices, create a

VLANIF interface on each device and configure a management IP address for the
VLANIF interface. You can then log in to a device and manage it using its
management IP address. If a user-side interface is added to the VLAN, users
connected to the interface can also log in to the device. This brings security risks
to the device.
After a VLAN is configured as a management VLAN, no access interface can be

added to the VLAN. An access interface is connected to users. The management
VLAN forbids users connected to access interfaces to log in to the device,
improving device performance.
Follow-up Procedure
Create a VLANIF interface corresponding to the VLAN and configure a

management IP address on the VLANIF interface.
Precautions
VLAN 1 cannot be configured as an mVLAN.
You can run the display vlan command to view the management VLAN
configuration. In the command output, the VLAN marked with a * is the
management VLAN.
After a VLAN is configured as a management VLAN, only trunk and hybrid

interfaces can be added to the VLAN.
Example
# Configure VLAN 100 as a management VLAN.
[HUAWEI] vlan 100
[HUAWEI-vlan100] management-vlan
7.3.10 mtu (VLANIF interface view)
Function
Using the mtu command, you can set the maximum transmission unit (MTU) of a
VLANIF interface.
Using the undo mtu command, you can restore the default MTU of a VLAN
interface.
By default, the MTU of a VLAN interface is 1500 bytes.
Format
mtu mtu
undo mtu

Parameters
mtu Specifies the MTU of a The value is an integer

VLANIF interface. that ranges from 128 to
1700, in bytes.
Views
Default Level
Usage Guidelines
Usage Scenario
The MTU determines the maximum number of bytes in IP packets each time a
sender can send. The MTU of an IP packet refers to the number of bytes from the
IP header of the packet to the data.
The size of data frames is limited at the network layer. Any time the IP layer
receives an IP packet to be sent, it checks to which local interface the packet
needs to be sent and obtains the MTU configured on the interface. Then the IP
layer compares the MTU with the packet length. If the packet length is longer
than the MTU, the IP layer fragments the packet into smaller packets, which are
shorter than or equal to the MTU. If unfragmentation is configured, some packets
may be discarded during data transmission at the IP layer. To ensure jumbo
packets are not dropped during transmission, you need to configure forcible
fragmentation. In this case, you can run the mtu command to set the size of a
fragment.
Therefore, a proper MTU is a prerequisite for normal communication on a
network.
● If the configured MTU is excessively small and the packet size is larger,
packets are discarded when being forwarded through the forwarding chip;
packets are broken into a great number of fragments when being forwarded
through the CPU, affecting proper data transmission.
● If the size of packets exceeds the MTU supported by a transit node or a
receiver, the transit node or receiver fragments the packets or even discards
them, aggravating the network transmission load.
The default MTU is recommended. When the size of packets to be transmitted or
the device that receives packets changes, you can change the MTU based on the
actual network.
Precautions
● DHCP packets cannot be fragmented. When the MTU value set using the mtu
command is smaller than the DHCP packet length, DHCP packets cannot be
forwarded. Therefore, set a larger MTU value.

● If the MTU value is smaller than the DHCP packet length, the AP may be
disconnected. In this case, restart the AP.
● When the MTU is too small and the DF bit is set to 1, packets cannot be
fragmented. In this case, use the forced fragmentation function.
● Configuring the MTU of an interface affects the maximum number of bytes
for IP packets to be sent by the interface at a time. This configuration also
affects the maximum frame length of sent Ethernet packets. The Ethernet
packet size cannot exceed the maximum frame length allowed by the peer
interface, which can be set using the jumboframe enable command.
Example
# Set the MTU of the VLANIF100 interface to 1492 bytes.
[HUAWEI] interface Vlanif 100
[HUAWEI-Vlanif100] mtu 1492
7.3.11 name (VLAN view)

Function
The name command configures a name for a VLAN.
The undo name command deletes a configured VLAN name.
By default, a VLAN does not have a name.
Format
name vlan-name
undo name
Parameters
vlan-name Specifies the VLAN The name is a string of 1 to 31 case-
name. sensitive characters, spaces not supported.
Views
VLAN view
Default Level
Usage Guidelines
If a device is configured with multiple VLANs for transmitting different services,
you can name the VLANs in their corresponding VLAN views to facilitate service

management. In this manner, you can check the deployed services of a VLAN by
the VLAN name.
After VLANs are named, you can run the vlan vlan-name command in the system
view to enter the view of a specific VLAN, and then check or modify the
configuration of the VLAN.
Example
# Create VLAN 2, which is used to transmit voice services, and name it as voice.
[HUAWEI] vlan 2
[HUAWEI-vlan2] name voice
7.3.12 port
Function
Using the port command, you can configure a VLAN as the default VLAN of an
interface and add the interface to the VLAN.
Using the undo port command, you can restore the default VLAN of an interface
to the default setting.
By default, VLAN 1 is the default VLAN of all interfaces.
Format
port interface-type { interface-number1 [ to interface-number2 ] }&<1-10>
undo port interface-type { interface-number1 [ to interface-number2 ] }&<1-10>

Parameters
interface-type Configures the default -

{ interface-number1 [ to VLAN for multiple
interface-number2 ] } interfaces.
● interface-type
interfaces.
● interface-number1
of the first interface.
● interface-number2
of the last interface.
The value of
interface-number2
must be greater than
the value of interface-
number1. The
interface-number1
and interface-
number2 parameters
identify a range of
interfaces.
If to interface-number2
is not specified, only one
interface is specified. You
can specify 10 interface
ranges at one time.
Views
VLAN view
Default Level
Usage Guidelines
Usage Scenario
All frames sent from a user device are untagged, and frames sent from a remote
device may also be untagged. However, the device processes only tagged frames.
Therefore, the device adds a tag to each untagged frame received by an interface.
The default VLAN ID of the interface can be added to untagged frames so that
these frames are forwarded in the default VLAN.

After the default VLAN is specified for an access interface, packets passing through
the interface are processed as follows:
● When the interface receives an untagged frame, it tags the frame with the
default VLAN ID.
● When the interface receives a tagged packet:
– If the interface is an access interface, it compares the VLAN ID of the
packet with the default VLAN ID. If they are the same, the interface
forwards the packets; otherwise, the interface discards the packets.
● Before forwarding a tagged packet, the interface removes the VLAN tag from
the packet.
Prerequisites
The link-type of specified interfaces cannot be access or trunk before you run the
port command.
Precautions
A super VLAN cannot be configured as the default VLAN of interfaces. The undo
port command deletes the default VLAN of the specified interfaces only if the
current VLAN is the default VLAN of these interfaces.
If you run the port command multiple times in the same VLAN view, the VLAN is
configured as the default VLAN of all the specified interfaces.
You can also run the port default vlan command in the interface view to
configure the default VLAN for an interface. The two commands have the same
function.
Example
# Configure VLAN 3 as the default VLAN of interfaces GE0/0/1.
[HUAWEI] vlan 3
[HUAWEI-vlan3] port gigabitethernet 0/0/1
7.3.13 port default vlan
Function
The port default vlan command configures the default VLAN of an interface and
adds the interface to the VLAN.
The undo port default vlan command restores the default VLAN of an interface
to the default setting.
By default, VLAN 1 is the default VLAN of all interfaces.
Format
port default vlan vlan-id
undo port default vlan

Parameters
vlan-id Specifies the ID of the The value is an integer

default VLAN. that ranges from 1 to
4094.
Views
view
Default Level
Usage Guidelines
Usage Scenario
All frames sent from a user device are untagged, and frames sent from a remote
device may also be untagged. However, the AP processes only tagged frames.
Therefore, the AP adds a tag to each untagged frame received by an interface. The
default VLAN ID of the interface can be added to untagged frames so that these
frames are forwarded in the default VLAN.
After the default VLAN is specified for an access interface, packets passing through
the interface are processed as follows:
default VLAN tag.
● When the interface receives a tagged packet:
– If the interface is an access interface, it compares the VLAN ID of the
packet with the default VLAN ID. If they are the same, the interface
forwards the packets; otherwise, the interface discards the packets.
● Before forwarding a tagged packet, the interface removes the VLAN tag from
the packet.
Prerequisites
The VLAN to be configured as the default VLAN has been created.
The interface type is access. If not, run the port link-type command to change the
interface type.
Precautions
You can also run the port command in the VLAN view to configure the default
VLAN of an interface. The two commands have the same function.
A super VLAN cannot be configured as the default VLAN of interfaces.
If you run the port default vlan command multiple times in the same interface

Example
# Configure VLAN 3 (an existing VLAN) as the default VLAN of GE0/0/1 (an
access interface).
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 3
7.3.14 port hybrid pvid vlan

Function
The port hybrid pvid vlan command specifies the default VLAN ID of a hybrid
interface.
The undo port hybrid pvid vlan command restores the default VLAN ID of a
hybrid interface to the default setting.
By default, VLAN 1 is the default VLAN ID of all interfaces.
Format
port hybrid pvid vlan vlan-id
undo port hybrid pvid vlan
Parameters
vlan-id Specifies the default The value is an integer

VLAN ID of a hybrid that ranges from 1 to
interface. 4094.
Views
view
Default Level
Usage Guidelines
Usage Scenario
An interface may receive untagged and tagged frames, but the AP processes only
tagged frames. Therefore, the AP adds a tag to each untagged frame received by
an interface. The default VLAN ID of the interface can be added to untagged
frames so that these frames are forwarded in the default VLAN.
A hybrid interface processes Ethernet frames as follows:

default VLAN ID. If the default VLAN ID is allowed by the interface, the
interface accepts the frame. Otherwise, the interface discards the frame.
● When the interface receives a tagged frame, it accepts the frame if the VLAN
ID of the frame is in the list of allowed VLAN IDs. Otherwise, the interface
discards the frame.
● If the VLAN ID of a frame is allowed by the interface, the interface forwards
the frame.
Prerequisites
The VLAN to be specified as the default VLAN has been created.
Precautions
The port hybrid pvid vlan command only specifies the default VLAN for an
interface but does not add the interface to the default VLAN.
If you run the port hybrid pvid vlan command multiple times in the same
Example
# Specify VLAN 5 as the default VLAN of GE0/0/1.
[HUAWEI] vlan 5
[HUAWEI-vlan5] quit
[HUAWEI-GigabitEthernet0/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet0/0/1] port hybrid pvid vlan 5
7.3.15 port hybrid tagged vlan

Function
The port hybrid tagged vlan command adds a hybrid interface to the specified
VLANs. Frames of the VLANs then pass through the hybrid interface in tagged
mode.
The undo port hybrid vlan command removes a hybrid interface from the
specified VLANs.
By default, a hybrid interface is added to VLAN 1 in untagged mode.
Format
port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
undo port hybrid vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }

Parameters
vlan-id1 [ to vlan-id2 ] Adds a hybrid interface The value of vlan-id1 is

to specified VLANs. an integer that ranges
● vlan-id1 specifies the from 1 to 4094.
start VLAN ID. The value of vlan-id2 is
● to vlan-id2 specifies an integer that ranges
the end VLAN ID. The from 1 to 4094.
value of vlan-id2
of vlan-id1.
all Adds a hybrid interface -

to or deletes it from all
VLANs.
Views
view
Default Level
Usage Guidelines
Usage Scenario
A hybrid interface can connect to either a user device or a wireless access point.
This command adds a hybrid interface to VLANs in tagged mode so that the
hybrid interface allows frames from the VLANs to pass.
After a hybrid interface is added to VLANs in tagged mode, the interface forwards
frames without removing VLAN tags of frames.
Prerequisites
If an interface is not a hybrid interface, run the port link-type hybrid command
to change the interface type to hybrid.
Precautions
If you run the port hybrid tagged vlan command multiple times in the same
interface view, the interface is added to all the specified VLANs.
Example
# Add GE0/0/1 to VLAN 3 to VLAN 5 in tagged mode.


[HUAWEI-GigabitEthernet0/0/1] port hybrid tagged vlan 3 to 5
7.3.16 port hybrid untagged vlan

Function
The port hybrid untagged vlan command adds a hybrid interface to the specified
VLANs. Frames of the VLANs then pass through the hybrid interface in untagged
mode.
The undo port hybrid vlan command removes a hybrid interface from the
specified VLANs.
By default, a hybrid interface is added to VLAN 1 in untagged mode.
Format
port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
undo port hybrid vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
Parameters
vlan-id1 [ to vlan-id2 ] Adds a hybrid interface The value of vlan-id1 is

to specified VLANs. an integer that ranges
value of vlan-id2
of vlan-id1.
all Adds a hybrid interface -

to or deletes it from all
VLANs.
Views
view
Default Level
Usage Guidelines
Usage Scenario

A hybrid interface can connect to either a user device or a wireless access point.
When a hybrid interface is connected to a user device, it must be added to VLANs
in untagged mode so that it sends untagged frames.
After a hybrid interface is added to VLANs in untagged mode, the interface

removes VLAN tags of frames before sending frames.
Prerequisites
If an interface is not a hybrid interface, run the port link-type hybrid command
to change the interface type to hybrid.
Precautions
If you run the port hybrid untagged vlan command multiple times in the same
Example
# Add GE0/0/1 to VLAN 3 to VLAN 5 in untagged mode.
[HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 3 to 5
7.3.17 port link-type
Function
The port link-type command sets the link type of an interface.
The undo port link-type command restores the default link type of an interface.
By default, the link type of an interface is hybrid.
Format
port link-type { access | hybrid | trunk }
undo port link-type
Parameters
access Sets the link type of an -

interface to access.
hybrid Sets the link type of an -

interface to hybrid.
trunk Sets the link type of an -

interface to trunk.

Views
GE interface view, Eth-Trunk interface view, MultiGE interface view, XGE interface
view
Default Level
Usage Guidelines
Usage Scenario
Characteristics of different interfaces are:

● An access interface connects to a user device. It can connect only to an access
link, and Ethernet frames transmitted on the access link are untagged. An
access interface adds a VLAN tag to packets and sets the VID field in the
VLAN tag to the default VLAN ID. The access link transmits only the packets
with the default VLAN ID.
● A trunk interface connects to a wireless access point and can connect only to
a trunk link. A trunk interface allows frames from multiple VLANs to pass.
● A hybrid interface can connect to either a user device or a wireless access
point, and it can connect to an access link or a trunk link. A hybrid interface
allows frames from multiple VLANs to pass and can remove VLAN tags of
outgoing frames.
Prerequisites
Before changing the interface type, restore the default VLAN configuration of the
interface so that the interface belongs to only VLAN 1.
Follow-up Procedure
Add the interface to VLANs.
Precautions
If you run the port link-type command multiple times in the same interface view,
only the latest configuration takes effect.
Example
# Set the link type of GE0/0/1 to trunk.
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
7.3.18 port trunk allow-pass vlan
Function
The port trunk allow-pass vlan command adds a trunk interface to the specified
VLANs.

The undo port trunk allow-pass vlan command deletes a trunk interface from
the specified VLANs.
By default, a trunk interface is in VLAN 1.
Format
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
undo port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
Parameters
vlan-id1 [ to vlan-id2 ] Adds a trunk interface to The value of vlan-id1 is

specified VLANs. an integer that ranges
value of vlan-id2
of vlan-id1.
all Adds a trunk interface to -

or deletes it from all
VLANs.
Views
view
Default Level
Usage Guidelines
Usage Scenario
A trunk interface can join multiple VLANs and connects to a network device. To
allow all packets from one or multiple VLANs to pass through a trunk interface,
the trunk interface must be added to the VLANs using the port trunk allow-pass
vlan command.
Prerequisites
The link-type of the interface is configured to trunk.
Precautions

If you run the port trunk allow-pass vlan command multiple times in the same
Example
# Add GE0/0/1 to VLANs 10 to 30.
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 to 30
7.3.19 port trunk pvid vlan

Function
The port trunk pvid vlan command specifies the default VLAN for a trunk
interface.
The undo port trunk pvid vlan command restores the default VLAN of a trunk
interface to the default setting.
By default, VLAN 1 is the default VLAN of trunk interfaces.
Format
port trunk pvid vlan vlan-id
undo port trunk pvid vlan
Parameters
vlan-id Specifies the default The value is an integer

VLAN ID of a trunk that ranges from 1 to
interface. 4094.
Views
view
Default Level
Usage Guidelines
Usage Scenario
An interface may receive untagged and tagged frames, but the device processes
only tagged frames. Therefore, the device adds a tag to each untagged frame

received by an interface. The default VLAN ID of the interface can be added to

untagged frames so that these frames are forwarded in the default VLAN.
Prerequisites
The VLAN to be specified as the default VLAN has been created.
Follow-up Procedure
Add the trunk interface to the default VLAN.
Precautions
The port trunk pvid vlan command only specifies the default VLAN of a trunk
interface but does not add the trunk interface to the default VLAN. A trunk
interface forwards frames with the default VLAN ID only after it is added to the
default VLAN using the port trunk allow-pass vlan command.
If you run the port trunk pvid vlan command multiple times in the same
Example
# Specify VLAN 5 as the default VLAN of GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] port trunk pvid vlan 5
7.3.20 reset vlan statistics
Function
Using the reset vlan statistics command, you can clear traffic statistics in a
specified VLAN.
Format
reset vlan statistics vlan-id
Parameters

VLAN. that ranges from 1 to
4094.
Views
User view

Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command is used when you need to collect new packet statistics in a VLAN.
After this command is executed, the packet count in the VLAN becomes 0.
Precautions
NOTICE
Traffic statistics cannot be restored after they are cleared. Exercise caution when
you use the command.
Example
# Clear traffic statistics in VLAN 3.
<HUAWEI> reset vlan statistics 3
7.3.21 shutdown (VLANIF interface view)
Function
Using the shutdown command, you can shut down a VLANIF interface.
Using the undo shutdown command, you can enable a VLANIF interface.
By default, a VLANIF interface is enabled.
Format
shutdown
undo shutdown
Parameters
None
Views
Default Level

Usage Guidelines
Usage Scenario
When a VLANIF interface fails or is not needed, you can run the shutdown
command on the VLANIF interface.
Precautions
● A VLANIF interface is Up as long as an interface in the corresponding VLAN is

Up.
● After the VLANIF interface is shut down, the interface status changes to Down
even if physical interfaces in the corresponding VLAN are Up.
● After a VLANIF interface is shut down, none of the users that use the VLANIF
interface address as the gateway address can communicate at Layer 3. In
addition, the VLANIF interface address cannot be used in route calculation.
● After a VLANIF interface is shut down, the dynamic ARP entry corresponding
to the VLANIF interface starts aging in the ARP table. If the VLANIF interface
address is in a static ARP entry, the ARP entry is not deleted.
● To ensure that the cloud AP is managed by the SDN controller, you cannot
run the shutdown command on the cloud AP to disable the following
interfaces:
– Physical interface and VLANIF interface used to communicate with the
SDN controller
– VLANIF interface corresponding to the management VLAN
Example
# Enable VLANIF 2.
[HUAWEI-Vlanif2] undo shutdown
7.3.22 vlan
Function
The vlan command creates a VLAN and displays the VLAN view. If the VLAN
exists, the VLAN view is displayed.
The undo vlan command deletes a VLAN.
By default, all interfaces belong to the default VLAN, named VLAN 1.
Format
vlan vlan-id
vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10>
undo vlan vlan-id
undo vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10>

Parameters
vlan-id Specifies the VLAN ID. The value is an

integer ranging
from 1 to 4094.
batch Configures VLANs in batches. -
vlan-id1 to Specifies range of VLANs to be configured The vlan-id1 and

vlan-id2 in batches: vlan-id2 are
● vlan-id1 specifies the start VLAN ID. integers ranging
from 1 to 4094.
● vlan-id2 specifies the end VLAN ID.
vlan-id2 must be greater than or equal
to vlan-id1. vlan-id1 and vlan-id2
define a range together.
● If the parameter to vlan-id2 is not
specified, only the VLAN specified by
vlan-id1 is created.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To reduce broadcast domains and enhance security on a complex network, VLANs
can be created on the network to isolate the devices that do not need to
communicate each other. The vlan batch command creates multiple VLANs at
one time, simplifying VLAN configuration.
Follow-up Procedure
Assign VLANs according to network requirements.
Precautions
VLAN 1 is the default VLAN, which cannot be deleted and does not need to be
created.
The vlan command can be used to create a VLAN and enter the VLAN view. If a
VLAN has been created, the VLAN view is displayed after this command is used.
The vlan command multiple times creates multiple VLANs. If a VLAN has been
created, using this command cannot be used to create the same VLAN or modify
the configurations of the VLAN.

The vlan batch command can be used to create multiple VLANs in batches. If a
VLAN has been created, using this command cannot be used to create the same
VLAN or modify the configurations of the VLAN. The vlan batch commands
multiple times creates VLANs in multiple batches.
Before deleting a VLAN, run the undo interface vlanif command to delete the
corresponding VLANIF interface.
Example
# Create VLAN 100 and enter the VLAN 100 view. If VLAN 100 exists, the VLAN
100 view is displayed directly.
[HUAWEI] vlan 100
[HUAWEI-vlan100]
7.3.23 vlan vlan-name

Function
The vlan vlan-name command displays the view of a VLAN with the specified
VLAN name.
The undo vlan vlan-name command deletes a VLAN with the specified VLAN
name. After the command is used, the VLAN name is also deleted.
Format
vlan vlan-name vlan-name
undo vlan vlan-name vlan-name
Parameters
vlan-name Specifies the VLAN The name is a string of 1 to 31 case-
name. sensitive characters, spaces not supported.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
After the name command is run to set a VLAN name, you can run the vlan vlan-
name command in the system view to enter the corresponding VLAN view.

Assume that a device has multiple VLANs and each VLAN has a name. If you need
to delete the VLAN that is used to transmit voice services but cannot remember
the ID of the VLAN, you can run the undo vlan vlan-name command to delete
the VLAN by inputting the VLAN name.
Prerequisites
Before running the vlan vlan-name command, ensure that the name command is
run to set the VLAN name.
Precautions
When you run the undo vlan vlan-name command to delete a VLAN, services
configured for the VLAN are deleted at the same time. The deleted services cannot
be restored even if you recreate the VLAN. Therefore, exercise caution when
running the undo vlan vlan-name command.
Example
# Enter the view of the VLAN named user1.
[HUAWEI] vlan vlan-name user1
[HUAWEI-vlan2]
7.4 STP/RSTP/MSTP Configuration Commands
7.4.1 active region-configuration

Function
The active region-configuration command activates the configuration of a
multiple spanning tree (MST) region.
Format
active region-configuration
Parameters
None
Views
MST region view
Default Level
Usage Guidelines
Usage Scenario

Configuring MST region parameters, especially VLAN mapping tables for MST
regions, is likely to cause network topology flapping. To reduce network flapping,
make sure that newly configured MST region parameters take effect only after the
active region-configuration command is run.
Precautions
After the active region-configuration command is run, configured MST region

parameters will take effect and the spanning tree will be recalculated.
Example
# Map VLAN 5 to the spanning tree instance 2 and activate the configuration.
[HUAWEI] stp region-configuration
[HUAWEI-mst-region] instance 2 vlan 5
[HUAWEI-mst-region] active region-configuration
7.4.2 check region-configuration
Function
The check region-configuration command displays the configuration of an MST
region such as the region name, revision level, and VLAN mapping table.
Format
check region-configuration
Parameters
None
Views
MST region view
Default Level
Usage Guidelines
Usage Scenario
MSTP divides a switching network into multiple regions, each of which has
multiple spanning trees that are independent of each other. Each region is called
an MST region and each spanning tree is called a multiple spanning tree instance
(MSTI).
Two switching devices belong to the same MST region only when they have the
following same configurations:
● MST region name

● MST region revision level

● Mappings between MSTIs and VLANs
To ensure that MST region configurations on each switching device are correct,
you are recommended to run the check region-configuration command to check
the MST region configurations before running the active region-configuration
command. If the MST region configurations are correct, run the active region-
configuration command to activate them.
Precautions
By default, VLANs that are not mapped to any instances with non-zero IDs using
the instance command are mapped to instance 0.
Example
# Display the configuration of an MST region.
[HUAWEI-mst-region] check region-configuration
Admin configuration
Format selector :0
Region name :00b010000001
Revision level :0
Instance VLANs Mapped
0 1 to 9, 11 to 4094
16 10
Table 7-18 Description of the check region-configuration command output
Item Description
Format selector Selection factor defined by MSTP
Region name Name of the MST region. To configure the

name for an MST region, run the region-name
command.
Revision level Revision level of the MST region. To set the

revision level of the MST region, run the
revision-level command.
Instance VLANs Mapped Mapping between MSTIs and VLANs. To

configure the mapping between MSTIs and
VLANs, run the instance or vlan-mapping
modulo.
7.4.3 display stp
Function
The display stp command displays the status of and statistics on a spanning tree
instance.

Format
display stp [ instance instance-id ] [ interface interface-type interface-number ]
[ brief ]
Parameters
instance Displays the status and statistics of a The value is an

instance-id spanning tree instance. integer ranging
from 0 to 4094.
If instance instance-id is not specified, the Value 0 refers
status and statistics of all spanning tree to CIST.
instances will be displayed in the sequence
of the interface numbers.
interface Displays the information of a spanning tree -

interface-type on a specified interface.
interface-number
If interface interface-type interface-number
is not specified, the status and statistics of
all interfaces will be displayed in the
sequence of the interface numbers.
brief Displays the brief status. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The display stp command is used to check whether STP/RSTP/MSTP is run in the
existing switching device or specified interface.
● If the Protocol Status field value is Disabled, STP/RSTP/MSTP is not run.
● If STP/RSTP/MSTP has been run, information such as the working mode of
STP/RSTP/MSTP will be displayed.
When the network planner has deployed STP/RSTP/MSTP on the network, you can
run the display stp command to check whether the configurations and calculation
result.
Example
# When the stp enable command does not run, the status and statistics of STP
are displayed.

<HUAWEI> display stp

Protocol Status :Disabled
Protocol Standard :IEEE 802.1s
Version :3
CIST Bridge Priority :32768
MAC address :00e0-6343-6800
Max age(s) :20
Forward delay(s) :15
Hello time(s) :2
Max hops :20
Table 7-19 Description table of the display stp command output
Item Description
Protocol Status Status of the protocol.

● Disabled
● Enabled
Protocol Standard Standards of the protocol.
Version Protocol version:

● 0: STP
● 2: RSTP
● 3: MSTP
To set the protocol version, run the stp mode
command.
CIST Bridge Priority Priority of the switch in the CIST. To set the STP
priority, run the stp priority command.
MAC address MAC address of the switch.
Max age (s) Maximum TTL of BPDU. To set the value of Max Age,
run the stp timer max-age command.
Forward delay (s) Time taken by interface status transition. To set the
value of Forward Delay, run the stp timer forward-
delay command.
Hello time (s) Interval for sending BPDUs from the root switch. To set
the hello time, run the stp timer hello command.
Max hops Maximum number of hops in an MST region. To set

the maximum number of hops, run the stp max-hops
command.
# Display the status of and statistics on a spanning tree instance when the stp
enable command is configured.
<HUAWEI> display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
0 GigabitEthernet0/0/4 ROOT FORWARDING NONE

Table 7-20 Description of the display stp brief command output

Item Description
MSTID MSTP instance ID.
Port -
Role Interface role:

● DESI: Designated port
● ROOT: Root port
● ALTE: Alternate port
● BACK: Backup port
● MAST: Master port
● DISA: The interface is in
initialization state.
STP State Interface status. In the CIST region, the

statuses of interfaces are as follows:
● FORWARDING
● LEARNING
● DISCARDING
Protection Protection function:

● ROOTPROTECTION
● LOOPPROTECTION
● NONE
● LOOPBACK: loopback detection
● PVIDCONSISTENCY: The PVID of the
directly connected interface is
inconsistent.
# Display the status of and statistics on the spanning tree instance 0 on GE0/0/1.
<HUAWEI> display stp instance 0 interface GigabitEthernet 0/0/1
-------[CIST Global Info][Mode MSTP]-------

CIST Bridge :32768.00e0-fc0e-a421
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc0e-a421 / 0 (This bridge is the root)
CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0 (This bridge is the root)
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :0
TC count per hello :0
STP Converge Mode :Normal
Time since last TC :0 days 23h:9m:30s
Number of TC :1
Last TC occurred :GigabitEthernet0/0/1
----[Port3(GigabitEthernet0/0/1)][FORWARDING]----
Port Protocol :Enabled
Port Role :Designated Port
Port Priority :128

Port Cost(Legacy) :Config=auto / Active=19

Designated Bridge/Port :32768.00e0-fc0e-a421 / 128.1229
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :6 packets/s
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active=dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
TC or TCN send :0
BPDU Sent :147
TCN: 0, Config: 0, RST: 0, MST: 147
BPDU Received :0
Table 7-21 Description of the display stp instance command output

Item Description
CIST Global Info CIST global information.
Mode MSTP The operation mode is MSTP. By default, the mode is

MSTP. To set the operation mode, run the stp mode
command.
CIST Bridge ID of the CIST bridge.

● The previous 16 bits are the priority of the switch in
CIST.
● The latter 48 bits is the MAC address of the switch.
Config Times Values that is configured manually in the bridge

protocol information:
● Hello: the period of sending BPDUs.
● MaxAge: the maximum life cycle of BPDU.
● FwDly: deferred time of the change of the port
status.
● MaxHop: the maximum hops in the MST region.
Active Times Values that is used actually in the bridge protocol

information:
status.
CIST Root/ERPC CIST root bridge ID/External path cost (the path cost
from the switch to the CIST root bridge.)
CIST RegRoot/IRPC Region root bridge ID/Internal path cost (the path cost
from the switch to region root bridge.)
CIST RootPortId CIST root port ID. "0.0" indicates the switch is a root
bridge and has no root port.

Item Description
BPDU-Protection BPDU protection function:

● Disabled
● Enabled
TC or TCN received Number of the received TC or TCN packets.
TC count per hello Number of TC packets received within a hello interval.
STP Converge Mode STP converge mode
Time since last TC Period from the last topology change to now.
Number of TC Topology change count.
Last TC occurred Interface which causes the last topology change

NOTE
This parameter does not appear when Number of TC is 0.
Port Protocol The status of the port protocol is as follows:

● Enable: STP is enabled on the port.
● disable: STP is disabled on the port.
Port Role In CIST area, the four port roles are as follows:
● Root Port
● Designated Port
● Alternate Port
● Backup Port
Port Priority Priority of the port. To set the priority for a port, run
the stp port priority command.
Port Cost(Dot1T) Path cost of the port. It is calculated by dot1t

algorithm.
● config: refers to the path cost that is configure
manually.
● active: refers to the path cost actually.
Designated Bridge/ ID of the designated switch and port. The first 16 bits
Port of the switch ID represent the priority of the switch in
the CIST region; the last 48 bits represent the MAC
address of the switch. The first 4 bits of the port ID
represent the priority and the last 12 bits represent the
port number.
Port Edged Edged port that is specified by the administrator:

● enabled
● disabled
Point-to-point Link type of the port. Config indicates that the link
type is configured by running the stp point-to-point
command. Active indicates the actual link type.

Item Description
Transit Limit Limit of the BPDUs sent by the current port during
each Hello time. To set the limit of the BPDUs sent by
the current port during each Hello time, run the stp
transmit-limit (interface view) command.
Protection Type The protection type is as follows:

● root-protection: valid only on a designed port.
● loop-protection: valid only on a root port or an
alternate one.
Port STP Mode STP mode on an interface.
Port Protocol Type Format of the packets that the interface receives and
sends. The formats are as follows:
● auto
● legacy
● dot1s
The default value is auto.
PortTimes Values in the bridge protocol information of the

interface:
status.
TC or TCN send Number of BPDUs with TC flags or TCN BPDUs sent by

the port.
TC or TCN received Number of BPDUs with TC flags or TCN BPDUs

received by the port.
BPDU Sent Statistics about the packets sent by BPDU is as follows:

● TCN: topology change notification
● Config: STP packets
● RST: RSTP packets
● MST: MSTP packets
BPDU Received Statistics about the packets received by BPDU.
Last forwarding time Time when the interface last entered the forwarding
state.

7.4.4 display stp abnormal-interface
Function
The display stp abnormal-interface command displays information about
abnormal interfaces running the Spanning Tree Protocol (STP).
Format
display stp [ instance instance-id ] abnormal-interface
Parameters

instance Displays the status and statistics of a The value is an integer in
instance-id specified spanning tree instance. the range 0 to 4094. The
value 0 indicates a
If instance instance-id is not common and internal
specified, the status and statistics of spanning tree (CIST)
all spanning tree instances will be instance.
displayed in the sequence of the
interface numbers.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
If a device has many interfaces and the display stp command output displays vast
information, viewing information about abnormal interfaces running STP is
difficult.
You can use the display stp abnormal-interface command to view information
about abnormal interfaces running STP.
Example
# Display information about abnormal interfaces in process 0 running STP
<HUAWEI> display stp instance 0 abnormal-interface
MSTID Interface Status Reason
0 GigabitEthernet0/0/1 DISCARDING LOOP-Protected

Table 7-22 Description of the display stp abnormal-interface command output
Item Description
MSTID MSTP instance ID
Interface Interface type
Status Status of an interface after the STP protection takes

effect
● DOWN: indicates that the physical status of the
interface is Down (including error-down).
● DISCARDING: indicates the blocked interface after
the topology of the spanning tree becomes stable.
Reason An interface running STP becomes abnormal due to

one of the following:
● Root-Protected: indicates that the root protection
takes effect.
● Loop-Protected: indicates that the loop protection
takes effect.
● BPDU-Protected: indicates that the BPDU
protection takes effect.
● Loop-Detected: indicates that the loop detection
takes effect.
7.4.5 display stp active
Function
The display stp active command displays the status of and statistics on spanning
trees of all Up interfaces.
Format
display stp active
Parameters
None
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
The display stp active command displays information about spanning trees of Up
interfaces only.
Example
# Display information about spanning trees of all Up interfaces.
<HUAWEI> display stp active
CIST Bridge :32768.dcd2-fc21-5d40
CIST Root/ERPC :32768.dcd2-fc21-5d40 / 0 (This bridge is the root)
CIST RegRoot/IRPC :32768.dcd2-fc21-5d40 / 0 (This bridge is the root)
BPDU-Protection :Enabled
STP Converge Mode :Fast
Number of TC :1
----[Port1(GigabitEthernet0/0/1)][FORWARDING]----
Port Protocol :Enabled
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=20000
Designated Bridge/Port :32768.dcd2-fc21-5d40 / 128.1
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :6 packets/s
Protection Type :Root
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active=dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :1
BPDU Sent :4802
BPDU Received :0
Last forwarding time: 2005/08/07 15:07:09 UTC+08:00
Table 7-23 Description of the display stp active command output

Item Description
CIST Bridge ● The 16 leftmost bits are the switch's priority in the
CIST.
● The 48 rightmost bits are the switch's MAC address.

Item Description
Config Times Configured bridge protocol parameters:

● Hello: interval at which Bridge Protocol Data Units
(BPDUs) are sent
● MaxAge: maximum TTL of a BPDU
● FwDly: delay in interface status transition
● MaxHop: maximum number of hops in the MST
region
Active Times Bridge protocol parameters that are being used:

● Hello: interval at which BPDUs are sent
region
CIST Root/ERPC CIST root bridge ID/external path cost from the switch
to the root bridge.
CIST RegRoot/IRPC ID of the CIST region root bridge/Cost of the internal

path (path from the switch to the CIST region root
switch)
CIST RootPortId CIST root port ID. "0.0" indicates that the switch is the
root switch without the root port.
BPDU-Protection Whether BPDU protection is enabled:

● Disabled: BPDU protection is disabled.
● Enabled: BPDU protection is enabled.
TC or TCN received Number of received topology change (TC) or topology

change notification (TCN) packets
TC count per hello Number of TC packets received per Hello time
STP Converge Mode Convergence mode of the Spanning Tree Protocol

(SPT), which can be fast or normal. For details, see stp
converge.
Time since last TC Time since the last topology change
Number of TC Number of topology changes

NOTE
Port Protocol STP status on the interface:

● Enabled: STP is enabled on the interface.
● Disabled: STP is disabled on the interface.

Item Description
Port Role Role of an interface. In the CIST region, the roles of

interfaces are as follows:
● Root Port
● Designated Port
● Alternate Port
● Backup Port
Port Priority Interface priority. For details, see stp port priority.
Port Cost(Dot1T) Path cost (calculated by dot1t) of an interface:

● Config: configured path cost
● Active: path cost that is being used
Designated Bridge/ Switch ID/Port ID The first 16 bits represent the

Port switch's priority in the CIST region, and the last 48 bits
represent the switch's MAC address. The first 4 bits of
the port ID represent the port's priority, and the last 12
bits represent the port number.
Port Edged Whether the edge interface (specified by the

administrator) is enabled:
● enabled: The edge interface is enabled.
● disabled: The edge interface is disabled.
Config indicates the value that is specified in the stp
edged-port command, and Active indicates the value
in use.
Point-to-point Link type of the interface. Config indicates the link

type that is specified in the stp point-to-point
command, and Active indicates the link type that is
being used.
Transit Limit Maximum number of BPDUs that the current interface

can send per second. For details, see stp transmit-
limit.
Protection Type Protection type, which can be:

● root-protection: Protection takes effect only on the
● loop-protection: Protection takes effect only on the
root interface or alternate interface.
● None: none.
Port STP Mode STP mode of the interface

Item Description
Port Protocol Type Format of packets sent and received on the interface,
which can be:
● auto
● legacy
● dot1s
The default value is auto. Config indicates the packet
format that is specified in the stp compliance
command, and Active indicates the packet format in
use.
PortTimes Bridge protocol parameters of the interface:

● RemHop: maximum number of hops in the MST
region
TC or TCN send Number of TC or TCN packets sent on the interface
TC or TCN received Number of TC or TCN packets received on the interface
BPDU Sent Statistics on sent BPDUs, including:

● TCN: TCN BPDUs
● Config: STP BPDUs
● RST: Rapid Spanning Tree Protocol (RSTP) BPDUs
● MST: MSTP BPDUs
BPDU Received Statistics on received BPDUs
Last forwarding time Time when the interface last entered the forwarding
state
7.4.6 display stp bridge

Function
The display stp bridge command displays details about the spanning tree of a
bridge.
Format
display stp bridge { root | local }

Parameters
root Displays details about the spanning tree of the root bridge. -
local Displays details about the spanning tree of the local bridge. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
When a device provides many interfaces, running the display stp command
displays a large amount of information, and it is difficult to find information about
the spanning trees of the root and local bridges.
Using the display stp bridge command, you can easily view details about the
spanning trees of the root and local bridges.
Example
# Display details about the spanning tree of the root bridge of MSTP.
<HUAWEI> display stp bridge root
MSTID Root ID Root Cost Hello Max Forward Root Port
Time Age Delay
----- -------------------- ---------- ----- --- ------- -----------------
0 0.4c1f-cc48-6514 419998 2 20 15
Table 7-24 Description of the display stp bridge command output

Item Description
MSTID MSTP instance ID
Root ID MSTP root bridge ID
Root Cost MSTP root path cost
Hello Time Interval at which Bridge Protocol Data Units (BPDUs)

are sent from the root switch
Max Age Maximum TTL of a BPDU
Forward Delay Delay in interface status transition
Root Port Root interface

7.4.7 display stp error packet

Function
The display stp error packet command displays the statistics about error packets
received by MSTP and the contents of recently received packets.
Format
display stp error packet
Parameters
None.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If a device on a Layer 2 network runs MSTP is attacked by MSTP error packets, the
display stp error packet command can be used to view recently received MSTP
error packets.
Example
# Display the statistics about error packets received by MSTP and the contents of
recently received packets.
<HUAWEI> display stp error packet
4 error-packet(s) have been recieved and the last one is recieved at 2011/05/02 12:45:31.
01 80 C2 00 00 00 38 AA D2 11 11 10 00 69 42 42
03 00 00 03 02 7C 00 00 38 AA D2 11 11 10 00 00
00 00 00 00 38 AA D2 11 11 10 80 01 00 00 14 00
02 00 0F 00 00 00 40 00 33 38 61 61 64 32 31 31
31 31 31 30 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 AC 36 17 7F 50 28
3C D4 B8 38 21 D8 AB 26 DE 62 00 00 00 00 00 00
38 AA D2 11 11 10 14
7.4.8 display stp global

Function
The display stp global command displays global Spanning Tree Protocol (STP)
information.
Format
display stp global

Parameters
None.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
When a device provides many interfaces, the display stp command output
contains a large amount of information, and it is difficult to find the desired
information quickly and view global information at a glance. The display stp brief
command output, by comparison, displays information about spanning trees on
interfaces, but not global information.
Using the display stp global command, you can view global STP information
conveniently.
Example
# Display brief STP information about MSTP.
<HUAWEI> display stp global
Protocol Status : Enabled
Bpdu-filter default : Disabled
Tc-protection : Disabled
Tc-protection threshold : 1
Tc-protection interval : 2s
Edged port default : Enabled
Pathcost-standard : Dot1t
Timer-factor :3
Transmit-limit : 10
Bridge-diameter :7
CIST Bridge :61440.781d-ba56-f06c
CIST Root/ERPC :61440.781d-ba56-f06c / 0 (This bridge is the root)
CIST RegRoot/IRPC :61440.781d-ba56-f06c / 0 (This bridge is the root)
BPDU-Protection :Disabled
STP Converge Mode :Normal
Number of TC :13

Table 7-25 Description of the display stp global command output

Item Description
Protocol Status Spanning Tree Protocol (STP) status:

● Enabled: STP is enabled.
● Disabled: STP is disabled.
Bpdu-filter default Whether the function of configuring device interfaces

as Bridge Protocol Data Unit (BPDU) filter interfaces is
enabled:
● Enabled: The function is enabled.
● Disabled: The function is disabled.
Tc-protection Topology change (TC) protection status:

● Enabled: TC protection is enabled.
● Disabled: TC protection is disabled.
Tc-protection Threshold of TC packets that the device can handle

threshold and immediately refresh forwarding entries in a given
period
Tc-protection interval Time the MSTP takes to handle a given number of TC

packets and immediately refresh forwarding entries
Edged port default Whether the function of configuring all ports of the
switch as edge ports is enabled:
● Enabled: The function is enabled.
● Disabled: The function is disabled.
Pathcost-standard Method of calculating the MSTP path cost
Timer-factor Multiplier of Hello time
Transmit-limit Maximum number of BPDUs that the current interface

can send per Hello time. For details, see stp transmit-
limit.
Bridge-diameter Network diameter of the MSTP
CIST Bridge Common and internal spanning tree (CIST) bridge ID

● The first 16 bits represent the switch's priority in the
CIST.
● The last 48 bits represent the switch's MAC address.
Config Times Configured bridge protocol parameters:

region

Item Description
Active Times Bridge protocol parameters that are being used:

region
CIST Root/ERPC CIST root switch ID/Cost of the external path (path
from the switch to the CIST root switch)
CIST RegRoot/IRPC ID of the CIST region root bridge/Cost of the internal

path (path from the switch to the CIST region root
switch)
CIST RootPortId ID of the CIST root interface. 0.0 indicates that the
switch is the root switch and does not provide any root
interface.
BPDU-Protection Whether BPDU protection is enabled:

● Disabled: BPDU protection is disabled.
● Enabled: BPDU protection is enabled.
TC or TCN received Number of received TC or topology change notification

(TCN) packets
TC count per hello Number of TC packets received per Hello time
STP Converge Mode Convergence mode of the Spanning Tree Protocol

(SPT), which can be fast or normal. For details, see stp
converge.
Time since last TC Time since the last topology change
Number of TC Number of topology changes

NOTE
7.4.9 display stp region-configuration

Function
The display stp region-configuration command displays the effective
configuration of the MST region on the switching device. The configuration
includes the region name, revision level and mapping relationship between VLANs
and spanning tree instances.

Format
display stp region-configuration [ digest ]
Parameters
digest Displays brief information about the effective MST region. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After an MST region is configured and takes effect on the network running MSTP,
you can run the display stp region-configuration command to view the name,
revision level, STP instance, and inter-VLAN mapping of the MST region.
Example
# Display the configuration of MST regions.
<HUAWEI> display stp region-configuration
Oper configuration
Format selector :0
Region name :dcd2fc9a2110
Revision level :0
Instance VLANs Mapped

0 1 to 4094
# Display brief information about the effective MST region.

<HUAWEI> display stp region-configuration digest
Oper configuration
Format selector :0
Region name :dcd2fc9a2110
Revision level :0
Digest :0xAC36177F50283CD4B83821D8AB26DE62
Table 7-26 Description of the display stp region-configuration command output
Item Description
Format selector Selection factors defined by the MSTP protocol.
Region name Name of the MST region.
Revision level Revision level of the MST region.

Item Description
Instance VLANs Mapped Mapping between the spanning tree instance and
VLANs of the MST region.
Digest Brief information about the MST region.
7.4.10 display stp tc-bpdu statistics
Function
The display stp tc-bpdu statistics command displays statistics of sent and
received topology change (TC) and topology change notification (TCN) BPDUs on
interfaces.
Format
display stp [ instance instance-id ] [ interface interface-type interface-number ]
tc-bpdu statistics
Parameters

instance Specifies the ID of an MSTP instance of which The value is an
instance-id statistics of TC and TCN BPDUs are displayed. integer that
ranges from 0 to
If the parameter instance instance-id is not
4094. The value
specified, statistics of TC and TCN BPDUs on
0 indicates a
all interfaces are displayed in the sequence of
CIST instance.
the interface numbers.
interface Specifies the interface on which statistics of -

interface-type TC and TCN BPDUs are displayed.
interface-
number If the parameter interface interface-type
interface-number is not specified, statistics of
TC and TCN BPDUs on all interfaces are
displayed in the sequence of the interface
numbers.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
If you need to know whether a fault has occurred on interfaces that send and
receive TC/TCN BPDUs, you can run this command to view statistics of these
BPDUs and locate the fault.
Example
# Display the statistics of TC/TCN BPDUs on interfaces of an MSTP instance.
<HUAWEI> display stp tc-bpdu statistics
-------------------------- STP TC/TCN information --------------------------
MSTID Port TC(Send/Receive) TCN(Send/Receive)
0 GigabitEthernet0/0/1 1/0 0/0
Table 7-27 Description of the display stp tc-bpdu statistics command output
Item Description
MSTID ID of an MSTP instance
Port Interface name
TC(Send/Receive) Statistics of send and received TC BPDUs
TCN(Send/Receive) Statistics of send and received TCN BPDUs ("-"

indicates that MSTP instances except MSTP instance 0
do not have TCN BPDUs sent and received)
7.4.11 display stp topology-change
Function
The display stp topology-change command displays the statistics about MSTP
topology changes.
Format
display stp [ instance instance-id ] topology-change
Parameters
instance Displays statistics about the topology The value is an

instance-id changes of a specified STP instance. integer ranging from
0 to 4094. Value 0
If this parameter is not specified, the refers to CIST.
statistics about the topology changes
of a CIST instance are displayed.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
On a Layer 2 network running MSTP, a device clears ARP entries and MAC entries
after receiving topology change packets. If a device receives too many topology
change packets, the device will frequently clear ARP entries and MAC entries,
causing high CPU usage. As a result, network traffic is unstable.
The display stp topology-change command can be used to display the statistics
about MSTP topology changes. If the statistics increase, network flapping occurs.
Example
# Display statistics about MSTP topology changes.
<HUAWEI> display stp topology-change
CIST topology change information
Number of topology changes :173
Time since last topology change :0 days 0h:1m:15s
Topology change initiator(notified) :GigabitEthernet0/0/1
Topology change last received from :5489-9876-b7d7
Number of generated topologychange traps : 1
Number of suppressed topologychange traps: 0
Table 7-28 Description of the display stp topology-change command output
Item Description
Number of topology Total number of topology changes since MSTP

changes initialization.
Time since last Time since the last topology change

topology change
Topology change Interface that initiates a topology change because the

initiator(notified) interface status changes to detected
Topology change last Source bridge MAC address contained in a topology

received from change packet
Number of generated Total number of generated topology-change traps.

topologychange traps
Number of suppressed Total number of suppressed topology-change traps.

topologychange traps

7.4.12 display stp vlan

Function
The display stp vlan command displays the STP status on an interface added to a
specified VLAN.
Format
display stp vlan vlan-id
Parameters
vlan-id Displays the STP status on an The value is an integer
interface added to a specified VLAN. ranging from 1 to 4094.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After an interface is added to a VLAN, the display stp vlan command can be used
to the display the STP status on the interface. In this case, the mapping between
VLANs and instances does not need to be concerned with.
Example
# Display the STP status on an interface added to a specified VLAN.
<HUAWEI> display stp vlan 1
InstanceId Port Role State
----------------------------------------------------------
0 GigabitEthernet0/0/1 DESI FORWARDING
Table 7-29 Description of the display stp vlan command output

Item Description
InstanceId. Instance ID
Port Interface
Role Interface role
State Interface status

7.4.13 instance
Function
The instance command maps a VLAN to a spanning tree instance.
The undo instance command deletes the mapping between a VLAN and a
spanning tree instance.
By default, all VLANs are mapped to CIST, that is, instance 0.
Format
instance instance-id vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
undo instance instance-id [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]
Parameters
instance-id Specifies the number The value is an integer ranging from 0 to
of a spanning tree 4094. Value 0 refers to CIST.
instance.
The value of instance-id specified in the
undo instance command cannot be 0. This
means that instance 0 cannot be deleted.
vlan vlan-id1 Specifies a start The value is an integer ranging from 1 to

VLAN ID. 4094. The start VLAN ID must be smaller
than the end VLAN ID.
to vlan-id2 Specifies an end The value is an integer that ranges from 1
VLAN ID. to 4094.
Views
MST region view
Default Level
Usage Guidelines
Usage Scenario
multiple spanning trees that are independent of each other. Each spanning tree is
called an MSTI and each region is called an MST region.
● MST region name


The instance command is used to set mappings between spanning tree instances
and VLANs.
Precautions
When using the undo instance command, note the following points:
● After the mapping between specified VLANs and a specified spanning tree
instance is deleted, these VLANs will be mapped to a CIST, namely, instance 0.
● If no VLAN is specified, all VLANs that have established mappings with the
spanning tree instance will be mapped to a CIST.
A VLAN cannot be mapped to different spanning tree instances. If the instance
command is run several times, the latest configuration overrides the previous one.
Example
# Map VLAN 2 to spanning tree instance 1.
[HUAWEI-mst-region] instance 1 vlan 2
7.4.14 max bandwidth-affected-linknumber

Function
The max bandwidth-affected-linknumber command sets the upper threshold for
the number of interfaces that determine the bandwidth of an Eth-Trunk.
The undo max bandwidth-affected-linknumber command restores the default
upper threshold for the number of interfaces that determine the bandwidth of an
Eth-Trunk.
By default, the upper threshold for the number of interfaces that determine the
bandwidth of an Eth-Trunk is 8.
Format
max bandwidth-affected-linknumber link-number
undo max bandwidth-affected-linknumber
Parameters
link-number Specifies the upper The value is an integer ranging

threshold for the number from 1 to 8.
of interfaces that
determine the bandwidth
of an Eth-Trunk.

Views
Default Level
Usage Guidelines
The upper threshold for the number of interfaces that determine the bandwidth of
an Eth-Trunk is used for STP calculation.
For example, device A and device B are connected by two Eth-Trunks. Eth-Trunk1
has three member links that are Up; the Eth-Trunk2 has two member links that
are Up. The bandwidth of each member link is 1 Gbit/s, so the bandwidth of Eth-
Trunk1 is 3 Gbit/s and the bandwidth of Eth-Trunk2 is 2 Gbit/s. If device A is the
root bridge during STP calculation, Eth-Trunk1 on device B is the root port and
Eth-Trunk2 is the alternate port. You can run this command to set the upper
threshold to 1. Then the bandwidth of Eth-Trunk1 becomes 1 Gbit/s during STP
calculation. Bandwidth decrease affects the interface cost, causing STP
recalculation. The max bandwidth-affected-linknumber command does not
affect traffic forwarding on the Eth-Trunk. The bandwidth used to forward traffic is
still 3 Gbit/s.
Example
# Set the upper threshold to 3.
[HUAWEI-Eth-Trunk1] max bandwidth-affected-linknumber 3
7.4.15 region-name
Function
The region-name command configures the MST region name of the switching
device.
The undo region-name command restores the default name.
By default, the MST region name is the MAC address of the management network
interface on the MPU of the switching device.
Format
region-name name
undo region-name

Parameters
name Specifies the region name of The value is a case-sensitive string of

the switching device. 1 to 32 characters without spaces.
Views
MST region view
Default Level
Usage Guidelines
● MST region name
The region-name command is used to configure MST region names in order to

identify different regions.
Run the active region-configuration command to activate the MST region so

that the changed configurations can take effect.
Example
# Set the MST region name of the switch to "test".
[HUAWEI-mst-region] region-name test
7.4.16 reset stp error packet statistics
Function
The reset stp error packet statistics command clears the statistics of error STP
packets.
Format
reset stp error packet statistics

Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
Applicable Scenario
You can use the reset stp error packet statistics command to clear the history
statistics when you need to observe the statistics of error STP packets in a period
from the current time.
Precautions
The reset stp error packet statistics command clears the statistics about error
STP packets are cleared and cannot be restored. Therefore, confirm the action
before you use the command.
Example
# Clear the statistics about error STP packets.
<HUAWEI> reset stp error packet statistics
7.4.17 reset stp statistics
Function
The reset stp statistics command clears the statistics of a spanning tree.
Format
reset stp [ interface interface-type interface-number ] statistics
Parameters
interface interface-type Specifies an interface type and the
-
interface-number number of the interface.
Views
User view

Default Level
3: Management level
Usage Guidelines
Sometimes, traffic statistics within a certain period is needed. In this situation,
clear the existing statistics before restarting the count.
When you run the reset stp statistics command:
● If you specify an interface, you can clear the statistics of a spanning tree on
the interface.
● If you do not specify an interface, you can clear the statistics of spanning
trees on all interfaces.
Example
# Clear the statistics of spanning trees on GE0/0/1.
<HUAWEI> reset stp interface gigabitethernet 0/0/1 statistics
7.4.18 revision-level
Function
The revision-level command configures the revision level of MST region of a
switching device.
The undo revision-level command restores the default level.
By default, the revision level of MST region is 0.
Format
revision-level level
undo revision-level
Parameters
level Specifies the revision level of the The value is an integer ranging
MST region. from 0 to 65535.
Views
MST region view
Default Level

Usage Guidelines
multiple spanning trees that are independent of each other. Each region is called
an MST region and each spanning tree is called a multiple spanning tree instance
(MSTI).
● MST region name
If two switching devices have the same region name and VLAN mapping table, the
revision-level command can be used to set different revision levels for the two
devices so that the two devices belong to different MST regions.
Run the active region-configuration command to activate the MST region so
that the changed configurations can take effect.
Example
# Set the MSTP revision level of the switching device to 5.
[HUAWEI-mst-region] revision-level 5
7.4.19 stp bpdu-filter

Function
The stp bpdu-filter enable command specifies a port as a BPDU-filter port.
The stp bpdu-filter disable command specifies a port as a non-BPDU-filter port.
The undo stp bpdu-filter command restores the default attribute of a BPDU-filter
port.
By default, a port is a non-BPDU-filter port.
Format
stp bpdu-filter { enable | disable }
undo stp bpdu-filter
Parameters
None
Views
view

Default Level
Usage Guidelines
Usage Scenario
On a network running a spanning tree protocol, if the stp edged-port enable
command is used to configure a port as an edge port, the port will not participate
in the spanning tree calculation. This speeds up network convergence and
improves network stability. This port, however, will still send BPDUs. This may
cause BPDUs to be sent to other networks. As a result, these networks flap.
The stp bpdu-filter enable command can be used on the port to address this
problem. After the stp bpdu-filter enable command is used on the port, the port
will become a BPDU-filter port, and will not process BPDUs.
CAUTION
If the stp bpdu-filter enable command is run on a port, the port will not transmit
or process BPDUs. The port cannot negotiate the STP status with the directly
connected port on the remote device. Therefore, exercise cautions when using the
stp bpdu-filter enable command. Running the stp bpdu-filter enable command
only on edge ports is recommended.
Running the stp bpdu-filter enable command in the interface view configures
only the current port as a BPDU-filter port. If multiple BPDU-filter ports are
required on a device, the stp bpdu-filter default command can be used in the
system view to configure all the ports as BPDU-filter ports. If some ports need to
participate in spanning tree calculation but do not need to be configured as
BPDU-filter ports, the stp bpdu-filter disable command can be used in the view
of these ports to configure them as non-BPDU-filter ports. Similarly, if the stp
bpdu-filter disable command has been run on a port, the non-BPDU filter port
attributes of the port will not change after the stp bpdu-filter default command
is run.
Precautions
After the stp bpdu-filter disable command is run on a port, the port becomes a
non-BPDU-filter port. The port is still a non-BPDU-filter port even if the stp bpdu-
filter default command is run in the system view. After the undo stp bpdu-filter
command is run on the port, the BPDU-filter attributes of the port restore to the
default ones.
Example
# On a network edge device, specify GE0/0/1 as a non-BPDU-filter port.
[HUAWEI-GigabitEthernet0/0/1] stp bpdu-filter disable
# On a network edge device, specify GE0/0/1 as a BPDU-filter port.


[HUAWEI-GigabitEthernet0/0/1] stp bpdu-filter enable
7.4.20 stp bpdu-filter default

Function
The stp bpdu-filter default command specifies all ports of a device as BPDU-filter
ports.
The undo stp bpdu-filter default command specifies all ports of a device as non-
BPDU-filter ports.
By default, a port is a non-BPDU-filter port.
Format
stp bpdu-filter default
undo stp bpdu-filter default
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a network running a spanning tree protocol, if the stp edged-port enable
command is used to configure a port as an edge port, the port will not participate
in the spanning tree calculation. This speeds up network convergence and
improves network stability. This port, however, will still send BPDUs. This may
cause BPDUs to be sent to other networks. As a result, these networks flap.
The stp bpdu-filter enable command can be used on the port to address this
problem. After the stp bpdu-filter enable command is used on the port, the port
will become a BPDU-filter port, and will not process BPDUs.
Running the stp bpdu-filter enable command in the interface view configures
only the current port as a BPDU-filter port. If multiple BPDU-filter ports are
required on a device, the stp bpdu-filter default command can be used in the
system view to configure all ports as BPDU-filter ports. Then run the stp bpdu-
filter disable command in the interface view to change the interfaces that need
not to be configured as BPDU filter interfaces into non-BPDU filter interfaces.
Precautions
After the stp bpdu-filter default command is run, a port that has been
configured with the undo stp bpdu-filter command will become a BPDU-filter

port. After the stp bpdu-filter disable command is run, the port that has been
configured with the undo stp bpdu-filter command, however, will still serve as a
non-BPDU-filter port.
CAUTION
After the stp bpdu-filter default and stp edged-port default commands are run
in the system view, none of the ports on the device will initiate any BPDUs or
initiate a negotiation with the remote device, and all the ports are in the
forwarding state. This may lead to a loop and cause a broadcast storm. Exercise
cautions when using the stp bpdu-filter default and stp edged-port default
commands in the system view.
Example
# On a network edge device, specify all ports as BPDU-filter ports.
[HUAWEI] stp bpdu-filter default
7.4.21 stp bpdu-protection

Function
The stp bpdu-protection command enables BPDU protection on a switching
device.
The undo stp bpdu-protection command disables BPDU protection on a
switching device.
By default, the BPDU protection is disabled.
Format
stp bpdu-protection
undo stp bpdu-protection
Parameters
None.
Views
System view
Default Level
Usage Guidelines
Usage Scenario

On a Layer 2 network running a spanning tree protocol, a port connected to

terminals does not need to participate in spanning tree calculation. If the port
participates in spanning tree calculation, the network convergence speed will be
affected. In addition, status changes of the port may cause network flapping,
interrupting user traffic. To address this problem, you can run the stp edged-port
enable command to configure the port as an edge port. Then, the port will not
participate in the spanning tree calculation. This speeds up network convergence
and improves network stability.
An edge port will lose edge port attributes after receiving BPDUs. To prevent
attackers from forging BPDUs to change edge ports to non-edge ports, you can
run the stp bpdu-protection command to configure BPDU protection on a
switching device.
Example
# Enable the BPDU protection on the switching device.
[HUAWEI] stp bpdu-protection
7.4.22 stp bridge-diameter

Function
The stp bridge-diameter command configures the diameter of the spanning tree.
The undo stp bridge-diameter command restores the default diameter.
By default, the diameter of the spanning tree is 7.
Format
stp bridge-diameter diameter
undo stp bridge-diameter
Parameters
diameter Specifies the diameter. The value is an integer ranging from 2 to 7.
Views
System view
Default Level
Usage Guidelines
Usage Scenario

On a network running a spanning tree protocol, the network diameter is the

maximum number of devices between two switching devices. If the network
diameter is improperly set, network converge may slow down, affecting users'
normal communication.
The stp bridge-diameter command can be used to set a proper network diameter
based on the network scale. This helps to accelerate network convergence.
The following time parameters are related to the network scale:
● Hello Time
● Forward Delay
● Max Age
Precautions
After the stp bridge-diameter command is used on a switching device, the
switching device will automatically set proper values for Hello Time, Forward
Delay, and Max Age based on the configured network diameter.
On an MSTP network, the network diameter configured using the stp bridge-
diameter command is valid only for CISTs.
Example
# Set the network diameter to 5.
[HUAWEI] stp bridge-diameter 5
7.4.23 stp compliance

Function
The stp compliance command configures the format for the MSTP packets that
are received and sent on the device.
The undo stp compliance command restores the default format for the MSTP
packets that are received and sent on the device.
By default, the MSTP packet format is auto.
Format
stp compliance { auto | dot1s | legacy }
undo stp compliance
Parameters
auto Indicates that the protocol format is self-adaptive. -
dot1s Indicates that the format is standard IEEE 802.1s. -

legacy Indicates the private packet format. -
Views
view
Default Level
Usage Guidelines
Usage Scenario
MSTP protocol packets have two formats: dot1s (IEEE 802.1s standard packets)
and legacy (proprietary protocol packets). The stp compliance command can be
used on a device to set an MSTP packet format based on the format of the MSTP
packet received from a remote device so that this device can better communicate
with the remote device.
The auto mode is set to allow a port to automatically switch to the MSTP protocol
packet format used by the remote end based on the MSTP protocol packet format
received from the remote end. This enables the two interfaces to use the same
MSTP protocol packet format.
Precautions
If you configure different packet formats on the same interface in the system view
and the interface view, the latest configuration overrides the previous one.
Example
# Set the format of the MSTP packets to the standard format of the interface.
[HUAWEI-GigabitEthernet0/0/1] stp compliance dot1s
# Restore the self-adaptive format of the MSTP packets that are received and sent
by the switching device.
[HUAWEI-GigabitEthernet0/0/1] undo stp compliance
7.4.24 stp config-digest-snoop

Function
The stp config-digest-snoop command enables digest snooping.
The undo stp config-digest-snoop command disables digest snooping.

By default, the digest snooping is disabled.
Format
stp config-digest-snoop
undo stp config-digest-snoop
Parameters
None
Views
view
Default Level
Usage Guidelines
On an MSTP network where Huawei and non-Huawei devices are interconnected,
if the Huawei and non-Huawei devices have the same region name, revision level,
and VLAN mapping table but different BPDU keys, the stp config-digest-snoop
command can be used to enable the Huawei and non-Huawei devices to
exchange BPDUs.
Example
# Enable digest snooping on GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] stp config-digest-snoop
7.4.25 stp converge
Function
The stp converge command sets the converging mode of a spanning tree
protocol.
The undo stp converge command restores the default mode.
By default, the converging mode of the spanning tree protocol is normal.
Format
stp converge { fast | normal }
undo stp converge

Parameters
fast Indicates ARP entries that will be directly deleted. -
normal Indicates ARP entries that will age quickly. -
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a Layer 2 network running a spanning tree protocol, if the topology of a

spanning tree instance changes, the forwarding paths of VLANs that are mapped
to this instance change. As a result, ARP entries related to these VLANs need to be
updated. Based on methods for processing ARP entries, the converging modes of a
spanning tree protocol are classified into fast and normal:
● In fast mode, entries that need to be updated in an ARP table are directly
deleted.
● In normal mode, entries that need to be updated in an ARP table quickly age.
A switching device sets the EXPIRE time of these ARP entries to 0 in order to
age them. If the number of detection times for aging out ARP entries is
greater than 0, the switching device detects these ARP entries before deleting
them.
The stp converge command can be used to set a converging mode based on the
method for processing ARP entries.
Precautions
If the stp converge fast command is run on a switching device and the topology
of a spanning tree instance changes, the switching device will directly delete the
ARP entries that need to be updated in the ARP table.
If the stp converge normal command is run on a switching device and the
topology of a spanning tree instance changes, the switching device will age the
ARP entries that need to be updated in the ARP table.
Setting the converging mode of a spanning tree protocol to normal is

recommended. If the fast mode is used, frequent ARP entry deletion will affect
services and even may cause the CPU usage of the device to reach 100%. As a
result, packet processing will time out, causing network flapping.

Example
# Set the converging mode of the spanning tree protocol on the Ethernet switch
as normal.
[HUAWEI] stp converge normal
7.4.26 stp cost
Function
The stp cost command sets the path cost of a port in a spanning tree.
The undo stp cost command restores the default path cost.
By default, the path cost of a port in a spanning tree is the path cost
corresponding to the port rate.
Format
stp [ instance instance-id ] cost cost
undo stp [ instance instance-id ] cost
Parameters
instance Specifies the number of a The value is an integer ranging

instance-id spanning tree instance. from 0 to 4094. Value 0 refers to
CIST.
If instance instance-id is
not specified, it indicates
the path cost of an
interface in CIST.
cost Specifies the path cost of According to different calculation

an interface. standards, the value ranges are as
follows:
● Huawei legacy standard: 1 to
200,000
● IEEE 802.1d-1998 standard: 1 to
65535
● IEEE 802.1t standard: 1 to
200,000,000
Views
view

Default Level
Usage Guidelines
Usage Scenario
The path cost of a port is an important basis for calculating a spanning tree. Path
costs determine root port selection. In a spanning tree, the port with the lowest
path cost to the root bridge is selected as a root port.
If different path costs are set for a port on an MSTP device in different spanning
tree instances, traffic of different VLANs will be forwarded along different physical
links and VLAN-based load balancing can be carried out.
Path costs depend on path cost calculation standards. After the path cost
calculation standard is determined, set a relatively small path cost within a
specified range for a port that has a high link rate. In the Huawei legacy standard,
default path costs for ports with different link rates are different, as shown in the
following table.
Table 7-30 Mappings between link rates and path costs

Link Rate Recommended Recommended Value Range
Value Value Range
Default, Value
10 Mbit/s 2000 200-20000 1-200,000
100 Mbit/s 200 20-2000 1-200,000
1 Gbit/s 20 2-200 1-200,000
10 Gbit/s 2 2-20 1-200,000
Over 10 Gbit/s 1 1-2 1-200,000
Prerequisites
A path cost calculation standard has been set using the stp pathcost-standard
command.
Precautions
If the path cost of a port, the spanning tree where the port resides needs to be
recalculated.
If the stp pathcost-standard command is used to change the path cost
calculation standard, the path cost set using the stp cost command for a port will
be restored to the default value.
Example
# Set the path cost of GE0/0/1 in spanning tree instance 2 to 200.

[HUAWEI-GigabitEthernet0/0/1] stp instance 2 cost 200
7.4.27 stp edged-port

Function
The stp edged-port enable command sets the current port as an edge port.
The stp edged-port disable command sets the current port as a non-edge port.
The undo stp edged-port command restores the default attribute of an edge
port.
By default, all the ports on the switching device are non-edge ports.
Format
stp edged-port { enable | disable }
undo stp edged-port
Parameters
enable Sets the current port as an edge port. -
disable Sets the current port as a non-edge port. -
Views
view
Default Level
Usage Guidelines
Usage Scenario
Precautions

If a port of a switching device receives a BPDU after being configured as an edge

port, the switching device will automatically set the port as a non-edge port and
recalculate the spanning tree.
Example
# Configure GE0/0/1 as an edge port.
[HUAWEI-GigabitEthernet0/0/1] stp edged-port enable
7.4.28 stp edged-port default
Function
The stp edged-port default command configures the ports on a switching device
as edge ports.
The undo stp edged-port default command restores the default setting.
By default, the ports on a switching device are non-edge ports.
Format
stp edged-port default
undo stp edged-port default
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario


CAUTION
After the stp edged-port default command is run on a device, all ports of the
device will be become edge ports. During network topology calculation, running
the stp edged-port default command may cause a loop. Exercise caution when
using this command.
Precautions
If a port of a switching device receives a BPDU after being configured as an edge

port, the switching device will automatically set the port as a non-edge port and
recalculate the spanning tree.
To prevent attackers from forging BPDUs to change edge ports on a switching

device to non-edge ports, you can run the stp bpdu-protection command in the
system view to configure BPDU protection on the switching device. After BPDU
protection is enabled on a switching device, the switching device shuts down the
edge port if the edge port receives a BPDU. The attributes of the edge port are not
changed.
Example
# Configure all ports on an edge device as edge ports.
[HUAWEI] stp edged-port default
Warning: All ports of the device will become edge ports, this may cause a loop.
7.4.29 stp enable
Function
The stp enable command enables STP/RSTP/MSTP on a switching device or an
interface.
The undo stp enable command disables STP/RSTP/MSTP on a switching device or

an interface.
The stp disable command disables STP/RSTP/MSTP on a switching device or an

interface.
The undo stp disable command enables STP/RSTP/MSTP on a switching device or

an interface.
By default, STP/RSTP/MSTP is disabled globally and enabled on an interface.
Format
stp enable
undo stp enable
stp disable
undo stp disable

Parameters
None
Views
System view, GE interface view, Eth-Trunk interface view, XGE interface view,
Default Level
Usage Guidelines
Usage Scenario
On a complex Layer 2 network, to prevent loops or break loops, STP/RSTP/MSTP

can be configured on switching devices.
Running the stp enable command enables STP/RSTP/MSTP. The devices running
STP/RSTP/MSTP discover loops on the network by exchanging information with
each other and trim the ring topology into a loop-free tree topology by blocking a
certain interface. In this manner, replication and circular propagation of packets
are prevented on the network. In addition, the processing performance of devices
is prevented from deteriorating.
Enabling STP/RSTP/MSTP consumes system resources so that you can run the stp
disable command to disable STP/RSTP/MSTP on devices or interfaces that do not
participate in the spanning tree calculation.
After STP/RSTP/MSTP is enabled on a ring network, STP/RSTP/MSTP immediately

calculates spanning trees on the network. Configurations on a switching device,
such as, the switching device priority and port priority, will affect spanning tree
calculation. Any change of the configurations may cause network flapping.
Therefore, to ensure rapid and stable spanning tree calculation, before enabling
STP/RSTP/MSTP, perform basic configurations on the switching device and its
interfaces. For example:
● Run the stp [ instance instance-id ] priority priority command to set the
priority of the switching device in the spanning tree.
● Run the stp [ instance instance-id ] root primary command to set the
switching device as the primary root bridge of the spanning tree.
● Run the stp [ instance instance-id ] root secondary command to set the
switching device as the secondary root bridge of the spanning tree.
Other configurations are needed based on real-world situations.
Precautions
● If STP/RSTP/MSTP is enabled on an interface, the interface participates in the

spanning tree calculation and determine whether it is in the forwarding state
according to the calculation result.

● If STP/RSTP/MSTP is disabled on an interface, the interface does not

participate in the spanning tree calculation and it is always in the forwarding
state.
● STP/RSTP/MSTP must be enabled on all interfaces that participate in the
spanning tree calculation. Otherwise, a loop may occur.
● Spanning tree calculation may result in network flapping. Before network
convergence, packets cannot be correctly forwarded. In this case, if the DHCP
server is configured on a VLANIF interface, DHCP clients obtain IP addresses
slowly. To solve the problem, disable STP or configure the device interface
connected to a terminal as the edge interface.
Example
# Enable STP/RSTP/MSTP on a switching device.
[HUAWEI] stp enable
# Disable STP/RSTP/MSTP on GE0/0/1.

[HUAWEI-GigabitEthernet0/0/1] stp disable
7.4.30 stp loop-protection
Function
The stp loop-protection command enables loop protection on the current port.
The undo stp loop-protection command disables loop protection on the current
port.
By default, loop protection on ports is disabled.
Format
stp loop-protection
undo stp loop-protection
Parameters
None.
Views
view
Default Level

Usage Guidelines
Usage Scenario
On a network running a spanning tree protocol, a switching device maintains the
status of the root port and blocked port by continually receiving BPDUs from the
upstream switching device. If ports cannot receive BPDUs from the upstream
switching device due to link congestion or unidirectional link failures, the
switching device will re-select a root port. Then, the previous root port becomes a
designated port and the previous blocked port enters the Forwarding state. As a
result, loops may occur on the network.
The stp loop-protection command can be used to configure loop protection in
order to prevent this problem. If the root port or the Alternate port cannot receive
BPDUs from the upstream device for a long period of time after the loop
protection function is enabled, the root port or the Alternate port will send a
notification message to the NMS. The root port will enter the Discarding state,
and the Alternate port remains in the blocked state and no longer forwards
packets. This prevents loops on the network. The root port or Alternate port
restores the Forwarding state after receiving BPDUs.
NOTE
● An Alternate port is the backup of the root port. When the root port can normally send
and receive BPDUs, the Alternate port is in the blocked state.
● Between two interconnected switching devices in a spanning tree, the switching device
nearer to the root bridge is the upstream device of the other devices.
Precautions
Loop protection and root protection cannot be configured on the same interface
simultaneously.
Example
# Enable loop protection on the GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] stp loop-protection
7.4.31 stp max-hops

Function
The stp max-hops command sets the maximum hops of a spanning tree in an
MST region.
The undo stp max-hops command restores the default value of the maximum
hops of a spanning tree.
By default, the maximum hops in an MST region is 20.
Format
stp max-hops hop
undo stp max-hops

Parameters
hop Specifies the maximum hops. The value ranges from 1 to 40.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
Switching devices on a Layer 2 network running MSTP communicate with each

other by exchanging MST BPDUs. An MST BPDU has a field that indicates the
number of remaining hops.
● The number of remaining hops in a BPDU sent by the root switching device
equals the maximum number of hops.
● The number of remaining hops in a BPDU sent by a non-root switching device
equals the maximum number of hops minus the number of hops from the
non-root switching device to the root switching device.
● If a switching device receives a BPDU in which the number of remaining hops
is 0, the switching device will discard the BPDU.
Therefore, the maximum number of hops of a spanning tree in an MST region

determines the network scale. The stp max-hops command can be used to set the
maximum number of hops in an MST domain so that the network scale of a
spanning tree can be controlled.
Precautions
In an MST region, the maximum number of hops set on the root switching device
in a CIST or an MSTI is the maximum number of hops in the CIST or MSTI.
Example
# Set the maximum hops in the MST region to 35.
[HUAWEI] stp max-hops 35
7.4.32 stp mcheck
Function
The stp mcheck command configures a port to automatically switch from the STP
mode back to the RSTP/MSTP mode.

By default, a port does not switch from the STP mode back to the RSTP/MSTP
mode.
Format
stp mcheck
Parameters
None
Views
System view, GE interface view, Eth-Trunk interface view, XGE interface view,
Default Level
Usage Guidelines
Usage Scenario
If a port of an RSTP/MSTP switching device is directly connected to an STP

switching device, the port automatically switches to the STP mode and then sends
BPDUs. This ensures that the two switching devices properly communicate with
each other. If the STP switching device is powered off, removed, or is configured to
run RSTP/MSTP, the port on the RSTP/MSTP switching device cannot switch back
to the RSTP/MSTP mode. As a result, the RSTP/MSTP device cannot communicate
with other RSTP/MSTP switching devices.
The stp mcheck command can be used to address this problem. After this
command is run on a port, the port will automatically switch from the STP mode
back to the RSTP/MSTP mode.
Precautions
Running the stp mcheck command in the system view configures all ports on the
current switching device to automatically switch back to the RSTP/MSTP mode.
Running the stp mcheck command in the interface view configures only the
current port to automatically switch back to the RSTP/MSTP mode.
Example
# Perform MCheck on GE0/0/1 and switch it to the MSTP mode.
[HUAWEI-GigabitEthernet0/0/1] stp mcheck

7.4.33 stp mode (system view)

Function
The stp mode command sets the operation mode of the spanning tree protocol
on a switching device.
The undo stp mode command restores the default operation mode of the
spanning tree protocol.
By default, the switching device operates in MSTP mode.
Format
stp mode { mstp | rstp | stp }
undo stp mode
Parameters
mstp Indicates the MSTP mode. -
rstp Indicates the RSTP mode. -
stp Indicates the STP mode. -
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On an STP/RSTP/MSTP network, switching devices running different spanning tree

protocols cannot communicate with each other. As a result, spanning trees cannot
be properly calculated. A switching device has three operation modes: MSTP, RSTP,
and STP.
The stp mode command can be used to set a proper operation mode for a
spanning tree protocol on a switching device and enables the switching device to
identify BPDUs sent by a switching device that runs a different spanning tree
protocol during communication.
By default, all ports on a switching device operate in MSTP mode. When a

switching device finds that it is directly connected to an STP switching device, it

automatically switches the operation mode the port directly connected to the STP
switching device to STP.
● After the stp mode mstp command is run on a switching device, all ports
running MSTP on the switching device, excluding the ports directly connected
to STP switching devices, operate in MSTP mode and can send MSTP BPDUs.
The ports directly connected to STP switching devices operate in STP mode.
● After the stp mode rstp command is run on a switching device, all ports
running RSTP on the switching device, excluding the ports directly connected
to STP switching devices, operate in RSTP mode and can send RSTP BPDUs.
The ports directly connected to STP switching devices operate in STP mode.
● After the stp mode stp command is run on a switching device, all ports of the
switching device operate in STP mode and send configured BPDUs.
Precautions
● A port operating in MSTP mode can communicate with a port operating in
RSTP mode.
● The stp mode rstp command can be used to enable a switch that does not
support MSTP to communicate with an STP switch.
Example
# Set the operation mode of the switching device to the STP mode.
[HUAWEI] stp mode stp
7.4.34 stp no-agreement-check

Function
The stp no-agreement-check command configures the common fast transition
mechanism on an interface.
The undo stp no-agreement-check command restores the default fast transition
mechanism on an interface.
By default, the enhanced transition mechanism is configured on an interface.
Format
stp no-agreement-check
undo stp no-agreement-check
Parameters
None
Views
view

Default Level
Usage Guidelines
Usage Scenario
If Huawei and non-Huawei data communication devices are deployed on a
network running a spanning tree protocol, the Huawei devices and non-Huawei
devices may fail to communicate with each other, because they have different
Proposal/Agreement mechanisms. To address this problem, the stp no-
agreement-check command can be used to set a common fast transition
mechanism or an enhanced transition mechanism on a port.
● Running the stp no-agreement-check command configures a common fast
transition mechanism on a port.
● Running the undo stp no-agreement-check command configures an
enhanced fast transition mechanism on a port.
Precautions
The fast transition mechanism is also called the Proposal/Agreement mechanism.
The device currently supports the following modes:
● Enhanced mode: The current interface counts a root port when it calculates
the synchronization flag bit.
a. An upstream device sends a Proposal message to a downstream device
requesting fast status transition. After receiving the message, the
downstream device sets the port connected to the upstream device as the
root port and blocks all non-edge ports.
b. The upstream device then sends an Agreement message to the
downstream device. After the downstream device receives the message,
the root port transitions to the Forwarding state.
c. The downstream device then responds with an Agreement message. After
receiving the message, the upstream device sets the port connected to
the downstream device as the designated port, and then the status of the
designated port changes to Forwarding.
● Common mode: The current interface ignores the root port when it calculates
the synchronization flag bit.
a. An upstream device sends a Proposal message to a downstream device
requesting fast transition. After receiving the message, the downstream
device sets the port connected to the upstream device as the root port
and blocks all non-edge ports. Then, the status of the root port changes
to Forwarding.
b. The downstream device then responds with an Agreement message. After
receiving the message, the upstream device sets the port connected to
the downstream device as the designated port, and then the status of the
designated port changes to Forwarding.
NOTE
Between two interconnected switching devices in a spanning tree, the switching device
nearer to the root bridge is the upstream device of the other devices.

Example
# Configure the common fast transition mechanism for the GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] stp no-agreement-check
7.4.35 stp pathcost-standard

Function
The stp pathcost-standard command sets the standard used to calculate the path
cost.
The undo stp pathcost-standard command restores the default standard used to
calculate the path cost.
By default, the IEEE 802.1T is used to calculate the path cost.
Format
stp pathcost-standard { dot1d-1998 | dot1t | legacy }
undo stp pathcost-standard
Parameters
dot1d-1998 Indicates IEEE 802.1D standard that used to calculate the -

path cost.
dot1t Indicates IEEE 802.1T standard that used to calculate the -

path cost.
legacy Indicates Huawei legacy standard that used to calculate the -

path cost.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
A path cost is a port parameter, and is used by a spanning tree protocol to select a
link. By calculating path costs, a spanning tree protocol selects stable links, blocks
redundant paths, and trims a network into a loop-free network. The path cost
range is determined by the path cost calculation standard.

Table 7-31 lists path costs defined by the IEEE 802.1D-1998 standard, IEEE 802.1T
standard, and Huawei legacy standard. Different vendors use different standards.
Table 7-31 Path cost list

Interface Interface Recommended STP Path Cost
Rate Mode
IEEE IEEE 802.1T Huawei Legacy
802.1D-1998 Standard Standard
Standard
0 - 65535 200,000,000 200,000
10 Mbps Half-Duplex 100 2,000,000 2000
Full-Duplex 99 1,999,999 1999
Aggregated 95 1,000,000 1800

Link 2 Ports
Aggregated 95 666,666 1600

Link 3 Ports
Aggregated 95 500,000 1400

Link 4 Ports
100 Mbps Half-Duplex 19 200,000 200
Full-Duplex 18 199,999 199
Aggregated 15 100,000 180

Link 2 Ports

Link 3 Ports

Link 4 Ports
1000 Full-Duplex 4 20,000 20

Mbps
Link 2 Ports
Aggregated 3 6666 16
Link 3 Ports
Aggregated 3 5000 14
Link 4 Ports
10 Gbps Full-Duplex 2 2000 2
Aggregated 1 1000 1
Link 2 Ports
Aggregated 1 666 1
Link 3 Ports

Interface Interface Recommended STP Path Cost

Rate Mode
IEEE IEEE 802.1T Huawei Legacy
802.1D-1998 Standard Standard
Standard
Aggregated 1 500 1
Link 4 Ports
Precautions
If the path cost calculation standard is changed on a port, the path cost of the
port is restored to the default value. The stp cost command can be used to set a
path cost for a port.
Usually, all switching devices on the same network use the same path cost
calculation standard.
Example
# Use the IEEE 802.1d-1998 to calculate the path cost.
[HUAWEI] stp pathcost-standard dot1d-1998
7.4.36 stp point-to-point
Function
The stp point-to-point command sets the link type of a port.
The undo stp point-to-point command restores the default link type.
By default, the link type of the ports on the switching device is auto. That is, the
spanning tree protocol detects whether a port is connected to a P2P link.
Format
stp point-to-point { auto | force-false | force-true }
undo stp point-to-point
Parameters
force-true Indicates the link type is P2P. -
force-false Indicates the link type is non-P2P. -

auto Indicates that the spanning tree protocol detects -

automatically whether the port is connected to a P2P link.
Views
view
Default Level
Usage Guidelines
Usage Scenario
On a Layer 2 network running a spanning tree protocol, if a port of a switching
device is connected to a non-P2P link, the port cannot perform fast status
transition.
If a port works in full-duplex mode, the port is connected to a P2P link, and force-
true can be set in the stp point-to-point command.
If a port works in half-duplex mode, the stp point-to-point force-true command
can be used to forcibly set the type of the link to which the port is connected to
P2P, implementing rapid network convergence.
Precautions
The stp point-to-point command configuration on a port takes effect in all
spanning tree instances where the port resides.
Example
# Set the link type of GE0/0/1 as P2P.
[HUAWEI-GigabitEthernet0/0/1] stp point-to-point force-true
7.4.37 stp port priority

Function
The stp port priority command sets the priority of a port in a spanning tree.
The undo stp port priority command restores the default priority.
By default, the priority of a port in a spanning tree is 128.
Format
stp [ instance instance-id ] port priority priority

undo stp [ instance instance-id ] port priority
Parameters
instance Specifies the spanning tree The value is an integer ranging

instance-id instance. from 0 to 4094. Value 0 refers to
CIST.
specified, the statistics about
the topology changes of a
CIST are displayed.
priority Specifies the priority of a The priority ranks from 0 to 240

port. in descending order. The value is
an integer multiple of 16, such
as, 0, 16, and 32.
Views
view
Default Level
Usage Guidelines
Usage Scenario
When ports participate in spanning tree calculation, the PIDs of these ports on
switching devices may affect the designated port election result. During spanning
tree calculation, the port with the smallest PID is elected as the designated port.
NOTE
A PID is the ID of a port, and consists of a 4-bit priority and a 12-bit port number.
The stp port priority command can be used to change the priority of a port. This
affects the PID of the port and determines whether the port can be elected as the
designated port.
Precautions
When the priority of a port changes, a spanning tree protocol recalculates the role
of the port and performs status transition for the port.
The priority of a port determines the role of the port in a specified spanning tree
instance. You can set different priorities for a port in different spanning tree
instances so that user traffic can be forwarded along different links and traffic
load balancing can be implemented.

Example
# Set the priority of GE0/0/1 to 16 in the spanning tree instance 2.
[HUAWEI-GigabitEthernet0/0/1] stp instance 2 port priority 16
7.4.38 stp priority
Function
The stp priority command sets the priority of the switching device in a spanning
tree.
The undo stp priority command restores the default priority.
By default, the priority of the switching device in a spanning tree is 32768.
Format
stp [ instance instance-id ] priority priority
undo stp [ instance instance-id ] priority
Parameters
instance Specifies the ID of a spanning tree The value is an integer

instance-id instance. ranging from 0 to 4094.
Value 0 refers to CIST.
If the parameter instance instance-
id is not specified, the configuration
takes effect on a CIST instance.
priority Specifies the priority of the The priority ranks from 0

switching device in a spanning tree. to 61440. The value is an
integer multiple of 4096,
The smaller the value is, the higher such as 0, 4096 and 8192.
the switch priority is. The default is 32768.
Views
System view
Default Level
Usage Guidelines
Usage Scenario

Priorities of switching devices are an important factor to calculate a spanning tree

and determine the selection of the root bridge.
On an STP/RSTP/MSTP network, each spanning tree has only one root bridge,
which is responsible for sending BPDUs. Owning to the importance of the root
bridge, the switching device with high performance and network hierarchy is
generally chosen as the root bridge. The priority of such a switching device,
however, may not be that high. Therefore, setting a high priority for the switching
device is necessary so that the device can function as a root bridge.
Other devices with low performance and network hierarchy are not fit to be a root
bridge. Therefore, set low priorities for these devices.
On an MSTP network, each switching device can be set with a distinct priority in
each spanning tree instance.
Precautions
The smaller the priority value of a switching device is, the higher the possibility
that the switching device is selected as the root bridge.
If a switching device has been configured as the primary or secondary root bridge,
before changing the priority of the switching device, run the undo stp [ instance
instance-id ] root command to disable the root bridge or secondary root bridge
function.
If the stp root primary command is run to set a switching device as the primary
root bridge, the priority value of the switching device is 0.
If the stp root secondary command is run to set a switching device as the
secondary root bridge, the priority value of the switching device is 4096.
Example
# Set the priority of the switching device in spanning tree instance 1 to 4096.
[HUAWEI] stp instance 1 priority 4096
7.4.39 stp region-configuration

Function
The stp region-configuration command displays the MST region view.
The undo stp region-configuration command restores the default configuration
of the MST region.
The default parameters of the MST regions are as follows:
● MST region name: MAC address of the main processing unit of the switching
device.
● MSTP revision level 0.
● VLAN mapping table: all VLANs are mapped to CIST.
Format
stp region-configuration

undo stp region-configuration
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
multiple spanning trees and these spanning trees are independent of each other.
Each spanning tree is called a multiple spanning tree instance (MSTI) and each
region is called a multiple spanning tree (MST) region.
Two switching devices belong to the same MST region if they have the following
parameters the same:
● MST region name
● Mappings between VLANs and MSTIs
● Revision level of the MST region
If the preceding parameters need to be set for the current switching device, run
the stp region-configuration command to enter the MST region view first.
Follow-up Procedure
After the stp region-configuration command is run to enter the MST region view,
run the following commands:
● Run the region-name command to set the MST region name.
● Run the instance or the vlan-mapping modulo command to set the
mappings between VLANs and MSTIs.
● Run the revision-level name command to set the revision level of the MST
region.
Example
# Enter the MST region view.
[HUAWEI-mst-region]

7.4.40 stp root

Function
The stp root command configures a switching device as a root bridge or
secondary root bridge of a spanning tree.
The undo stp root command cancels the configuration.
By default, a switching device does not function as the root bridge or secondary
root bridge of a spanning tree.
Format
stp [ instance instance-id ] root { primary | secondary }
undo stp [ instance instance-id ] root
Parameters
instance Specifies the ID of a spanning tree The value is an

instance-id instance. integer ranging
from 0 to 4094.
If the parameter instance instance-id is not
Value 0 refers to
specified, the configuration takes effect on
CIST.
a CIST instance.
primary Indicates that the switching device -

functions as the root bridge of a spanning
tree.
secondary Indicates that the switching device -

functions as the secondary root bridge of a
spanning tree.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On an STP/RSTP/MSTP network, each spanning tree has only one root bridge,
which is responsible for sending BPDUs. Owning to the importance of the root
bridge, the switching device with high performance and network hierarchy is

generally chosen as a root bridge. The priority of such a device, however, may be
not that high. Therefore, setting a high priority for the switching device is
necessary so that the device can function as a root bridge.
To ensure nonstop traffic transmission, run the stp root command to configure
the switching device as the secondary root bridge. When the root bridge is faulty
or is powered off, the secondary root bridge becomes the root bridge during
spanning tree calculation.
NOTE
After the stp root primary command is run to set a switching device to be the primary root
bridge, the priority value of the switching device is 0 in the spanning tree and the priority
cannot be modified.
The secondary root bridge specified using the stp root secondary command has the
priority value of 4096 and the priority cannot be modified.
Precautions
A spanning tree has only one root bridge.
A switching device in a spanning tree cannot function both as the primary root
bridge and as the secondary root bridge.
If multiple secondary root bridges are set in a spanning tree, the one with the
smallest MAC address functions as the secondary root bridge of the spanning tree.
Example
# Set the switching device as the root bridge of spanning tree instance 1.
[HUAWEI] stp instance 1 root primary
# Set the switching device as the secondary root bridge of spanning tree instance
4.
[HUAWEI] stp instance 4 root secondary
7.4.41 stp root-protection
Function
The stp root-protection command enables root protection at the current port.
The undo stp root-protection command restores the default setting of root
protection.
By default, root protection is disabled at all ports.
Format
stp root-protection
undo stp root-protection

Parameters
None
Views
view
Default Level
Usage Guidelines
Usage Scenario
Owning to incorrect configurations or malicious attacks on the network, a root

bridge may receive BPDUs with a higher priority. Consequently, the root bridge is
no longer able to serve as the root bridge, and the network topology is changed,
triggering a spanning tree recalculation. This spanning tree recalculation may
transfer traffic from high-speed links to low-speed links, causing traffic congestion.
If a designated port is enabled with the root protection function, the port role
cannot be changed. Once a designated port that is enabled with root protection
receives BPDUs with a higher priority, the port enters the Discarding state and
does not forward packets. If the port does not receive any BPDUs with a higher
priority before a period (generally two Forward Delay periods) expires, the port
automatically enters the Forwarding state.
NOTE
You can run the stp timer forward-delay command to set the Forward Delay period.
Precautions
The root protection function takes effect only on a designated port. In addition,
configuring the root protection function on a port that functions as the designated
port in all instances is recommended.
If the stp root-protection command is run on other types of ports, the root
protection function does not take effect.
Loop protection and root protection cannot be configured on the same interface
simultaneously.
Example
# Enable the root protection function on GE0/0/1.
[HUAWEI-GigabitEthernet0/0/1] stp root-protection

7.4.42 stp tc-protection

Function
The stp tc-protection command enables TC BPDU protection.
The undo stp tc-protection command disables TC BPDU protection.
By default, TC BPDU protection is disabled.
Format
stp tc-protection
undo stp tc-protection
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a Layer 2 network where MSTP is run, a switching device that receives TC
BPDUs will delete the corresponding MAC entries and ARP entries. Frequent
deletion operations will greatly affect the CPU, leading to a high CPU usage. In
this case, you can run the stp tc-protection command to enable the TC BPDU
attack defense function.
After the stp tc-protection command is run to enable the TC BPDU attack
defense function, the number of times that TC BPDUs are processed by the
switching device within a unit time is configurable (the default unit time is 2s, and
the default number of times is 1). If the number of TC BPDUs that the switching
device receives within a unit time exceeds the specified threshold, the switching
device handles TC BPDUs only for the specified number of times. Additional TC
BPDUs are processed by the switching device as a whole for once after the timer
(that is, the specified time period) expires. In this manner, the switching device is
prevented from frequently deleting its MAC entries and ARP entries so that the
CPU is protected against overburden.
NOTE
The value of the unit time is consistent with the MSTP Hello time and can be set using the
stp timer hello command.
Follow-up Procedure

After the stp tc-protection command is run, run the stp tc-protection threshold
command to set the number of times that TC BPDUs are processed by the
switching device within a unit time.
Example
# Enable the TC BPDU protection function.
[HUAWEI] stp tc-protection
7.4.43 stp tc-protection interval

Function
The stp tc-protection interval command sets the time for a device to process the
maximum number of TC BPDUs.
The undo stp tc-protection interval command restores the default value.
By default, the time is the Hello timer length.
Format
stp tc-protection interval interval-value
undo stp tc-protection interval
Parameters
interval-value Specifies the time for a device to The value is an integer

process the maximum number of ranging from 1 to 600, in
TC BPDUs. seconds.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a Layer 2 network running a spanning tree protocol, a device deletes MAC
address entries and ARP entries after receiving TC packets. Frequent entry deletion
may cause high CPU usage.
After you have run the stp tc-protection command to enable TC protection, you
can configure the time, which the device takes to handle a given number of TC

packets and immediately refresh forwarding entries, by running the stp tc-
protection interval command. Within the time specified by interval-value, the
device handles a given number of TC packets. Excess TC packets are processed by
the device at once after the timer (whose length is the configured time) expires.
This mechanism ensures that the device does not frequently delete its MAC entries
and ARP entries, and therefore does not have excessive CPU usage.
NOTE
You can specify the maximum number of TC packets that the device processes can handle
in the specified time by running the stp tc-protection threshold command.
Prerequisites
TC protection has been enabled by running the stp tc-protection command.
Example
# Configure the amount of time, which MSTP process takes to handle a given
number of TC packets and immediately refreshes forwarding entries, to 10
seconds.
[HUAWEI] stp tc-protection interval 10
7.4.44 stp tc-protection threshold

Function
The stp tc-protection threshold command sets the number of times that a device
handles received TC BPDUs and updates forwarding entries within a unit time.
The undo stp tc-protection threshold command restores the default setting.
By default, after a device receives TC BPDUs, the default number of times that the
device handles the TC BPDUs and updates forwarding entries is 1 within a unit
time.
Format
stp tc-protection threshold threshold
undo stp tc-protection threshold
Parameters
threshold Indicates the number of times that a The value is an integer

device handles the TC BPDUs and updates ranging from 1 to 255.
forwarding entries per unit of time.
Views
System view

Default Level
Usage Guidelines
Usage Scenario
On a Layer 2 network where MSTP is run, a switching device that receives TC
BPDUs will delete the corresponding MAC entries and ARP entries. Frequent
deletion operations will greatly affect the CPU, leading to a high CPU usage.
After the stp tc-protection command is run to enable the TC BPDU attack
defense function, the number of times that TC BPDUs are processed by the
switching device within a unit time is configurable (the default unit time is 2s, and
the default number of times is 1). If the number of TC BPDUs that the switching
device receives within a unit time exceeds the specified threshold, the switching
device handles TC BPDUs only for the specified number of times. Additional TC
BPDUs are processed by the switching device as a whole for once after the timer
(that is, the specified time period) expires. In this manner, the switching device is
prevented from frequently deleting its MAC entries and ARP entries so that the
CPU is protected against overburden.
NOTE
The value of the unit time is consistent with the Hello time and can be set using the stp
timer hello command.
Prerequisites
Before running the stp tc-protection threshold command, ensure that the stp tc-
protection command is run to enable the TC BPDU attack defense function.
Example
# Set the threshold update forwarding entries to 5.
[HUAWEI] stp tc-protection threshold 5
7.4.45 stp timer forward-delay

Function
The stp timer forward-delay command sets the value of the Forward Delay of a
switching device.
The undo stp timer forward-delay command restores the default value of the
Forward Delay.
By default, the value of the Forward Delay of a switching device is 1500
centiseconds.
Format
stp timer forward-delay forward-delay
undo stp timer forward-delay

Parameters
forward-delay Specifies the value of the The value ranges from 400 to 3000
Forward Delay. centiseconds by a step of 100.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a network running a spanning tree algorithm, if the network topology is

changed, it takes time to advertise new BPDU configuration messages on the
network. During this period, interfaces to be blocked may not be blocked in time
and interface ever blocked may not be blocked. As a result, a temporary loop may
be formed. To prevent this problem, you can use the Forward Delay timer to set a
delay time. During the delay time, all interfaces are blocked temporarily.
The stp timer forward-delay command is used to set the Forward Delay timer.
Precautions
The value of the Forward Delay timer set on the root bridge is advertised to other
devices of the same spanning tree using BPDUs. Then it becomes the value of the
Forward Delay timer of all devices in the spanning tree.
The relationships between the Hello Time, Forward Delay, and MaxAge are as
follows. The spanning tree functions properly only if the correct relationships are
established. Otherwise, frequent network flapping occurs.
● 2 x (Forward Delay - 1.0 second) >= Max Age
● Max Age >= 2 x (Hello Time + 1.0 second)
Running the stp bridge-diameter command to set the network diameter is

recommended. After the stp bridge-diameter command is run, the switching
device sets optimum values for the three parameters, Hello Time, Forward Delay,
and Max Age.
Example
# Set the Forward Delay to 2000 centiseconds.
[HUAWEI] stp timer forward-delay 2000

7.4.46 stp timer hello
Function
The stp timer hello command sets the interval of the switching device to send
BPDUs, that is, the value of the Hello Time.
The undo stp timer hello command restores the default setting.
By default, the interval of the switch to send BPDUs is 200 centiseconds.
Format
stp timer hello hello-time
undo stp timer hello
Parameters
hello-time Specifies the interval of the The value ranges from 100 to 1000,
switch to send BPDUs. in centiseconds by a step of 100.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a network where a spanning tree protocol is enabled, a switching device

periodically sends BPDUs to other devices in the same spanning tree at the
interval of the Hello Time. Sending BPDUs periodically ensures that the spanning
tree is stable. The stp timer hello command can be used to set the BPDU sending
interval, that is, the Hello Time.
If no BPDUs are received by the switching device within the timeout period
(timeout period = Hello Time x 3 x Timer Factor), the spanning tree is calculated
again.
NOTE
In a spanning tree, the device closer to the root bridge is the upstream device of another
connected device.
Precautions

The value of the Hello Time set on the root bridge is advertised to other devices of
the same spanning tree using BPDUs. Then it becomes the value of the Hello Time
of all devices in the spanning tree.
The relationships between the Hello Time, Forward Delay, and Max Age are as
follows. The spanning tree works properly only if the relationships are correctly
and Max Age.
Example
# Set the Hello Time to 400 centiseconds.
[HUAWEI] stp timer hello 400
7.4.47 stp timer max-age

Function
The stp timer max-age command sets the Max Age of a switching device, that is,
the BPDU aging time on a port of the switching device.
The undo stp timer max-age command restores the default setting.
By default, the Max Age of a switching device is 2000 centiseconds.
Format
stp timer max-age max-age
undo stp timer max-age
Parameters
max-age Specifies the BPDU aging time The value ranges from 600 to 4000
on a port of the switch. in centiseconds with a step of 100.
Views
System view
Default Level

Usage Guidelines
Usage Scenario

checks whether the BPDUs received from an upstream switching device time out
based on the set Max Age value. If the received BPDUs time out, the switching
device ages the BPDUs and blocks the port that receives the BPDUs. Then, the
switching device sends the BPDUs with the switching device as the root bridge.
This aging mechanism effectively controls the diameter of the spanning tree. After
the stp timer max-age command is run, the Max Age value is set to control the
timeout period of received BPDUs.
NOTE
connected device.
Precautions
The value of the Max Age set on the root bridge is advertised to other devices of
the same spanning tree using BPDUs. Then it becomes the MaxAge value of all
devices in the spanning tree.
The timer MaxAge value takes effect for only the CIST and does not take effect for
MSTIs.
The relationships between the Hello Time, Forward Delay, and Max Age are as
follows. The spanning tree functions properly only if the relationships are correctly

and Max Age.
Example
# Set the Max Age to 1000 centiseconds.
[HUAWEI] stp timer max-age 1000
7.4.48 stp timer-factor
Function
The stp timer-factor command sets the timer factor of the timeout period of a
switching device to the Hello Time.
The undo stp timer-factor command restores the default setting.
By default, the timer factor is 3.

NOTE
If a switching device does not receive BPDUs from an upstream device within the timeout
period (timeout period = Hello Time × 3 × Timer Factor), the spanning tree is calculated
again.
Format
stp timer-factor factor
undo stp timer-factor
Parameters
factor Specifies the timer factor. The value ranges from 1 to 10.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a network where a spanning tree protocol is enabled, if a switching device
does not receive BPDUs from an upstream device within the timeout period, it
considers that the upstream device becomes faulty, and will recalculate the
spanning tree.
Sometimes, however, the failure of the upstream device to send BPDUs within the
timeout period is only because it is busy processing services. In this case, the
spanning tree cannot be calculated. Therefore, you can set a long timeout period
on a stable network to avoid the waste of network resources.
NOTE
connected device.
Precautions
If the parameter factor is set smaller, the timeout period of the switching device to
re-calculate the spanning tree is shorter. In this case, there is a higher probability
that the switching device incorrectly considers the upstream device as being faulty.
If the parameter factor is set larger, the timeout period of the switching device to
re-calculate the spanning tree is longer. In this case, there is a higher probability
that the traffic becomes interrupted because the upstream device has become
faulty.

Example
# Set the Time-Factor of the switching device to 6.
[HUAWEI] stp timer-factor 6
7.4.49 stp transmit-limit (interface view)

Function
The stp transmit-limit command sets the maximum number of BPDUs that the
current port can send in a specified period.
The undo stp transmit-limit command restores the default maximum BPDUs.
Format
stp transmit-limit packet-number
undo stp transmit-limit
Parameters
packet-number Specifies the maximum number of The value is an integer

BPDUs that a port can send in a that ranges from 1 to 255.
specified period.
Views
view
Default Level
Usage Guidelines
Usage Scenario
periodically sends BPDUs to other devices in the same spanning tree with the
interval of the Hello Time. Sending BPDUs periodically ensures that the spanning
tree is stable. If the number of sent BPDUs are great in a specified period,
excessive system and bandwidth resources will be consumed.
To prevent this problem from occurring, run the stp transmit-limit command to
set the maximum number of BPDUs that can be sent by an interface in a specified
period. In this manner, the BPDU sending speed is controlled, preventing excessive
use of system and bandwidth resources by MSTP when the network topology
flaps.

Precautions
After the stp transmit-limit command is configured, the maximum number of
BPDUs sent in a specified period by the interface is determined by the set value.
Example
# Set the maximum BPDUs that GE0/0/1 can send in a specified period to 5.
[HUAWEI-GigabitEthernet0/0/1] stp transmit-limit 5
7.4.50 stp transmit-limit (system view)

Function
The stp transmit-limit command configures the maximum number of Bridge
Protocol Data Units (BPDUs) that each interface of the local device can send per
second.
The undo stp transmit-limit command restores the maximum number of BPDUs,
which can be sent by each interface of the local device per second, to the default
value.
By default, each interface can send a maximum of 6 BPDUs per second.
Format
stp transmit-limit packet-number
undo stp transmit-limit
Parameters
packet-number Maximum number of BPDUs that The value is an integer

each interface of the local device can ranging from 1 to 255.
send per second
Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a network running the Spanning Tree Protocol (STP), a switch sends BPDUs to
other devices in the same spanning tree at the interval of the Hello time, to

maintain the spanning tree stability. If a number of BPDUs are sent every second,
system and bandwidth resources will be greatly consumed.
NOTE
You can configure the Hello time by using the stp timer hello command. The Hello time is
the length of the Hello timer and specifies the interval at which the switch sends BPDUs.
To prevent excessive usage of system and bandwidth resources, you can run the
stp transmit-limit command to configure the maximum number of BPDUs that
each interface of the local device can send per second. This configuration controls
the BPDU sending rate and prevents the Multiple Spanning Tree Protocol (MSTP)
from consuming too many system and bandwidth resources when topology
flapping occurs.
Precautions
After the stp transmit-limit command is executed, packet-number controls the

maximum number of BPDUs that each interface can send per second.
You can also configure the maximum number of BPDUs that a specific interface
can send per second by running the stp transmit-limit (interface view)
command in the view of this interface. The stp transmit-limit (interface view)
command configuration in the interface view takes precedence over the stp
transmit-limit command configuration in the system view. That is, if the stp
transmit-limit (interface view) command is configured in the view of an
interface, the stp transmit-limit command configuration in the system view does
not take effect for this interface.
Example
# Configure the maximum number of BPDUs that each interface of the local
device can send per second to 5.
[HUAWEI] stp transmit-limit 5
7.4.51 vlan-mapping modulo
Function
The vlan-mapping modulo command enables VLAN-to-instance mapping
assignment based on a default algorithm.
The undo vlan-mapping modulo command restores the default mapping.
By default, all VLANs are mapped to CIST, namely, spanning tree instance 0.
Format
vlan-mapping modulo modulo
undo vlan-mapping modulo

Parameters
modulo Specifies the value of a The value is an integer ranging from
module. 1 to 48.
Views
MST region view
Default Level
Usage Guidelines
Usage Scenario
● MST region name
The vlan-mapping modulo command is used to enable VLAN-to-instance

mapping assignment based on a default algorithm.
NOTE
In the command, vlan-mapping modulo indicates that the formula (VLAN ID-1)%modulo
+1 is used. In the formula, (VLAN ID-1)%modulo means the remainder of (VLAN ID-1)
divided by the value of modulo. This formula is used to map a VLAN to the corresponding
MSTI. The calculation result of the formula is ID of the mapping MSTI. For example, if the
modulus is 16, the switch maps VLAN 1 to MSTI 1, VLAN 2 to MSTI 2 VLAN 16 to MSTI 16,
VLAN 17 to MSTI 1, and so on.
Precautions
The instance instance-id vlan { vlan-id [ to vlan-id ] }&<1-10> command is

recommended because VLAN-to-instance mapping assignments cannot meet
actual mapping requirements.
Example
# Map all VLANs to spanning tree instances modulo 16.
[HUAWEI-mst-region] vlan-mapping modulo 16

7.5 IPv4 Configuration Commands
7.5.1 ip address
Function
The ip address command configures an IP address for an interface.
The undo ip address command deletes an IP address from an interface.
By default, no IP address is configured for an interface.
Format
ip address ip-address { mask | mask-length } [ sub ]
undo ip address [ ip-address { mask | mask-length } [ sub ] ]
Parameters
ip-address { mask | Specifies the IP address ● The value of ip-

mask-length } of an interface. address is in dotted
● ip-address specifies decimal notation.
the IP address. ● The value of mask is
● mask specifies the in dotted decimal
mask of the IP notation.
address. ● The value of mask-
● mask-length specifies length is an integer
the mask length of IP that ranges from 0 to
address. 32.
sub Configures a secondary -

IP address for an
interface.
Views
VLANIF interface view, loopback interface view
Default Level
Usage Guidelines
Usage Scenario

The ip address command configures IP addresses for interfaces on the wireless

access point so that the wireless access point can communicate with different
network segments. To connect an interface to multiple network segments,
configure multiple IP addresses for the interface. Among these IP addresses, one is
the primary IP address and the others are secondary IP addresses. If you configure
a new primary IP address for the interface, the new IP address overrides the
original one.
● The undo ip address command deletes all IP addresses from an interface.

● The undo ip address ip-address { mask | mask-length } command deletes the
primary IP address of an interface.
● The undo ip address ip-address { mask | mask-length } sub command deletes
a secondary IP address.
Precautions
You must delete all secondary IP addresses before deleting the primary IP address.
Example
# Configure a primary IP address 192.168.0.1 and a secondary IP address
10.38.160.1 for VLANIF100, with subnet mask 255.255.255.0.
[HUAWEI-Vlanif100] ip address 192.168.0.1 255.255.255.0
[HUAWEI-Vlanif100] ip address 10.38.160.1 255.255.255.0 sub
7.6 ARP Configuration Commands
7.6.1 arp detect-mode unicast
Function
The arp detect-mode unicast command configures an interface to send ARP
aging probe packets in unicast mode.
The undo arp detect-mode unicast command restores the default configuration
of detection modes on an interface.
By default, an interface broadcasts ARP aging probe packets.
Format
arp detect-mode unicast
undo arp detect-mode unicast
Parameters
None

Views
Default Level
Usage Guidelines
Usage Scenario
Before an ARP entry is aged, the interface periodically sends ARP aging probe
packets at a set interval to update ARP entries. The device deletes an ARP entry if
it does not receive a reply after a specified number of probes. The aging probe
packet can be a unicast or broadcast packet.
When a non-Huawei device connected to a Huawei wireless access point receives
an ARP aging probe packet whose destination MAC address is a broadcast address,
the non-Huawei device checks the ARP table. If the mapping between the IP
address and the MAC address of the Huawei wireless access point exists in the
ARP table, the non-Huawei device discards the ARP aging probe packet. Then the
Huawei wireless access point cannot receive a response and deletes the
corresponding ARP entry. As a result, traffic from the non-Huawei device cannot
be forwarded. Therefore, when a non-Huawei device is connected to a Huawei
wireless access point, configure the Huawei switch to unicast ARP aging probe
packets. The non-Huawei device needs to respond to the ARP aging probe packet.
Precautions
If the IP address of the peer device remains the same but the MAC address
changes frequently, it is recommended that you configure ARP aging probe
packets to be broadcast.
When the MAC address of the peer device remains the same, and the bandwidth
of the network is insufficient, it is recommended that you set the interface to send
ARP aging probe packets in unicast mode.
Example
# Configure an interface to send ARP aging probe packets in unicast mode.
[HUAWEI-Vlanif10] arp detect-mode unicast
7.6.2 arp detect-times

Function
The arp detect-times command sets the number of ARP probes for aging
dynamic ARP entries.
The undo arp detect-times command restores the default number of ARP probes
for aging dynamic ARP entries.
By default, the number of ARP probes for aging dynamic ARP entries is 3.

Format
arp detect-times detect-times
undo arp detect-times
Parameters
detect-times Specifies the number of ARP The value is an integer ranging
probes for aging dynamic ARP from 0 to 10. The default value is
entries. 3.
Views
Default Level
Usage Guidelines
Usage Scenario
The arp detect-times command sets the number of ARP probes for aging
dynamic ARP entries to reduce address resolution errors. Before aging a dynamic
ARP entry, the system first performs probes. If no response is received after the
number of probes reaches the upper limit, the ARP entry is deleted.
Precautions
If the number of ARP probes is set to 0, the system directly deletes expired ARP
entries.
Example
# Set the number of ARP probes to 5 on VLANIF 10.
[HUAWEI-Vlanif10] arp detect-times 5
7.6.3 arp expire-time
Function
The arp expire-time command sets the aging time of dynamic ARP entries.
The undo arp expire-time command restores the default aging time of dynamic
ARP entries.
By default, the aging time of dynamic ARP entries is 1200 seconds, that is, 20
minutes.

Format
arp expire-time expire-time
undo arp expire-time
Parameters
expire-time Specifies the aging time The value is an integer ranging from 30
of dynamic ARP entries. to 62640, in seconds. The default value
is 1200 seconds, that is, 20 minutes.
Views
VLANIF interface view, GE interface view, Ethernet interface view, MultiGE
interface view, XGE interface view
Default Level
Usage Guidelines
Usage Scenario
The arp expire-time command sets the aging time of dynamic ARP entries to
reduce address resolution errors.
Precautions
After proxy ARP is enabled, the aging time of ARP entries on hosts should be
shortened so that invalid ARP entries can be deleted as soon as possible. Then IP
packet forwarding failures decrease on the router.
Example
# Set the aging time of dynamic ARP entries to 600s on VLANIF 10.
[HUAWEI-Vlanif10] arp expire-time 600
7.6.4 arp fixup

Function
The arp fixup command enables fixed ARP on a specific interface so that the
interface can convert generated dynamic ARP entries to static ARP entries.
Format
arp fixup

Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
To prevent a network attacker from sending pseudo ARP packets to modify ARP
entries on a device, run the arp fixup command on the VLANIF interface to enable
fixed ARP. Running this command converts dynamic ARP entries that are
generated on the interface to static ARP entries.
Prerequisites
ARP automatic scanning has been enabled using the arp scan command.
NOTE
ARP automatic scanning is generally used with fixed ARP. A device can use ARP automatic
scanning to generate dynamic ARP entries about all its neighbor devices. Then the device
can use fixed ARP to convert the dynamic ARP entries to static ARP entries. This process
prevents a network from attacks.
Precautions
● The number of static ARP entries converted by fixed ARP must be below the
upper limit of static ARP entries that a device can generate. If the device has a
maximum of static ARP entries, subsequent dynamic ARP entries cannot be
converted into static ones. The limit of static ARP entries may cause some
dynamic ARP entries to be fixed. In this case, the device prompts you with an
error message.
● Like configured static ARP entries, static ARP entries converted by fixed ARP
can be deleted one by one using the undo arp static command or deleted
altogether using the reset arp command.
Example
# Enable fixed ARP.
[HUAWEI-Vlanif10] arp fixup
Warning: This operation may generate configuration of static ARP, and take a lon
g time, press CTRL+C to break. Continue?[Y/N]:y
Processing...
Info: ARP fixup is completed.

7.6.5 arp ip-conflict-detect enable
Function
The arp ip-conflict-detect enable command enables the function to detect IP
address conflicts.
The undo arp ip-conflict-detect enable command disables the function to detect
IP address conflicts.
By default, the function to detect IP address conflicts is disabled.
Format
arp ip-conflict-detect enable
undo arp ip-conflict-detect enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
When an IP address conflict occurs between network devices, it causes high CPU
usage and route flapping. User services will be affected and even interrupted. To
help users better manage the address of a network device and to prevent IP
address conflicts from affecting user services, run the arp ip-conflict-detect
enable command to enable the function to detect IP address conflicts.
When receiving a non-gratuitous ARP packet, the device compares the source IP
address and the source MAC address of this ARP packet with that of the ARP entry
learned on the device. If the source IP address and the IP address in the ARP entry
are the same but the source MAC address and the MAC address in the ARP entry
are different, the client considers that an IP address conflict occurs in the network.
Example
# Enable the function to detect IP address conflicts.
[HUAWEI] arp ip-conflict-detect enable

7.6.6 arp scan

Function
The arp scan command enables ARP automatic scanning on an interface so that
the interface can send ARP Request packets to all interfaces whose IP addresses
are in the same network segment with the IP address of the interface.
Format
arp scan [ start-ip-address to end-ip-address ]
Parameters
start-ip-address Specifies a start IP address for ARP The value is in
automatic scanning. dotted decimal
notation.
The start IP address must be less than or
equal to the end IP address.
end-ip-address Specifies an end IP address for ARP The value is in

automatic scanning. dotted decimal
notation.
The end IP address must be greater than or
equal to the start IP address.
Views
Default Level
Usage Guidelines
Usage Scenario
The arp scan command enables ARP automatic scanning to allow a device rapidly
learn MAC addresses from the neighbor devices whose IP addresses are in the
same network segment and generate corresponding ARP entries.
Follow-up Procedure
Enable fixed ARP using the arp fixup command.
NOTE
ARP automatic scanning is generally used with fixed ARP. A device can use ARP automatic
scanning to generate dynamic ARP entries about all its neighbor devices. Then the device
can use fixed ARP to convert the dynamic ARP entries to static ARP entries. This process
prevents a network from attacks.

Precautions
● A start IP address and an end IP address within a specific IP address range
must be in the same network segment with the IP address of the VLANIF
interface. The IP address of the VLANIF interface can be either the primary IP
address or a configured secondary IP address. The start IP address must be
less than or equal to the end IP address.
● If no IP address range is specified, ARP automatic scanning enables a device
to scan all its neighbor devices whose IP addresses are in the same network
segment with the primary IP address of the VLANIF interface.
● If a device has already obtained a MAC address corresponding to the IP
address, ARP automatic scanning is not performed on the device.
● ARP automatic scanning consumes system resources. You are advised to
perform ARP automatic scanning when system resources are available. Other
operations should not be performed during scanning.
● ARP automatic scanning may be time-consuming. You can press Ctrl_C to
stop ARP automatic scanning. If a device receives ARP Reply packets from its
neighbor devices when ARP automatic scanning is stopped, the device
generates dynamic ARP entries about its neighbors. Run the display arp all
command to view all dynamic ARP entries that the device has generated.
Example
# Enable ARP automatic scanning.
[HUAWEI-Vlanif10] arp scan
7.6.7 arp static

Function
The arp static command configures static ARP entries.
The undo arp static command deletes static ARP entries.
By default, the ARP mapping table is empty and address mappings are obtained
using dynamic ARP.
Format
arp static ip-address mac-address [ vid vlan-id [ interface interface-type
interface-number ] ]
undo arp static ip-address [ mac-address ] [ vid vlan-id interface interface-type
interface-number ]

Parameters
ip-address Specifies the IP address in a static The value is in dotted

ARP entry. decimal notation.
mac-address Specifies the MAC address of a The value is in H-H-H

static ARP entry. format. An H contains
four hexadecimal
numbers.
interface Specifies the outbound interface -

interface-type of a static ARP packet.
interface-number
● interface-type specifies the
interface type.
● interface-number specifies the
interface number.
vid vlan-id Specifies the ID of the VLAN to The value is an integer

which a static ARP entry belongs. ranging from 1 to 4094.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To ensure security and facilitate management, you may need to configure

mappings between IP addresses and MAC addresses. In this case, run the arp
static command to configure a fixed ARP mapping entry that maps an IP address
to a MAC address.
A static ARP entry cannot be dynamically modified.
A static ARP entry is used in the following situations:

● Direct the packets whose destination IP addresses are not on the local
network segment to a gateway on the local network segment so that the
packets can be forwarded by the gateway.
● Bind the destination IP addresses of invalid packets to a nonexistent MAC
address so that the invalid packets are filtered out.
Precautions
If a static ARP entry to be created exists, the system updates the entry.

After a static ARP entry is configured, it cannot be dynamically updated.

The IP address specified by ip-address and the IP address of the outbound
interface specified by interface must be on the same network segment.
Example
# Configure a static ARP entry that maps the IP address 10.0.0.1 to the MAC
address aaaa-fccc-1212.
[HUAWEI] arp static 10.0.0.1 aaaa-fccc-1212
7.6.8 arp topology-change disable

Function
The arp topology-change disable command disables a device from aging or
deleting ARP entries in response to network topology changes.
The undo arp topology-change disable command enables a device to age or
delete ARP entries in response to network topology changes.
By default, when the network topology changes, ARP entries are aged or deleted.
Format
arp topology-change disable
undo arp topology-change disable
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
Usually, when a ring protocol detects a network topology change, it will send a
protocol packet to notify the ARP module to age or delete ARP entries. Then the
device will re-learn ARP entries.
However, if the network topology changes frequently or a device has a large
number of ARP entries, re-learning of ARP entries will cause flooding of ARP
entries, consuming mass network resources and affecting other services running
on the device. To avoid this problem, the arp topology-change disable command

can be used to disable a device from aging or deleting ARP entries for network
topology changes.
Example
# Disable the device from aging or deleting ARP entries for network topology
changes.
[HUAWEI] arp topology-change disable
Warning: This operation will not age or delete dynamic ARP entries when the topology changes,continue?
[Y/N]:y
7.6.9 arp-proxy enable

Function
The arp-proxy enable command enables routed proxy ARP on an interface.
The undo arp-proxy enable command disables routed proxy ARP on an interface.
By default, routed proxy ARP is disabled on an interface.
Format
arp-proxy enable
undo arp-proxy enable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
If two hosts on different physical networks of the same logical network segment
are not configured with the default gateways, you can use the arp-proxy enable
command to enable routed proxy ARP on a device between the two hosts to
resolve IP addresses of the hosts.
Precautions
Routed ARP proxy allows hosts on different physical networks of the same logical
network segment to communicate. The IP addresses of the hosts on a subnet have
the same network ID; therefore, the default gateway address does not need to be
configured on the hosts.

Example
# Enable routed proxy ARP on VLANIF 10.
[HUAWEI-Vlanif10] arp-proxy enable
7.6.10 arp-proxy inner-sub-vlan-proxy enable
Function
The arp-proxy inner-sub-vlan-proxy enable command enables intra-VLAN proxy
ARP.
The undo arp-proxy inner-sub-vlan-proxy enable command disables intra-VLAN

proxy ARP.
By default, intra-VLAN proxy ARP is disabled.
Format
arp-proxy inner-sub-vlan-proxy enable
undo arp-proxy inner-sub-vlan-proxy enable
Parameters
None
Views
Default Level
Usage Guidelines
If host isolation is configured on the wireless access point, you need to configure
intra-VLAN proxy ARP to allow hosts to communicate in a VLAN.
Example
# Enable intra-VLAN proxy ARP on VLANIF 10.
[HUAWEI-Vlanif10] arp-proxy inner-sub-vlan-proxy enable

7.6.11 arp-proxy inter-sub-vlan-proxy enable
Function
The arp-proxy inter-sub-vlan-proxy enable command enables inter-VLAN proxy
ARP.
The undo arp-proxy inter-sub-vlan-proxy enable command disables inter-VLAN

proxy ARP.
By default, inter-VLAN proxy ARP is disabled.
Format
arp-proxy inter-sub-vlan-proxy enable
undo arp-proxy inter-sub-vlan-proxy enable
Parameters
None
Views
Default Level
Usage Guidelines
To allow users in different VLANs to communicate at Layer 3, you must enable
inter-VLAN proxy ARP on the interface.
After inter-VLAN proxy ARP is enabled and packets are sent from different VLANs
but do not have the corresponding ARP entries, ARP packets are replicated in all
VLANs on the involved sub-interface. If a lot of VLANs are configured, a large
number of ARP packets need to be replicated, causing heavy burden on the peer
device and abnormalities (such as high CPU usage and broadcast suppression) on
downstream devices. In addition, the local device may fail to send ARP packets in
time due to the replication of a large number of packets, which may lead to ARP
learning failures. Therefore, do not configure too many VLANs on an interface.
Example
# Enable inter-VLAN proxy ARP on VLANIF 10.
[HUAWEI-Vlanif10] arp-proxy inter-sub-vlan-proxy enable

7.6.12 arp send-packet

Function
The arp send-packet command configures the ARP unicast detection function.
Format
arp send-packet ip-address mac-address interface interface-type interface-
number [ vid vid ]
Parameters
ip-address Specifies a destination IP This value is in dotted

address for a unicast ARP decimal notation.
request packet to be sent.
mac-address Specifies a destination MAC The value is in H-H-H

address for a unicast ARP format. H is a hexadecimal
request packet to be sent. number of 4 digits. mac-
address cannot be FFFF-
FFFF-FFFF.
interface Specifies the type and number -

interface-type of an interface for sending out a
interface-number unicast ARP request packet.
vid vid Specifies an outer tag value for The value is an integer
a unicast ARP request packet to ranging from 1 to 4094.
be sent.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To check whether a peer device is reachable and learn a peer device's MAC
address, run the arp send-packet command to configure a local interface to send
a unicast ARP request packet that carries the peer device's IP and MAC addresses
as the destination addresses.
● If the peer is reachable, the peer sends an ARP reply packet to the local
device. Then, the local device uses information carried in the ARP reply packet
to create or update an ARP entry for the peer.

● If the peer is unreachable, the peer device does not send an ARP reply packet.
The local device does not generate an ARP entry.
The ARP entries learned or updated by the local device will be deleted after their
aging time expires and can be updated again after the local device receives ARP
request packets from the peer device.
Example
# Configure VLANIF10 to send a unicast ARP request packet that carries the
destination IP address 10.1.1.1 and destination MAC address 5489-98f4-786e.
<HUAWEI> arp send-packet 10.1.1.1 5489-98f4-786e interface vlanif 10
7.6.13 arp-suppress enable

Function
Using the arp-suppress enable command, you can enable ARP suppression.
Using the undo arp-suppress command, you can disable ARP suppression.
By default, ARP suppression is disabled but is enabled on VLANIF interfaces.
Format
arp-suppress enable
undo arp-suppress
Parameters
None
Views
System view
Default Level
Usage Guidelines
If the system receives a great number of ARP packets from the same source at a
time, it needs to update ARP entries repeatedly, causing performance
deterioration. To ensure system performance, you can enable ARP suppression. The
system then only responds to ARP Request packets but does not update ARP
entries.
If ARP suppression is enabled for all interfaces, ARP entries on some interfaces
cannot be updated temporarily. ARP suppression is applicable to only VLANIF
interfaces. By default, it always takes effect on VLANIF interfaces. It can be
configured on other logical interfaces.

After the undo arp-suppress command is executed, ARP suppression is enabled

only on VLANIF interfaces.
Example
# Enable ARP suppression.
[HUAWEI] arp-suppress enable
7.6.14 display arp

Function
The display arp command displays all ARP mapping entries.
Format
display arp [ all | brief ]
Parameters
all Displays all ARP -

mapping entries.
brief Displays brief -

information about ARP
mapping entries.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command displays all ARP mapping entries, including the aging time of ARP
entries, ARP entry type, and VPN instance to which ARP entries belong.
Example
# Display all ARP mapping entries.
<HUAWEI> display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN
------------------------------------------------------------------------------
192.168.120.251 60de-4474-9640 I - Vlanif1
192.168.120.1 7054-f5df-9b40 6 D-0 GE0/0/0

1
192.168.120.252 04f9-3895-8300 20 D-0 GE0/0/0
1
------------------------------------------------------------------------------
Total:3 Dynamic:2 Static:0 Interface:1
# Display brief information about all ARP mapping entries.

<HUAWEI> display arp brief
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VLAN/CEVLAN
------------------------------------------------------------------------------
192.168.120.251 60de-4474-9640 I - Vlanif1
192.168.120.1 7054-f5df-9b40 3 D-0 GE0/0/0 1/-
192.168.120.252 04f9-3895-8300 19 D-0 GE0/0/0 1/-
------------------------------------------------------------------------------
Table 7-32 Description of the display arp command output

Item Description
IP ADDRESS IP address in the ARP entry.
MAC ADDRESS MAC address in the ARP entry.
EXPIRE(M) Remaining lifetime of ARP entries, in

minutes.
TYPE ARP entry type and slot ID of the LPU that

obtains the entry. The entry type contains 3
bits. The first bit can be any of the
following:
● I: Interface, indicating the MAC address
of the interface
● D: Dynamic, indicating the dynamic
entry obtained through the ARP packet
● S: Static, indicating the static entry
obtained through static configuration
If the second bit is F, the ARP entry has
been reported to the routing module, the
route to this IP address has been
calculated, and the entry in the FIB has
been updated. If the entry is not reported
to the routing module, this field displays
"-".
NOTE
For the ARP entry with the type as "I", this flag
bit does not exist.
The third bit indicates the slot ID of the
LPU that obtains the entry.
NOTE
For the ARP entry with the type as "I" or "S",
this field displays "-".
VPN-INSTANCE Name of the VPN instance to which the

ARP entry belongs.

Item Description
INTERFACE Type and number of the interface that has

learnt ARP entries.
VLAN ID of the VLAN to which the ARP entry

belongs. The value is set using the vlan
command.
Total Total number of ARP entries in the ARP

mapping table.
Dynamic Number of dynamic ARP entries in the ARP

mapping table.
Static Number of static ARP entries in the ARP

mapping table.
Interface Number of ARP entries in the ARP mapping

table on the local interface.
7.6.15 display arp dynamic

Function
The display arp dynamic command displays all dynamic ARP entries.
Format
display arp dynamic
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display all dynamic ARP mapping entries.
<HUAWEI> display arp dynamic

VLAN
------------------------------------------------------------------------------
192.168.120.251 60de-4474-9640 I - Vlanif1
192.168.120.1 7054-f5df-9b40 15 D-0 GE0/0/0
1
192.168.120.252 04f9-3895-8300 19 D-0 GE0/0/0
1
------------------------------------------------------------------------------
Table 7-33 Description of the display arp dynamic command output

Item Description

minutes.

following:
of the interface
The second bit can only be F, indicating
that the ARP entry has been reported to
the routing module, the route to this IP
address has been calculated, and the entry
in the FIB has been updated.
NOTE
If the entry is not reported to the routing
module, this field displays "-". For the ARP entry
with the type as "I", this flag bit does not exist.
NOTE

ARP entry belongs.

learnt ARP entries.

command.


mapping table.

mapping table.

mapping table.

7.6.16 display arp error packet

Function
The display arp error packet command displays the latest ten ARP error packets.
Format
display arp error packet
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If a device cannot learn ARP entries, you can run this command to check the latest
received ARP error packets. The ARP error packets help locate the fault.
Example
# Display the latest ten ARP error packets.
<HUAWEI> display arp error packet
--------------------------------------------------
[interface = Vlanif10, time = 2010-05-24 20:34:53]:
00 01 08 00 06 04 00 01 00 25 9E 4B 1F 75 0A 8A
4E 02 00 00 00 00 00 00 0A 8A 4E FF 00 00 00 00
00 00 00 00 00 00 FF FF FF FF FF FF 00 25
--------------------------------------------------
00 01 08 00 06 04 00 01 00 13 72 FD E7 1C 0A 8A
4E 98 00 00 00 00 00 00 0A 8A 4E 30 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 13 72 9B 21 A7 0A 8A
4E 82 00 00 00 00 00 00 0A 8A 4E 01 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 13 72 9B 21 A7 0A 8A
4E 82 00 00 00 00 00 00 0A 8A 4E 01 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 E0 FC 8F B2 DD 0A 8A
4E 01 00 00 00 00 00 00 0A 8A 4F FA 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 0F E2 5C 8C EA AC 12
3E FE 00 00 00 00 00 00 AC 12 3E FE 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 1B B9 78 25 2E 0A 8A
4E A5 00 00 00 00 00 00 0A 8A 4E 2D 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 13 72 9B 21 A7 0A 8A
4E 82 00 00 00 00 00 00 0A 8A 4E 01 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 13 72 9B 21 A7 0A 8A
4E 82 00 00 00 00 00 00 0A 8A 4E 01 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
--------------------------------------------------
00 01 08 00 06 04 00 01 00 E0 FC 8F B2 DD 0A 8A
4E 01 00 00 00 00 00 00 0A 8A 4F FA 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
Table 7-34 Description of the display arp error packet command output
Item Description
interface Interface name.
time Time when an ARP error packet is received.
7.6.17 display arp interface
Function
The display arp interface command displays ARP mapping entries of a specified
interface.
Format
display arp interface interface-type interface-number

Parameters

number number of an interface.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To monitor dynamic ARP entries or locate the faults in ARP, you can run this
command to check the ARP entries.
Example
# Display all the ARP entries of VLANIF 10.
<HUAWEI> display arp interface vlanif 10
VLAN
------------------------------------------------------------------------------
192.168.78.1 dcd2-fcf9-b5ca I- Vlanif10
------------------------------------------------------------------------------
Table 7-35 Description of the display arp interface command output

Item Description
EXPIRE(M) Remaining lifetime of the ARP entry, in

minutes.

Item Description

following:
of the interface
that the entry is reported to the routing
module, the route to this IP address is
calculated, and entries in the FIB are
correspondingly updated.
NOTE
NOTE

learnt ARP entries.

ARP entry belongs.

command.
Total: 1 One ARP entry exists in the ARP mapping

table.
Dynamic: 0 No dynamic ARP entry exists in the ARP

mapping table.
Static: 0 No static ARP entry exists in the ARP

mapping table.
Interface: 1 One ARP entry of the local interface exists

in the ARP mapping table.

7.6.18 display arp ip-conflict track
Function
The display arp ip-conflict track command displays recorded information about
the detected IP address conflict.
Format
display arp ip-conflict track
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
Route flapping caused by IP address conflicts affects user services. To help users
quickly locate IP conflicts to better manage IP addresses of network devices, run
the display arp ip-conflict track command to view the recorded information
about the detected IP address conflict.
NOTE
The maximum number of IP conflict information that can be recorded by the system is 200,
and the oldest recorded information will be covered by newly added if the conflicted IP
address is more than 200.
Example
# Display the information of the detected IP address conflict.
<HUAWEI> display arp ip-conflict track
Conflict type : Local IP conflict

IP address : 192.168.1.1
System time : 2011-11-19 03:22:16+08:00
Conflict count :1
Suppress count :0
Local interface : Vlanif1001
Receive interface : GE0/0/1
Receive VLAN/CEVLAN : 1001/0
Receive MAC : 0000-0a88-36f5

Table 7-36 Description of the display arp ip-conflict track command output
Item Description
Conflict type IP address conflict type
IP address Conflicting IP address
System time System time when an IP conflict occurred
Conflict count Total number of the IP conflict times

NOTE
The field is displayed as 0 if the ARP entry
corresponding to the IP address expires or is
deleted.
Suppress count Number of the suppressed IP conflicts

NOTE
The field is displayed as 0 if the ARP entry
corresponding to the IP address expires or is
deleted.
Local interface Interface recorded in the ARP entry of the

IP address
Receive interface Interface that receives the ARP packet with

duplicate IP address
Receive VLAN/CEVLAN VLAN and CEVLAN configured on the

interface that receives the ARP packet with
duplicate IP address
Receive MAC Source MAC address of the second ARP

packet with duplicate IP address
7.6.19 display arp network
Function
The display arp network command displays ARP mapping entries of a specified
network segment.
Format
display arp network net-number [ net-mask | mask-length ] [ dynamic | static ]
Parameters
net-number Specifies the network ID. The value is in dotted

decimal notation.

net-mask Specifies the subnet The value is in dotted

mask. decimal notation.
mask-length Specifies the mask The value is a decimal

length. integer ranging from 1
to 32.
dynamic Displays dynamic ARP -

entries of a specified
network segment.
static Displays static ARP -

entries of a specified
network segment.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display all ARP entries of the network segment with network ID 10.10.0.0 and
subnet mask 255.255.0.0.
<HUAWEI> display arp network 10.10.0.0 255.255.0.0
VLAN
------------------------------------------------------------------------------
10.10.20.9 0018-2000-0083 I- Vlanif1
10.10.10.6 0018-2000-0083 I- Vlanif20
------------------------------------------------------------------------------
Table 7-37 Description of the display arp network command output
Item Description

minutes.

Item Description

following:
of the interface
NOTE
NOTE

ARP entry belongs.

learnt ARP entries.

command.

mapping table.

mapping table.

mapping table.

7.6.20 display arp packet statistics

Function
The display arp packet statistics command displays the statistics on ARP-based
packets.
Format
display arp packet statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To locate and rectify ARP faults, you can run this command to the statistics on
ARP-based packets.
Example
# Display the statistics on ARP-based packets.
<HUAWEI> display arp packet statistics
ARP Pkt Received: sum 10088
ARP Learnt Count: sum 52
ARP Pkt Discard For Limit: sum 0
ARP Pkt Discard For SpeedLimit: sum 31
ARP Pkt Discard For Proxy Suppress: sum 307
ARP Pkt Discard For Other: sum 9274
Table 7-38 Description of the display arp packet statistics command output
Item Description
ARP Pkt Received Number of the received ARP packets.
ARP Learnt Count Times of ARP learning.
ARP Pkt Discard For Limit Number of ARP packets discarded due to
the ARP entry limit.
ARP Pkt Discard For SpeedLimit Number of ARP packets discarded when
the number of ARP packets from a
specified source IP address exceeds the
limit.
ARP Pkt Discard For Proxy Suppress Number of packets discarded for the
speed limit.

Item Description
ARP Pkt Discard For Other Number of the packets discarded due to
other causes.
7.6.21 display arp static

Function
The display arp static command displays all static ARP mapping entries.
Format
display arp static
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display all static ARP entries.
<HUAWEI> display arp static
VLAN
------------------------------------------------------------------------------
172.16.1.1 0efc-0505-86e3 S--
10/-
192.168.0.1 0e00-fc01-0000 S--
10.0.0.1 aa00-fcc0-1200 S--
3/-
------------------------------------------------------------------------------
Table 7-39 Description of the display arp static command output

Item Description

Item Description

minutes.

following:
of the interface
NOTE
NOTE

ARP entry belongs.

learnt ARP entries.

command.

mapping table.

mapping table.

mapping table.


7.6.22 display arp statistics
Function
The display arp statistics command displays ARP entry statistics.
Format
display arp statistics { all | interface interface-type interface-number }
Parameters

all Displays ARP entry statistics of the system. -
interface interface-type Displays ARP entry statistics of a specified -
interface-number interface.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To monitor ARP entries or locate the faults in ARP, you can run this command to
check ARP entry statistics.
Example
# Display ARP entry statistics.
<HUAWEI> display arp statistics all
Dynamic:1 Static:0
Table 7-40 Description of the display arp statistics all command output
Item Description
Dynamic Number of dynamic ARP entries.
Static Number of static ARP entries.

7.6.23 display arp track

Function
The display arp track command displays changes of outbound interfaces in ARP
entries learned by a VLANIF interface.
Format
display arp track
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
If the outbound interfaces change in ARP entries learned by a VLANIF interface,

traffic may be interrupted. In this case, run the display arp track command to
check changes of outbound interfaces and time of changes.
Precautions
After the display arp track command is executed, changes of ARP entries are
displayed in the following situations:
● Outbound interfaces in dynamic ARP entries learnt by the VLANIF interface
change to other interfaces.
● No outbound interface is specified in the static ARP entries. The outbound
interface changes to other interfaces.
● Dynamic ARP entries or static ARP entries in which no VLAN ID or outbound
interface is specified are deleted.
Changes of ARP entries cannot be displayed in the following situations:

● ARP entries change on a non-VLANIF interface.
● New ARP entries are learnt.
● The VLAN ID and outbound interface are manually specified in static ARP
entries.
Example
# Display changes of ARP entries.

<HUAWEI> display arp track

Operate Flags: M - Modify, D - Delete
--------------------------------------------------------------------------------
Op IP-Address MAC-Address VLAN Old-Port New-Port System-Time
--------------------------------------------------------------------------------
D 192.168.129.100 0053-6721-9e00 2001 GE0/0/0 02-23 23:52:51+
08:00
D 192.168.129.100 0053-6721-9e00 2001 GE0/0/0 02-27 15:18:02+
08:00
Table 7-41 Description of the display arp track command output
Item Description
Op Operation identifier.
● M: Modify, indicating that the outbound
interface changes.
● D: Delete, indicating that the ARP entry
is deleted.
IP-Address IP address in the ARP entry.
MAC-Address MAC address in the ARP entry.
VLAN ID of the VLAN to which the VLANIF

interface belongs.
Old-Port Original outbound interface in the ARP

entry.
New-Port New outbound interface in the ARP entry.
System-Time System time when the outbound interface

changes.
7.6.24 display snmp-agent trap feature-name arp all
Function
The display snmp-agent trap feature-name arp all command displays all trap
messages of the ARP module.
Format
display snmp-agent trap feature-name arp all
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
The Simple Network Management Protocol (SNMP) is a standard network
management protocol widely used on TCP/IP networks. It uses a central computer
(a network management station) that runs network management software to
manage network elements. The management agent on the network element
automatically reports traps to the network management station. After that, the
network administrator immediately takes measures to resolve the problem.
After running the snmp-agent trap enable feature-name arp command to
enable or disable a trap function of the ARP module, run the display snmp-agent
trap feature-name arp all command to check the status of all trap functions of
the ARP module.
Example
# Display all trap messages of the ARP module.
<HUAWEI>display snmp-agent trap feature-name arp all
------------------------------------------------------------------------------
Feature name: ARP
Trap number : 6
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
hwEthernetARPSpeedLimitAlarm on on
hwEthernetARPThresholdExceedAlarm
on on
hwEthernetARPThresholdResumeAlarm
on on
hwEthernetARPIPConflictEvent on on
hwEthernetARPLearnStopAlarm on on
hwEthernetARPLearnResumeAlarm on on
Table 7-42 Description of the display snmp-agent trap feature-name arp all
command output
Item Description
Feature name Name of the module to which a trap message

belongs.
Trap number Number of trap messages.

Item Description
Trap name Name of a trap message of the ARP module:

● hwEthernetARPSpeedLimitAlarm: alarm of ARP
speed limit.
● hwEthernetARPThresholdExceedAlarm: alarm of
the number of ARP entries exceeding the upper
threshold.
● hwEthernetARPThresholdResumeAlarm: alarm of
the number of ARP entries falling below the
upper threshold.
● hwEthernetARPIPConflictEvent: alarm of the IP
address conflict.
● hwEthernetARPLearnStopAlarm: alarm of
stopping learning ARP entries because the board
memory usage reaches the threshold.
● hwEthernetARPLearnResumeAlarm: clear alarm of
stopping learning ARPpackets because the board
memory usage falls below the threshold.
Default switch status Status of the default trap switch:

● on: indicates that the trap function is enabled.
● off: indicates that the trap function is disabled.
Current switch status Status of the current trap switch:

7.6.25 l2-topology detect enable
Function
The l2-topology detect enable command enables Layer 2 topology detection.
The undo l2-topology detect enable command disables Layer 2 topology

detection.
By default, Layer 2 topology detection is disabled.
Format
l2-topology detect enable
undo l2-topology detect enable
Parameters
None

Views
System view
Default Level
Usage Guidelines
After the l2-topology detect enable command is run, all ARP entries in the VLAN
are updated if the Layer 2 interface changes from Down to Up.
Example
# Enable Layer 2 topology detection.
[HUAWEI] l2-topology detect enable
7.6.26 reset arp

Function
The reset arp command deletes ARP entries in the ARP mapping table.
Format
reset arp { dynamic [ ip ip-address ] | interface interface-type interface-number
[ ip ip-address ] | static }
Parameters
dynamic Deletes dynamic ARP entries. -
interface ● interface-type specifies the type of the -
interface-type interface.
interface-number ● interface-number specifies the number
of the interface.
ip ip-address Deletes dynamic ARP entries of a specified The value is in
interface and with a specified IP address. dotted decimal
notation.
If an interface learns excessive ARP entries,
you can specify this parameter to delete a
specified ARP entry.
static Deletes static ARP entries. -
Views
User view

Default Level
Usage Guidelines
Usage Scenario
If an unauthorized user sends a large number of ARP packets to a device, the
device learns a large number of ARP entries in a short period of time, causing the
buffer to overflow. As a result, users may fail to access the network. To solve the
problem, you can run the reset arp command to delete invalid ARP entries and
create new ARP entries to ensure that users can access the network.
Prerequisites
Before using the reset arp command, ensure that the corresponding ARP entries
exist.
After an ARP entry is cleared, the mapping between the IP address and the MAC
address is cleared. As a result, users may fail to assess the network and services
may be interrupted.
Precautions
ARP entries are cleared at an interval of at least 20s.
Example
# Delete dynamic ARP entries in the ARP mapping table.
<HUAWEI> reset arp dynamic
# Delete dynamic ARP entries of VLANIF 10.

<HUAWEI> reset arp interface vlanif 10
7.6.27 reset arp packet statistics
Function
The reset arp packet statistics command clears the statistics on ARP packets.
Format
reset arp packet statistics
Parameters
None
Views
User view

Default Level
3: Management level
Usage Guidelines
You can run the display arp packet statistics command to display the statistics
on ARP packets. To obtain correct statistics, run the reset arp packet statistics
command to clear existing statistics first.
Example
# Clear the statistics on all ARP packets.
<HUAWEI> reset arp packet statistics
7.6.28 snmp-agent trap enable feature-name arp
Function
The snmp-agent trap enable feature-name arp command enables the trap
function for the ARP module.
The undo snmp-agent trap enable feature-name arp command disables the
trap function for the ARP module.
By default, the trap function is enabled for the ARP module.
Format
snmp-agent trap enable feature-name arp [ trap-name
{ hwethernetarpspeedlimitalarm | hwethernetarpthresholdexceedalarm |
hwethernetarpthresholdresumealarm | hwethernetarpipconflictevent } ]
undo snmp-agent trap enable feature-name arp [ trap-name

{ hwethernetarpspeedlimitalarm | hwethernetarpthresholdexceedalarm |
hwethernetarpthresholdresumealarm | hwethernetarpipconflictevent } ]
Parameters
trap-name Enables the traps of ARP events -

of specified types.
hwethernetarpspeedlimitalarm Enables the alarm of ARP speed -

limit.
hwethernetarpthresholdexceedalarm Enables the alarm of the -

number of ARP entries
exceeding the upper threshold.

hwethernetarpthresholdresumealarm Enables the alarm of the -

number of ARP entries falling
below the upper threshold.
hwethernetarpipconflictevent Enables the alarm of IP address -

conflict.
Views
System view
Default Level
Usage Guidelines
If you do not specify trap-name, all traps of the ARP module will be enabled.
Example
# Enables the trap function of ARP speed limit.
[HUAWEI] snmp-agent trap enable feature-name arp trap-name hwethernetarpspeedlimitalarm
7.7 DHCP Configuration Commands
7.7.1 alarm ip-used percentage
Function
The alarm ip-used percentage command configures the percentage of the alarms
indicating that the addresses in an address pool are used up, and the percentage
of the clear alarms.
The undo alarm ip-used percentage command restores the default percentages
of the alarms and clear alarms.
By default, the percentage of the alarms indicating that the addresses in an IP

address pool are used up is 100%, and the percentage of the clear alarms is 50%.
Format
alarm ip-used percentage alarm-resume-percentage alarm-percentage
undo alarm ip-used percentage

Parameters
alarm-resume- Specifies the percentage The value is an integer

percentage of the clear alarms. that ranges from 1 to
100. The default value is
50.
NOTE
The percentage of the
clear alarms cannot exceed
that of the alarms.
alarm-percentage Specifies the percentage The value is an integer

of the alarms indicating that ranges from 1 to
that the addresses in an 100. The default value is
address pool are used 100.
up.
Views
IP address pool view
Default Level
Usage Guidelines
Usage Scenario
When the addresses in an IP address pool are used up, alarms are sent to notify
the administrator.
Precautions
The percentage of the clear alarms cannot exceed that of the alarms.
Example
# Configure the percentage of the alarms indicating that the addresses in an
address pool are used up, and the percentage of the clear alarms in the IP address
pool view.
[HUAWEI] ip pool p1
[HUAWEI-ip-pool-p1] alarm ip-used percentage 80 90
7.7.2 bootfile
Function
The bootfile command configures the name of the startup configuration file for a
DHCP client.

The undo bootfile command deletes the configured name of the startup
configuration file for a DHCP client.
By default, the startup configuration file name is not configured for a DHCP client.
Format
bootfile bootfile
undo bootfile
Parameters
bootfile Specifies the name of The value is a string of 1

the startup configuration to 127 case-sensitive
file for a DHCP client. characters without
spaces.
Views
IP address pool view, DHCP Option template view
Default Level
Usage Guidelines
Usage Scenario
This command is used on a DHCP server. Besides assigning IP addresses, a DHCP

server can also provide the required network configuration parameters, such as
the startup configuration file name for the DHCP clients. After the startup
configuration file name is configured using the bootfile command, the Offer and
ACK packets sent from the DHCP server carry this file name. The DHCP client can
acquire the startup configuration file from the specified server based on the file
name.
Precautions
Usually, the startup configuration file is saved on a specified file server. Therefore,
the route between the DHCP client and the file server must be reachable and the
ip address or name of the file server must be specified.
Example
# In the IP address pool view, configure the name of the startup configuration file
as start.ini for the DHCP client.
[HUAWEI] ip pool p1
[HUAWEI-ip-pool-p1] bootfile start.ini

# In the DHCP Option template view, configure the name of the startup
configuration file as start.ini for the DHCP client.
[HUAWEI] dhcp option template template1
[HUAWEI-dhcp-option-template-template1] bootfile start.ini
7.7.3 conflict auto-recycle interval

Function
The conflict auto-recycle interval command enables automatic reclaim of
conflicting IP addresses in the global address pool and configures the interval for
the automatic reclaim.
The undo conflict auto-recycle interval command disables automatic reclaim of
conflicting IP addresses in the global address pool and deletes the configured
interval for the automatic reclaim.
By default, automatic reclaim of conflicting IP addresses in the global address pool
is disabled.
Format
conflict auto-recycle interval day day [ hour hour [ minute minute ] ]
undo conflict auto-recycle interval
Parameters
day day Specifies the interval for The value is an integer

the automatic reclaim, in that ranges from 0 to
days. 999, in days. The default
value is 0.
hour hour Specifies the interval for The value is an integer

the automatic reclaim, in that ranges from 0 to 23,
hours. in hours. The default
value is 0.
minute minute Specifies the interval for The value is an integer

minutes. in minutes. The default
value is 0.
Views
Default Level

Usage Guidelines
Usage Scenario
This command is used on a DHCP server. When a DHCP server allocates IP
addresses to clients, IP address conflict may occur because IP addresses of some
hosts have been manually configured. In this case, the DHCP server considers
these IP addresses as conflicting IP addresses, and allocates available IP addresses
from the conflicting IP addresses to clients only after available IP addresses in the
address pool are used up. To reclaim conflicting IP addresses promptly, the
administrator can run the conflict auto-recycle interval command to enable
automatic reclaim and specify the reclaim interval.
Prerequisites
The global address pool has been created using the ip pool command.
Example
# Enable automatic reclaim for conflicting IP addresses in the global address pool
global1, and set the interval for automatic reclaim to one day.
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] conflict auto-recycle interval day 1
7.7.4 dhcp anti-attack check duplicate option

Function
The dhcp anti-attack check duplicate option command enables the device to
check and discard DHCP messages with duplicate options.
The undo dhcp anti-attack check duplicate option command disables the device
from checking and discarding DHCP messages with duplicate options.
By default, the device is disabled from checking and discarding DHCP messages
with duplicate options.
Format
dhcp anti-attack check duplicate option [ option-start [ to option-end ] ]
&<1-254>
undo dhcp anti-attack check duplicate option [ option-start [ to option-end ] ]
&<1-254>

Parameters
option-start [ to Specifies the option value. The value is an integer

option-end ] in the range 1 to 254.
● option-start: Specifies the start For an option, the end
value of an option in a DHCP value must be larger
packet. than the start value.
● option-end: Specifies the end
value of an option in a DHCP
packet.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The dhcp anti-attack check duplicate option command applies to DHCP servers,
DHCP relay agents, DHCP clients, and DHCP snooping-enabled devices. To discard
DHCP messages with duplicate options 1 to 254, run the dhcp anti-attack check
duplicate option command.
Prerequisites
DHCP has been enabled using the dhcp enable command.
Example
# Configure the device to discard DHCP messages with duplicate options.
[HUAWEI] dhcp enable
[HUAWEI] dhcp anti-attack check duplicate option
7.7.5 dhcp client class-id (interface view)
Function
The dhcp client class-id command sets the Option60 field in the DHCP request
packet sent by the DHCP client.
The undo dhcp client class-id command deletes the configured Option60 field in
the DHCP request packet sent by the DHCP client.
By default, no Option60 field is configured.

Format
dhcp client class-id class-id
undo dhcp client class-id
Parameters
class-id Indicates the value of the The value is a string of 1 to 64 case-

Option60 field. sensitive characters.
Views
Default Level
Usage Guidelines
The DHCP server identifies the devices according to the Option60 field in the
DHCP request packet. You can run the dhcp client class-id class-id command to
customize the Option60 field in the DHCP request packet sent from the DHCP
client.
After you run the dhcp client class-id class-id command in the VLANIF interface
view, the device that functions as the DHCP client fills the set Option60 in the
DHCP request packet on the VLANIF interface.
Example
# Set the class-id of a DHCP client to test on VLANIF100.
[HUAWEI-Vlanif100] dhcp client class-id test
7.7.6 dhcp client class-id (system view)
Function
The dhcp client class-id command is used to set the Option60 field in the DHCP
request packet sent by the DHCP client.
The undo dhcp client class-id command is used to restore the default value of
the Option60 field.
By default, the default value of the Option60 field depends on the device type,
which is "huawei Device Model".

Format
dhcp client class-id class-id
undo dhcp client class-id
Parameters
class-id Indicates the value of the The value is a string of 1 to 64 case-

Option60 field. sensitive characters.
Views
System view
Default Level
Usage Guidelines
The DHCP server identifies the devices according to the Option60 field in the
DHCP request packet. You can run the dhcp client class-id class-id command to
customize the Option60 field in the DHCP request packet sent from the DHCP
client.
Configuration information of the Option60 field is saved in the storage device:/
dhcp-client.options file. By default, the storage device needs to provide more than
80-byte storage space. You can run the more dhcp-client.options command in
the user view to check configuration information of the Option60 field.
After you run the dhcp client class-id class-id command in the system view, the
device that functions as the DHCP client fills the set Option60 in the DHCP request
packet sent from all of the interfaces.
Example
# Set the class-ID of a DHCP client to test.
[HUAWEI] dhcp client class-id test
7.7.7 dhcp client client-id

Function
The dhcp client client-id command configures an identifier for a DHCP client.
The undo dhcp client client-id command restores the default identifier of a
DHCP client.
By default, the identifier of a DHCP client is the client's MAC address.

Format
dhcp client client-id client-id
undo dhcp client client-id
Parameters
client-id Specifies the identifier of The value is a string of 2

a DHCP client. to 64 case-sensitive
characters without
spaces.
Views
Default Level
Usage Guidelines
The dhcp client client-id command configures an identifier for a DHCP client. The
identifier is encapsulated into a DHCP Request message. When a DHCP client
requests an IP address from a DHCP server, the DHCP server obtains the identifier
of the DHCP client and assigns an IP address to the DHCP client with the specified
identifier.
Example
# Set the identifier of the DHCP client to test_client on VLANIF100.
[HUAWEI-Vlanif100] dhcp client client-id test_client
7.7.8 dhcp client expected-lease

Function
The dhcp client expected-lease command enables expected lease on a DHCP
client.
The undo dhcp client expected-lease command disables expected lease on a
DHCP client.
By default, expected lease is disabled on the DHCP client.
Format
dhcp client expected-lease time

undo dhcp client expected-lease
Parameters
time Specifies an expected The value is an integer

lease for a DHCP client. that ranges from 60 to
864000, in seconds.
Views
Default Level
Usage Guidelines
The dhcp client expected-lease command applies to DHCP clients. An expected
lease can be contained in Option 51 of a DHCP Request message sent to the
server. The server compares the expected lease with the lease in the address pool
and assigns a shorter lease to the client.
Example
# Set the expected lease to 7200s on VLANIF100.
[HUAWEI-Vlanif100] dhcp client expected-lease 7200
7.7.9 dhcp client gateway-detect
Function
The dhcp client gateway-detect command enables gateway detection on a
DHCP client.
The undo dhcp client gateway-detect command disables gateway detection on a

DHCP client.
By default, gateway detection is disabled on a DHCP client.
Format
dhcp client gateway-detect period period retransmit retransmit timeout time
undo dhcp client gateway-detect

Parameters
period period Specifies an interval for The value is an integer

gateway detection on a that ranges from 1 to
DHCP client. 86400, in seconds.
retransmit retransmit Specifies the The value is an integer

retransmission count of that ranges from 1 to 10.
gateway detection on a
DHCP client.
timeout time Specifies the timeout It is an integer that

period of gateway ranges from 300 to 2000,
detection on a DHCP in milliseconds.
client.
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp client gateway-detect command applies to DHCP clients. After a DHCP
client obtains an IP address, the dhcp client gateway-detect command enables
the DHCP client to detect the status of the gateway being used. If the gateway
has an incorrect address or the gateway device fails, the DHCP client requests a
new IP address from the DHCP server.
Example
# Enable gateway detection on VLANIF100 of the DHCP client. Set the detection
interval to 3600s, retransmission count to 3, and timeout period to 500 ms.
[HUAWEI-Vlanif100] dhcp client gateway-detect period 3600 retransmit 3 timeout 500
7.7.10 dhcp client default-route preference
Function
The dhcp client default-route preference command configures the default route
preference that a DHCP server delivers to a DHCP client.

The undo dhcp client default-route preference command restores the default
value of the default route preference that a DHCP server delivers to a DHCP client.
By default, the default route preference that a DHCP server delivers to a DHCP
client is 60.
Format
dhcp client default-route preference preference-value
undo dhcp client default-route preference
Parameters
preference-value Specifies the default The value is an integer

route preference. that ranges from 1 to
255. A smaller value
indicates a higher
preference.
Views
Default Level
Usage Guidelines
A DHCP client can obtain the default route through the DHCP server to
dynamically update the routing table. The next-hop address of the default route is
the DHCP client's gateway address carried in Option3.
The default route that a DHCP server delivers is the user network router (UNR)
route with the default preference 60. You can run the dhcp client default-route
preference command to change the default route preference.
Example
# In the view of VLANIF100, set the default route preference that a DHCP server
delivers to a DHCP client to 30.
[HUAWEI-Vlanif100] dhcp client default-route preference 30

7.7.11 dhcp client hostname
Function
The dhcp client hostname command configures a host name for a DHCP client.
The undo dhcp client hostname command deletes the configured host name of a
DHCP client.
By default, no host name is configured for a DHCP client.
Format
dhcp client hostname hostname
undo dhcp client hostname
Parameters
hostname Specifies the name of a The value is a string of 1

DHCP client. to 64 case-sensitive
characters.
Views
Default Level
Usage Guidelines
A DHCP server must obtain the host name of a client before assigning an IP
address to the client. To configure a host name for a DHCP client, run the dhcp
client hostname command. The host name is used to match the local domain
name of the DHCP client.
Example
# Set the host name of a DHCP client to gateway1 on VLANIF100.
[HUAWEI-Vlanif100] dhcp client hostname gateway1

7.7.12 dhcp client renew

Function
The dhcp client renew command renews the lease of the IP address obtained by
a DHCP client.
Format
dhcp client renew
Parameters
None
Views
Default Level
Usage Guidelines
This command applies to the following scenarios:
● Manually renewing the lease
If a DHCP server assigns the original IP address to the client, only the lease is
renewed. If another DHCP server assigns an IP address to the client, the client
obtains a new IP address and related network parameters.
● Updating the IP address
When the DHCP client is migrated from a network segment to another
network segment and the original IP address lease does not expire, the client
needs to update the IP address.
After the dhcp client renew command is run, the DHCP client sends a lease
renewal request to the DHCP server.
● If the DHCP client receives a positive reply from the server, the client updates
the parameters such as the lease duration.
● If the DHCP client receives a negative reply from the server, the client releases
the applied parameters and re-applies to the DHCP server for an IP address
and other network parameters.
● If no reply is received, the client does not perform any operation.
The dhcp client renew command can be normally run only after the DHCP client
function is enabled on the interface and an IP address is obtained.
Example
# Renew the IP address lease on VLANIF100.

[HUAWEI-Vlanif100] dhcp client renew
7.7.13 dhcp client request option-list exclude

Function
The dhcp client request option-list exclude command configures a list of default
request options that are not carried in the Option55 field of DHCP Request
messages.
The undo dhcp client request option-list exclude command deletes the list of
default request options that are not carried in the Option55 field of DHCP Request
messages.
By default, the device does not configure the option to be excluded from the
DHCP client request list.
Format
dhcp client request option-list exclude option-code &<1-8>
undo dhcp client request option-list exclude option-code &<1-8>
Parameters
option-code Specifies a list of default The value is of

request options that are enumerated type and
excluded from the can be 3, 6, 15, 28, 33,
Option55 field. 44, 121, and 184.
Views
Default Level
Usage Guidelines
The Option55 field in DHCP Request messages is used to set the request option
list. DHCP clients use this option to specify network configuration parameters that
need to be obtained from the DHCP server. You can run the dhcp client request
option-list exclude command to configure a list of default options that are
excluded from the Option55 field based on network requirements.
For option meanings, see DHCP Options in CLI-based Configuration - Network
Interconnection Configuration Guide - DHCP Configuration.

Example
# Configure the default request option 3 to be excluded from the Option55 field
in DHCP Request messages on VLANIF100.
[HUAWEI-Vlanif100] dhcp client request option-list exclude 3
7.7.14 dhcp client request option-list

Function
The dhcp client request option-list command configures a list of request options
that the Option55 field in DHCP Request packets carries besides the default
options.
The undo dhcp client request option-list command deletes a list of request
options that the Option55 field in DHCP Request packets carries besides the
default options.
By default, the Option 55 field in DHCP Request packets carries only default
request options.
Format
dhcp client request option-list option-code &<1-9>
undo dhcp client request option-list option-code &<1-9>
Parameters
option-code Specifies a list of request The value is of

options that the enumerated type and
Option55 field carries can be 4, 7, 17, 42, 43,
besides the default 66, 67, 120, and 129.
options.
Views
Default Level
Usage Guidelines
The Option55 field in DHCP Request packets is used to set the request option list.
DHCP clients use this option to specify network configuration parameters that
need to be obtained from the DHCP server. Besides the default options, you can

run the dhcp client request option-list option-code command to set a list of
other request options that the Option55 field carries.
For option meanings, see DHCP Options in CLI-based Configuration - Network
Interconnection Configuration Guide - DHCP Configuration.
Example
# Configure the Option55 field in DHCP Request packets to carry option 4 on
VLANIF100.
[HUAWEI-Vlanif100] dhcp client request option-list 4
7.7.15 dhcp enable

Function
The dhcp enable command enables the DHCP function.
The undo dhcp enable command disables the DHCP function.
By default, the DHCP function is disabled.
Format
dhcp enable
undo dhcp enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
Network scale and complexity increase makes network configurations complex.
For example, computers frequently change their locations, and IP addresses are
insufficient for these computers. The DHCP protocol is developed to address these
problems. The dhcp enable command enables the DHCP function on the device.
Precautions
The dhcp enable command is the prerequisite for configuring DHCP-related
functions, including DHCP relay, DHCP snooping, and DHCP server. These

functions take effect only after the dhcp enable command is run. After the undo
dhcp enable command is run, all DHCP-related configurations of the device are
deleted. After DHCP is enabled again using the dhcp enable command, all DHCP-
related configurations of the device are restored to the default configurations.
Example
# Enable the DHCP function on the device.
7.7.16 dhcp option template
Function
The dhcp option template command creates a DHCP Option template and enters
the DHCP Option template view.
The undo dhcp option template command deletes a configured DHCP Option
template.
By default, no DHCP Option template is created on the device.
Format
dhcp option template template-name
undo dhcp option template template-name
Parameters
template-name Specifies the name of The value is a string of 1

the DHCP Option to 31 case-sensitive
template. characters without
spaces. The value can
contain digits, letters,
underscores (_), hyphens
(-), and dots (.), but
cannot be set to - or --.
Views
System view
Default Level

Usage Guidelines
Usage Scenario
This command is used on a DHCP server. During network deployment, a DHCP

server dynamically allocates IP addresses with leases to clients or allocates fixed IP
addresses to some clients. For example, laptops or terminals are often moved to
different places in enterprises, and they can obtain IP addresses using the dynamic
allocation mode. However, IP addresses obtained dynamically are randomly
allocated, and cannot be set to specified IP addresses. To allocate fixed IP
addresses to some fixed terminals (such as IP phones), run the static-bind
command in the global address view to bind IP addresses to MAC addresses of the
clients so that the clients are allocated fixed IP addresses.
In some cases, you need to allocate other network configuration parameters

except IP addresses to fixed static terminals. For example, besides obtaining an IP
address, an IP phone needs information such as the startup configuration file to
register normally. In this case, you can configure a DHCP Option template and
configure network configuration parameters except the IP address required by the
client in the DHCP Option template. Then bind the DHCP Option template to the
fixed terminal in the global address pool. The DHCP server then allocates the IP
address and other parameters to the terminal.
Precautions
Network parameters configured in the DHCP Option template view take effect
only for static clients. A DHCP Option template can be bound to multiple clients.
Run the static-bind ip-address ip-address mac-address mac-address [ option-
template template-name ] command to configure a DHCP Option template that
is bound to static clients.
Example
# Create a DHCP Option template named test.
[HUAWEI] dhcp option template test
7.7.17 dhcp relay gateway-switch enable
Function
Using the dhcp relay gateway-switch enable command, you can enable DHCP
relay gateway switching.
Using the undo dhcp relay gateway-switch enable command, you can disable
DHCP relay gateway switching.
By default, DHCP relay gateway switching is disabled.
Format
dhcp relay gateway-switch enable
undo dhcp relay gateway-switch enable

Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp relay gateway-switch enable command is used on DHCP relay agents.
This command allows a DHCP relay agent to use a secondary IP address as the
gateway address to apply for IP addresses for users when it fails to use the
primary IP address to apply for IP addresses.
Prerequisites
● Global DHCP has been enabled by using the dhcp enable command in the
system view.
● DHCP relay has been enabled on an interface by using the dhcp select relay
command.
Precautions
● The gateway address switches from the primary IP address to a secondary IP

address only when a user fails to obtain an IP address by using the primary IP
address for at least three times and the interval between the last failure and
first failure exceeds 24 seconds.
● Before running this command on an interface, ensure that the interface has a
primary IP address and at least one secondary IP address.
● If a primary IP address and multiple secondary IP addresses are configured on
an interface, the system tries the secondary IP addresses one by one until
users successfully obtain IP addresses.
Example
# Enable DHCP relay gateway switching on VLANIF10.
[HUAWEI-Vlanif10] ip address 192.168.31.1 255.255.255.0 sub
[HUAWEI-Vlanif10] dhcp select relay
[HUAWEI-Vlanif10] dhcp relay server-ip 192.168.20.1
[HUAWEI-Vlanif10] dhcp relay gateway-switch enable
7.7.18 dhcp relay information enable

Function
The dhcp relay information enable command enables the Option 82 function for
the DHCP relay agent.
The undo dhcp relay information enable command disables the Option 82
function for the DHCP relay agent.
By default, the Option 82 function is disabled for the DHCP relay agent.
Format
dhcp relay information enable
undo dhcp relay information enable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to the DHCP relay agent. When DHCP Request messages
carry Option 82 information, the DHCP server can locate user positions accurately
and assign IP addresses to users using different policies. After the Option 82
function is enabled on the DHCP relay agent, the device checks the Option 82 field
contained in the packets and processes the packets using corresponding policies.
Prerequisites
DHCP has been enabled by running the dhcp enable command in the system
view.
DHCP relay has been enabled by running the dhcp select relay command in the
interface view.
Follow-up Tasks
Run the dhcp relay information strategy { drop | keep | replace } command in
the interface view to configure strategies for the DHCP relay agent to process
Option 82 information.
Example
# Enable the Option 82 function for the DHCP relay agent on the VLANIF100
interface.

[HUAWEI] vlan 100
[HUAWEI-Vlanif100] dhcp relay information enable
7.7.19 dhcp relay information strategy
Function
The dhcp relay information strategy command configures the strategies used by
a DHCP relay agent to process Option 82 information.
The undo dhcp relay information strategy command restores the default setting.
By default, the strategy used by a DHCP relay agent to process Option 82
information is replace.
Format
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
Parameters
Parameters Description Value
drop Configures the DHCP -

relay agent to drop
keep Configures the DHCP -

relay agent to keep
replace Configures the DHCP -

relay agent to replace
Views
Default Level
Usage Guidelines
Usage Scenario

This command applies to the DHCP relay agent. When DHCP Request messages
carry Option 82 information, the DHCP server can locate user positions accurately
and assign IP addresses to users using different policies. When a DHCP relay agent
receives DHCP Request messages, it uses one of the following strategies to process
Option 82 information:
● Drop:
– If the received DHCP message does not carry an Option 82 field, the
DHCP relay agent forwards the message directly without processing it.
– If the received DHCP message carries an Option 82 field, the DHCP relay
agent drops the Option 82 field and forwards the message.
● Keep:
DHCP relay agent forwards the message directly without processing it.
agent keeps the Option 82 field and forwards the message.
● Replace:
DHCP relay agent inserts an Option 82 field configured by the
administrator into the received message and forwards the message.
agent replaces it with the Option 82 field configured by the administrator
and forwards the message.
Prerequisites
DHCP has been enabled by running the dhcp enable command in the system
view.
DHCP relay has been enabled by running the dhcp select relay command in the
interface view.
The Option 82 function has been enabled for the DHCP relay agent by using the
dhcp relay information enable command.
Example
# Configure the DHCP relay agent to drop Option 82 information on VLANIF 100.
[HUAWEI] vlan 100
[HUAWEI-Vlanif100] dhcp relay information enable
[HUAWEI-Vlanif100] dhcp relay information strategy drop
7.7.20 dhcp relay release

Function
The dhcp relay release command configures a DHCP relay agent to send a
release message to a DHCP server for releasing the IP address assigned to a DHCP
client.

Format
dhcp relay release client-ip-address mac-address [ server-ip-address ]
Parameters
client-ip-address Specifies the IP address The value is in dotted

of a DHCP client. decimal notation.
mac-address Specifies the MAC The value is in H-H-H

address of a DHCP client. format. H is a
4 digits.

of a DHCP server. If this decimal notation.
parameter is specified, a
DHCP relay agent sends
a release message to the
specified DHCP server for
releasing the IP address
assigned to a DHCP
client.
Views
VLANIF interface view, system view
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. In some situations, for example, a
user is forced to go offline, the user's IP address is no longer used. However, the
user cannot access the network, and will not send a DHCP release message to the
DHCP server to release the IP address assigned by the DHCP server. Before the IP
address lease expires, the DHCP server will not assign the user's IP address to
another client, wasting IP addresses. In this case, you can run the dhcp relay
release command to configure a DHCP relay agent to send a DHCP release
message to the DHCP server. After receiving the message, the DHCP server sets
the status of the IP address to idle. The DHCP server then can assign the released
IP address to another client.
If a DHCP server IP address is specified, the DHCP relay agent sends an address
release request only to the specified DHCP server. If no DHCP server address is
specified, the following situations occur:

● When the dhcp relay release command is run in the system view, the DHCP
relay agent sends an address release request to DHCP servers on all the
interfaces working in DHCP relay mode.
● When the dhcp relay release command is run in the interface view, the DHCP
relay agent sends an address release request to all DHCP servers on the
VLANIF interface.
Precautions
The dhcp relay release command only releases the IP addresses dynamically
assigned by DHCP servers.
When multiple DHCP relay agents are connected between the DHCP client and
server, this command must be executed on the first DHCP relay agent.
Example
# Configure a DHCP relay agent to send a release message to the DHCP server at
10.1.1.1 for releasing the IP address 192.168.1.1 assigned to the DHCP client
whose MAC address is 00e0-fc34-2000.
[HUAWEI] dhcp relay release 192.168.1.1 00e0-fc12-3456 10.1.1.1
7.7.21 dhcp relay request server-match enable
Function
The dhcp relay request server-match enable command configures a DHCP relay
agent to check the DHCP server identifier (Option54) in a DHCP Request message
to be forwarded.
The undo dhcp relay request server-match enable command configures a DHCP
relay agent not to check the DHCP server identifier (Option54) in a DHCP Request
message to be forwarded.
By default, a DHCP relay agent checks the DHCP server identifier (Option54) in a
DHCP Request message to be forwarded.
Format
dhcp relay request server-match enable
undo dhcp relay request server-match enable
Parameters
None
Views
System view
Default Level

Usage Guidelines
Usage Scenario
During the four-message exchange process, the DHCP Offer message sent by a
DHCP server carries the DHCP server identifier (Option54) to identify the server.
After receiving the DHCP Offer message, the DHCP client records the DHCP server
identifier and carries it in the DHCP Request message to be replied to indicate
which DHCP server is selected. When the DHCP relay agent forwards the DHCP
Request message, it checks the DHCP server identifier in the message and
forwards the message only to the corresponding DHCP server.
If multiple DHCP servers are deployed on the network and the design of a server
does not comply with standards, the DHCP server identifier carried in the DHCP
Offer message to be sent by the server is not its identifier. As a result, the DHCP
server identifier carried in the DHCP Request message is incorrect, the DHCP relay
agent forwards the message to an incorrect DHCP server rather than the matching
DHCP server, and the client fails to obtain an IP address.
To resolve this issue, you can run the undo dhcp relay request server-match
enable command, so that the DHCP relay agent does not check the DHCP server
identifier (Option54) in the DHCP Request message to be forwarded and forwards
the message to all relayed DHCP servers, ensuring that the matching DHCP server
can receive the DHCP Request message.
Prerequisites
DHCP has been enabled globally using the dhcp enable command.
Example
# Configure a DHCP relay agent not to check the DHCP server identifier
(Option54) in a DHCP Request message to be forwarded.
[HUAWEI] undo dhcp relay request server-match enable
7.7.22 dhcp relay reply forward all enable
Function
The dhcp relay reply forward all enable command configures a DHCP relay
agent to forward all DHCP ACK messages.
The undo dhcp relay reply forward all enable command restores the default
setting.
By default, a DHCP relay agent forwards only the first received DHCP ACK
message.
Format
dhcp relay reply forward all enable
undo dhcp relay reply forward all enable

Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
As defined in RFC2131, the DHCP server that provides only IP addresses for DHCP
clients replies with DHCP ACK messages. After receiving a DHCP ACK message, a
DHCP relay agent searches for the entry based on the DHCP client's MAC address
contained in the message, forwards the message to the corresponding client, and
then immediately deletes the entry matching the client.
If multiple DHCP servers are deployed on the network, the design of a server does
not comply with standards, and a DHCP client requests for an IP address, the
server does not provide an IP address for the DHCP client but replies with a DHCP
ACK message. If the DHCP relay agent first receives the DHCP ACK message
replied by the server, it incorrectly forwards the message to the client and deletes
the corresponding entry. After the DHCP relay agent receives the correct DHCP
ACK message, it cannot forward the message because the entry matching the
client has been deleted. As a result, the client cannot obtain an IP address.
To resolve this issue, you can run the dhcp relay reply forward all enable
command, so that the DHCP relay agent does not immediately delete the entry
matching a client after forwarding a DHCP ACK message to the client. Instead, the
DHCP relay agent deletes the entry that has been aged out to ensure that the
subsequently received DHCP ACK messages can be forwarded to the client.
Prerequisites
Example
# Configure a DHCP relay agent to forward all DHCP ACK messages.
[HUAWEI] dhcp relay reply forward all enable
7.7.23 dhcp relay server-ip
Function
The dhcp relay server-ip command configures a DHCP server address on an
interface enabled with DHCP relay.

The undo dhcp relay server-ip command deletes the configured DHCP server
addresses on an interface enabled with DHCP relay.
By default, no DHCP server address on an interface enabled with DHCP relay is

configured.
Format
dhcp relay server-ip ip-address
undo dhcp relay server-ip { ip-address | all }
Parameters
ip-address Specifies the IP address The value is in dotted

of a DHCP server. decimal notation.
all Deletes all the DHCP -

server addresses
configured on an
interface.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. When a DHCP client needs to send a
DHCP Discover message to a DHCP server on a different network segment
through a DHCP relay agent, you must configure the DHCP server address on the
DHCP relay agent.
When a DHCP relay agent forwards a DHCP Discover message, it does not check
whether the DHCP server status is Down. If multiple DHCP server addresses are
configured on an interface, multiple DHCP servers respond with DHCP Offer
messages to the DHCP client. However, the DHCP client uses the first received
DHCP Offer message. As a result, IP addresses in the IP address pool on the first
DHCP server are insufficient, but available IP addresses in the IP address pools on
the other DHCP servers are not allocated. To make each DHCP server allocate the
same number of IP addresses, a DHCP relay agent changes the forwarding order
each time it forwards a DHCP Discover message, so that load balancing is
implemented among DHCP servers. A DHCP relay agent forwards a DHCP
Discover message as follows:

● The DHCP relay agent forwards the message to all DHCP servers by default,
and changes the forwarding order each time it forwards a DHCP Discover
message.
● You can configure the ip relay address cycle command to reduce the number
of packets received by a DHCP server and lessen the load of a DHCP server.
After this command is configured, the DHCP relay agent forwards a received
DHCP Discover message to one DHCP server at a time, and forwards the
DHCP Discover message to a different DHCP server each time it receives the
message.
Prerequisites
DHCP relay has been enabled on the interface using the dhcp select relay
command.
Precautions
If you run the dhcp relay server-ip command for multiple times, multiple DHCP
server addresses are configured.
Each interface that is enabled with DHCP relay can be configured with a
maximum of 8 DHCP server addresses.
Example
# Configure DHCP relay and two DHCP server addresses on VLANIF 100.
[HUAWEI] vlan 100
7.7.24 dhcp relay server-select
Function
The dhcp relay server-select command configures a DHCP server group for a
DHCP relay agent.
The undo dhcp relay server-select command deletes the configured DHCP server
group of a DHCP relay agent.
By default, no DHCP server group is configured.
Format
dhcp relay server-select group-name
undo dhcp relay server-select

Parameters
group-name Specifies the name of a The value is a string of 1

DHCP server group. to 32 case-sensitive
characters without
spaces.
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp relay server-select command applies to DHCP relay agents. When a
DHCP client needs to send DHCP requests to a DHCP server using a DHCP relay
agent, you can run the dhcp relay server-select command to specify a DHCP
server group for the DHCP relay agent and configure the DHCP server address.
Prerequisites
1. A DHCP server group has been created using the dhcp server group
command.
2. The DHCP relay function has been enabled using the dhcp select relay
command so that the system can forward DHCP packets to the specified
DHCP server.
Precautions
● Multiple interfaces can be configured with the same DHCP server group, and
one interface can be configured with only one DHCP server group.
● If you run the dhcp relay server-select command in the same interface view
for multiple times, only the latest configuration takes effect. If a specified
DHCP server group does not exist, the configuration fails; however, the latest
configured DHCP server group still takes effect.
Example
# Configure the DHCP server group of a DHCP relay agent as group1 on
VLANIF100.
[HUAWEI] dhcp server group group1
[HUAWEI-dhcp-server-group-group1] dhcp-server 10.10.10.10
[HUAWEI-dhcp-server-group-group1] quit


[HUAWEI-Vlanif100] dhcp relay server-select group1
7.7.25 dhcp relay trust option82
Function
The dhcp relay trust option82 command enables Option 82 on the DHCP relay
agent.
The undo dhcp relay trust option82 command disables Option 82 on the DHCP
relay agent.
By default, Option 82 is enabled on the DHCP relay agent.
Format
dhcp relay trust option82
undo dhcp relay trust option82
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
This command is used on the DHCP relay agent to enable the Option 82 function.
After receiving a DHCP packet that carries the Option 82 field but the giaddr field
of the packet is 0, the DHCP relay agent processes the packet by default. Using
the undo dhcp relay trust option82 command, the DHCP relay agent discards the
packet.
Prerequisites
DHCP has been enabled globally by using the dhcp enable command.
Example
# Enable Option 82 trusted of the DHCP relay agent.
[HUAWEI] dhcp relay trust option82

7.7.26 dhcp set ttl
Function
The dhcp set ttl command sets the TTL value for DHCP Discover messages after
they are forwarded by the DHCP relay agent at Layer 3.
The undo dhcp set ttl command restores the default setting.
By default, the TTL value of DHCP Discovery messages decreases by 1 after they
are forwarded by the DHCP relay agent at Layer 3.
Format
dhcp set ttl { unvaried | ttl-value }
undo dhcp set ttl
Parameters
unvaried Indicates that the TTL value of DHCP Discovery -
messages remains unchanged after the messages
are forwarded by the DHCP relay agent at Layer 3.
That is, the device does not reduce the TTL value
by 1.
ttl-value Specifies a fixed TTL value for DHCP Discovery The value is an
messages after they are forwarded by the DHCP integer that
relay agent at Layer 3. ranges from 1
to 255.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The dhcp set ttl command is used on DHCP relay agents. When a DHCP relay
agent forwards DHCP Discovery messages at Layer 3, it reduces the TTL value of
the messages by 1 by default. Assume that the TTL value of a DHCP Discovery
message received by the DHCP relay agent is 1. If the DHCP relay agent reduces
the TTL value by 1, the TTL value changes to 0. The next-hop routing device will
discard the message as its TTL value is 0. As a result, the DHCP server cannot
receive the DHCP Discovery message forwarded by the DHCP relay agent. To
ensure that the DHCP server can receive the DHCP Discovery message sent from

the client, run the dhcp set ttl command to set the TTL value of the DHCP
Discovery message to a non-zero value after the message is forwarded at Layer 3.
NOTE
If the DHCP relay agent connects to a special client whose TTL value of DHCP Discovery
messages is 1, and if there are routing devices between the DHCP relay agent and DHCP
server, run the dhcp set ttl ttl-value command to specify a fixed TTL value (16 is
recommended) for DHCP Discovery messages after they are forwarded by the DHCP relay
agent at Layer 3.
Prerequisites
The DHCP function has been enabled globally using the dhcp enable command.
Example
# Set the TTL value of DHCP Discovery messages to 16 after the messages are
forwarded by the DHCP relay agent at Layer 3.
[HUAWEI] dhcp set ttl 16
7.7.27 dhcp select global

Function
The dhcp select global command enables an interface to use the global address
pool.
The undo dhcp select global command disables an interface from using the
global address pool.
By default, an interface is disabled from using the global address pool.
Format
dhcp select global
undo dhcp select global
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario

The dhcp select global command applies to DHCP servers. After receiving a DHCP
Request message from a DHCP client, a DHCP server assigns an IP address from
the local address pool to the client. Run the dhcp select global command to
configure the device to assign IP addresses from the global address pool. When no
interface address pool is created for the DHCP server, the DHCP server assigns an
IP address from the global address pool to an online user.
The device can also assign IP addresses from an interface address pool using the
dhcp select interface command in the interface view.
Prerequisites
● DHCP has been enabled using the dhcp enable command in the system view.
● Before running the dhcp select global command, you need to run the ip
address command to configure the interface IP address.
Precautions
If the DHCP relay and DHCP server functions are simultaneously configured on an
interface, only the DHCP server function takes effect.
Example
# Enable VLANIF100 to use the global address pool.
[HUAWEI-Vlanif100] dhcp select global
7.7.28 dhcp select interface

Function
The dhcp select interface command enables an interface to use the interface
address pool.
The undo dhcp select interface command disables an interface from using the
interface address pool.
By default, the DHCP server function using the interface address pool is disabled
on an interface.
Format
dhcp select interface
undo dhcp select interface
Parameters
None
Views

Default Level
Usage Guidelines
Usage Scenario
The dhcp select interface command applies to DHCP servers. After receiving a
DHCP Request message from a DHCP client, a DHCP server assigns an IP address
from the local address pool to the client. Run the dhcp select interface command
to configure a DHCP server to assign IP addresses from the interface address pool
to clients.
The device can also assign IP addresses from a global address pool using the dhcp
select global command.
Prerequisites
DHCP has been enabled globally using the dhcp enable command in the system
view.
An IP address has been configured for an interface using the ip address

command. The IP addresses assigned by the address pool and configured on the
interface are on the same network segment.
Precautions
If the DHCP relay and DHCP server functions are simultaneously configured on an
interface, only the DHCP server function takes effect.
Example
# Enable VLANIF100 to use the interface address pool.
[HUAWEI-Vlanif100] dhcp select interface
7.7.29 dhcp server alarm ip-used percentage
Function
The dhcp server alarm ip-used percentage command configures the percentage
of the alarms indicating that the addresses in an interface address pool are used
up, and the percentage of the clear alarms.
The undo dhcp server alarm ip-used percentage command restores the default
percentages of the alarms and clear alarms.
By default, the percentage of the alarms indicating that the addresses in an

interface address pool are used up is 100%, and the percentage of the clear
alarms is 50%.

Format
dhcp server alarm ip-used percentage alarm-resume-percentage alarm-
percentage
undo dhcp server alarm ip-used percentage
Parameters
alarm-resume- Specifies the percentage The value is an integer

percentage of the clear alarms. that ranges from 1 to
100. The default value is
50.
NOTE
The percentage of the
clear alarms cannot exceed
that of the alarms.
alarm-percentage Specifies the percentage The value is an integer

of the alarms indicating that ranges from 1 to
that the addresses in an 100. The default value is
address pool are used 100.
up.
Views
Default Level
Usage Guidelines
Usage Scenario
When the addresses in an interface address pool are used up, alarms are sent to
notify the administrator.
Prerequisites
1. The DHCP function has been enabled using the dhcp enable command in the
system view.
2. IP addresses in the interface address pool have been configured using the ip
address command.
3. The DHCP server function has been enabled on the interface using the dhcp
select interface command.
Precautions
The percentage of the clear alarms cannot exceed that of the alarms.

Example
# Configure the percentage of the alarms indicating that the addresses in an
interface address pool are used up, and the percentage of the clear alarms in the
interface address pool of the VLANIF100.
[HUAWEI-Vlanif100] dhcp server alarm ip-used percentage 80 90
7.7.30 dhcp select relay

Function
The dhcp select relay command enables the DHCP relay function.
The undo dhcp select relay command disables the DHCP relay function.
By default, the DHCP relay function is disabled.
Format
dhcp select relay
undo dhcp select relay
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp select relay command applies to DHCP relay agents. If the DHCP server
and client are on the same network segment, they can directly communicate with
each other using DHCP. In this case, no DHCP relay agent is needed. If the DHCP
server and client are on different network segments, the DHCP relay function
must be enabled to forward DHCP messages.
Prerequisites
The DHCP function has been enabled using the dhcp enable command in the
system view.
Follow-up Tasks

● To ensure that a DHCP relay agent can forward DHCP packets to a DHCP
server, run the dhcp relay server-select or dhcp relay server-ip command on
the DHCP relay-enabled interface to configure the correct IP address of the
DHCP server.
● To ensure that a DHCP server can forward DHCP packets to a DHCP relay
agent, you must configure a route to the DHCP relay agent on the DHCP
server.
● If multiple DHCP relay agents exist on the network, run the dhcp relay
detect enable command to enable user entry detection on the DHCP relay
agent to prevent the IP addresses assigned to clients from conflicting with
those of other clients.
Precautions
● If the DHCP relay and DHCP server functions are simultaneously configured
on an interface, only the DHCP server function takes effect.
● The DHCP server must select an IP address in the same network segment with
the DHCP relay agent from the global address pool to ensure that the DHCP
client obtains an IP address on the local network segment. No interface
address pool can be configured on the interface that connects the DHCP
server and relay agent.
Example
# Enable the DHCP relay function on VLANIF100.
7.7.31 dhcp server bootfile

Function
The dhcp server bootfile command configures the name of the startup
configuration file for a DHCP client.
The undo dhcp server bootfile command deletes the configured name of the
startup configuration file for a DHCP client.
By default, the startup configuration file name is not configured for a DHCP client.
Format
dhcp server bootfile bootfile
undo dhcp server bootfile

Parameters
bootfile Specifies the name of The value is a string of 1

the startup configuration to 127 case-sensitive
file for a DHCP client. characters without
spaces.
Views
Default Level
Usage Guidelines
Usage Scenario
Besides assigning IP addresses, a DHCP server can also provide the required
network configuration parameters, such as the startup configuration file name for
the DHCP clients. After the name of the startup configuration file is configured
using the dhcp server bootfile command, the Offer and ACK packets sent from
the DHCP server carry this file name. The DHCP client can acquire the startup
configuration file from the specified server based on the file name.
Prerequisites
system view.
address command.
Example
# Configure the name of the startup configuration file as start.ini for the DHCP
client on the Vlanif100.
[HUAWEI-Vlanif100] dhcp server bootfile start.ini

7.7.32 dhcp server bootp

Function
Using the dhcp server bootp command, you can enable a DHCP server to respond
to a Bootstrap Protocol (BOOTP) request.
Using the undo dhcp server bootp command, you can disable a DHCP server
from responding to a BOOTP request.
By default, a DHCP server responds to a BOOTP request.
Format
dhcp server bootp
undo dhcp server bootp
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
A DHCP server and a BOOTP server may reside on the same network segment.
The BOOTP server assigns static IP addresses to BOOTP clients. As defined in the
DHCP protocol, a DHCP server can also respond to BOOTP requests to assign IP
addresses to BOOTP clients. BOOTP clients may obtain IP addresses from the
DHCP server but not the BOOTP server.
Prerequisites
DHCP has been enabled globally using the dhcp enable command in the system
view.
Follow-up Procedure
Using the dhcp server bootp automatic command in the system view, you can
enable the DHCP server to allocate IP addresses to BOOTP clients.
Example
# Enable a DHCP server to respond to a BOOTP request.
[HUAWEI] dhcp server bootp

7.7.33 dhcp server bootp automatic

Function
The dhcp server bootp automatic command enables the DHCP server to
dynamically allocate IP addresses to BOOTP clients.
The undo dhcp server bootp automatic command disables the DHCP server from
dynamically allocating IP addresses to BOOTP clients.
By default, a DHCP server does not dynamically allocate IP addresses to BOOTP
clients.
Format
dhcp server bootp automatic
undo dhcp server bootp automatic
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. When BOOTP clients need to obtain their
IP addresses, DNS server's IP address, and gateway IP address from a DHCP server,
you need to run the dhcp server bootp automatic command to enable the DHCP
server to dynamically allocate IP addresses to BOOTP clients.
Prerequisites
● DHCP has been enabled globally using the dhcp enable command in the
system view.
● The DHCP server has been enabled to respond to BOOTP requests by using
the dhcp server bootp command, or dhcp server bootp automatic cannot
take effect.
Precautions
When the device functions as the DHCP server, the device can allocate IP
addresses to BOOTP clients if the BOOTP clients reside on the same network as
the DHCP server. You can run the dhcp server bootp automatic command to
dynamically allocate IP addresses. You can also run the static-bind command or
the dhcp server static-bind command to allocate IP addresses to BOOTP clients
in the static binding mode.

Example
# Enable the DHCP server to allocate IP addresses to BOOTP clients.
[HUAWEI] dhcp server bootp
[HUAWEI] dhcp server bootp automatic
7.7.34 dhcp server conflict auto-recycle interval
Function
The dhcp server conflict auto-recycle interval command enables automatic
reclaim of conflicting IP addresses in the interface address pool and configures the
interval for the automatic reclaim.
The undo dhcp server conflict auto-recycle interval command disables

automatic reclaim of conflicting IP addresses in the interface address pool and
deletes the configured interval for the automatic reclaim.
By default, automatic reclaim of conflicting IP addresses in the interface address

pool is disabled.
Format
dhcp server conflict auto-recycle interval day day [ hour hour [ minute
minute ] ]
undo dhcp server conflict auto-recycle interval
Parameters
day day Specifies the interval for The value is an integer

the automatic reclaim, in that ranges from 0 to
days. 999, in days. The default
value is 0.
hour hour Specifies the interval for The value is an integer

hours. in hours. The default
value is 0.
minute minute Specifies the interval for The value is an integer

minutes. in minutes. The default
value is 0.
Views

Default Level
Usage Guidelines
Usage Scenario
This command is used on a DHCP server. When a DHCP server allocates IP

addresses to clients, IP address conflict may occur because IP addresses of some
hosts have been manually configured. In this case, the DHCP server considers
these IP addresses as conflicting IP addresses, and allocates available IP addresses
from the conflicting IP addresses to clients only after available IP addresses in the
address pool are used up. To reclaim conflicting IP addresses promptly, the
administrator can run this command to enable automatic reclaim and specify the
reclaim interval.
Prerequisites
system view.
address command.
Example
# Enable automatic reclaim for conflicting IP addresses in the address pool on
VLANIF 100, and set the interval for automatic reclaim to one day.
[HUAWEI-Vlanif100] dhcp server conflict auto-recycle interval day 1
7.7.35 dhcp server database
Function
The dhcp server database command enables the function to save the current
DHCP data to storage devices.
The undo dhcp server database command disables the function to save the
DHCP data to storage devices.
By default, DHCP data is not saved to storage devices.
Format
dhcp server database { enable | recover | write-delay interval }
undo dhcp server database { enable | recover | write-delay }

Parameters
enable Enables the function to -

save DHCP data to
storage devices.
recover Recovers DHCP -

configurations using
DHCP data in storage
device.
write-delay interval Specifies the interval at The value is an integer

which DHCP data is ranging from 300 to
saved. 86400, in seconds. The
default value is 300
seconds.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
When the device functions as a DHCP server, run the dhcp server database
enable command to enable the device to save DHCP data to storage devices. This
avoids data loss caused by device faults. Then the system generates lease.txt and
conflict.txt files in the storage device. The two files save address lease
information and address conflict information respectively. Run the display dhcp
server database command to check the storage device for saving DHCP data.
After the dhcp server database enable command is run, current DHCP data is
automatically saved at the specified interval, and previous data files are
overwritten. The interval can be set using the dhcp server database write-delay
interval command.
If a fault occurs on the device, run the dhcp server database recover command
to recover DHCP data from storage devices during the system restarts.
Prerequisites
The dhcp server database enable command has been run to enable the device to
save DHCP data to storage devices, and ensure that the storage devices work
properly.
Precautions
● The lease.txt and conflict.txt files are overwritten periodically; therefore, you
are advised to back up and save the two files to other locations.

● The time displayed in the lease.txt and conflict.txt files is the UTC time rather
than the system time, and you do not need to pay attention to time zone
information.
Example
# Enable the device to save the current DHCP data to storage devices and set the
interval at which DHCP data is saved to 2000s.
[HUAWEI] dhcp server database enable
[HUAWEI] dhcp server database write-delay 2000
# Recover DHCP configuration using the DHCP data saved on storage devices.
[HUAWEI] dhcp server database recover
7.7.36 dhcp server dns-list
Function
The dhcp server dns-list command configures DNS server addresses for an
The undo dhcp server dns-list command deletes the specified DNS server
addresses of an interface address pool.
By default, no DNS server address is configured in an interface address pool.
Format
dhcp server dns-list { ip-address &<1-8> | unnumbered interface interface-type
interface-number }
undo dhcp server dns-list { all | ip-address | unnumbered interface }
Parameters
ip-address Specifies the IP address of the DNS The value is in

server. You can configure up to eight IP dotted decimal
addresses for the DNS servers and notation.
separate two IP addresses with a space.
unnumbered Borrows the DNS server address -

interface interface- obtained by the interface as the DNS
type interface- server IP address.
number
all Deletes all IP addresses of DNS servers -

specified for the client.

Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. If user hosts access hosts on the network
through the domain name, user hosts need to send DNS Request messages to the
DNS server and resolve the domain name. To enable DNS services on the DHCP
client, specify the DNS server address for the interface address pool on the DHCP
server. The DHCP server can assign both the specified DNS server address and an
IP address to the client. To configure DNS server addresses for a global address
pool, run the dns-list command.
Prerequisites
system view.
address command.
Precautions
● Each address pool can be configured with a maximum of eight DNS server
addresses. If multiple DNS server addresses are configured, the first DNS
server address assigned to the DHCP client functions as the primary address
and other addresses are secondary addresses.
● To specify multiple DNS servers, enter multiple DNS server addresses in the
dhcp server dns-list command.
Example
# Specify a DNS server at 10.10.1.254 for domain name resolution when IP
addresses in the interface address pool on VLANIF100 are assigned to clients.
[HUAWEI-Vlanif100] dhcp server dns-list 10.10.1.254
7.7.37 dhcp server domain-name (interface view)

Function
The dhcp server domain-name command configures a DNS domain name
assigned to a DHCP client.
The undo dhcp server domain-name command deletes a specified domain name.

By default, no domain name is configured for the DHCP client.
Format
dhcp server domain-name domain-name
undo dhcp server domain-name
Parameters
domain-name Specifies the domain The value is a string of 1 to 63

name that the DHCP characters without spaces.
server assigns to the
NOTE
client.
When quotation marks are used around
the string, spaces are allowed in the
string.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. Run the dhcp server domain-name
command on a DHCP server to specify a domain name for each interface address
pool. When allocating IP addresses to clients, the DHCP server also sends the
domain names to the clients.
Prerequisites
system view.
address command.
Precautions
To configure a domain name for the global address pool, run the domain-name
command.
Example
# Set the domain name assigned by the DHCP address pool on the interface to
example.com.

[HUAWEI-Vlanif100] dhcp server domain-name example.com
7.7.38 dhcp server excluded-ip-address
Function
The dhcp server excluded-ip-address command specifies the range of IP
addresses that cannot be automatically assigned to clients from an interface
address pool.
The undo dhcp server excluded-ip-address command deletes the specified range
of IP addresses that cannot be automatically assigned to clients from an interface
address pool.
By default, all IP addresses in an address pool can be automatically assigned to

clients.
Format
dhcp server excluded-ip-address start-ip-address [ end-ip-address ]
undo dhcp server excluded-ip-address start-ip-address [ end-ip-address ]
Parameters
start-ip-address Specifies the start IP The value is in dotted

address of the IP address decimal notation.
segment where
addresses cannot be
automatically assigned
to clients.
end-ip-address Specifies the end IP The value is in dotted

address of the IP address decimal notation. end-ip-
segment where address and start-ip-
addresses cannot be address must be on the
automatically assigned same network segment
to clients. If end-ip- and end-ip-address must
address is not specified, be larger than start-ip-
only the IP address address.
corresponding to start-
ip-address cannot be
automatically assigned.
Views

Default Level
Usage Guidelines
Usage Scenario
The dhcp server excluded-ip-address command applies to DHCP servers. Fixed IP
addresses are allocated to some specific hosts (such as the WWW server) on the
network for a long time. If these hosts' IP addresses are overlapped with IP
addresses in the address pool and the DHCP server allocates these overlapped IP
addresses to other hosts, IP address conflicts may occur. To prevent such IP address
conflicts, you need to exclude these IP addresses from being automatically
assigned in the address pool.
You can run the dhcp server excluded-ip-address command to specify the IP
addresses or the range of IP addresses that cannot be automatically assigned to
clients in the interface address pool.
You can run the excluded-ip-address command to specify the IP addresses or the
range of IP addresses that cannot be automatically assigned to clients in the
Prerequisites
system view.
address command.
Precautions
● IP addresses that cannot be automatically assigned must be in the address
pool. If IP address range in the address pool is changed using the dhcp server
ip-range command, IP addresses that are configured not to be automatically
assigned must be within the new IP address range.
● You do not need to exclude the gateway address configured using the dhcp
server gateway-list command from being automatically allocated. The device
automatically adds the gateway address into the list of IP addresses that
cannot be automatically allocated.
You do not need to exclude the IP address of a server's interface connecting
to a client from being automatically allocated. The device automatically sets
the status of the interface IP address to Conflict during address assignment.
● If you run this command multiple times, you can specify multiple IP addresses
or ranges of IP addresses that cannot be automatically assigned to clients
from the specified address pool.
● You can run the display ip pool command to check the IP addresses in use in
the current address pool, so that you can exclude the unused IP addresses
from being automatically assigned to clients. If you need to exclude IP
addresses in use from being automatically assigned to clients, run the reset ip
pool command to reclaim these IP addresses first.

Example
# Disable IP addresses 192.168.1.1 to 192.168.1.20 from being automatically
assigned to clients from the address pool on VLANIF100.
[HUAWEI-Vlanif100] dhcp server excluded-ip-address 192.168.1.1 192.168.1.20
7.7.39 dhcp server gateway-list
Function
The dhcp server gateway-list command sets the default gateway IP address that
a DHCP server pre-allocates to DHCP clients.
The undo dhcp server gateway-list command deletes the configured default
gateway IP address.
By default, the default gateway IP address that a DHCP server pre-allocates to
DHCP clients is not configured.
Format
dhcp server gateway-list ip-address &<1-8>
undo dhcp server gateway-list { ip-address | all }
Parameters
ip-address Specifies an IP address. You can configure a The value is in decimal

maximum of eight gateway addresses, dotted notation.
which are separated by spaces.
all Indicates all IP addresses. -
Views
Default Level
Usage Guidelines
Usage Scenario
To load balance traffic and improve network reliability, you can configure multiple
default gateway addresses.

NOTICE
Do not configure the default gateway address allocated to DHCP clients as a

broadcast address.
If the VRRP virtual IP address is configured on the interface and no gateway
address is pre-allocated to the DHCP client using the dhcp server gateway-list
command, the DHCP server uses the first VRRP virtual IP address as the gateway
address to be allocated to the client. If no VRRP virtual IP address is configured on
the interface, the DHCP server uses the physical IP address of the interface as the
gateway address to be allocated to the client.
If the dhcp server gateway-list command is not configured, the gateway address
allocated by the DHCP server to the DHCP client may fail to be displayed in trace
information during fault diagnosis. Therefore, you are advised to configure this
command if the DHCP server function based on an interface address pool is used.
Prerequisites
system view.
address command.
Example
# Enable a DHCP server on a VLANIF100 to pre-allocate default gateway address
10.1.1.1 to DHCP clients.
[HUAWEI-Vlanif100] dhcp server gateway-list 10.1.1.1
7.7.40 dhcp server force insert option
Function
The dhcp server force insert option command configures a DHCP server to
forcibly insert an Option field specified in the interface address pool to a DHCP
Response packet that it sends to a DHCP client.
The undo dhcp server force insert option command deletes the Option field
forcibly inserted to a DHCP Response packet that a DHCP server sends to a DHCP
client.
By default, a DHCP server does not forcibly insert an Option field to a DHCP

Format
dhcp server force insert option code &<1-254>
undo dhcp server force insert option code &<1-254>
Parameters
code Specifies the code for a The value is an integer

forcibly replied option. that ranges from 1 to
You can configure a 254.
DHCP server to forcibly
reply one or more
options.
Views
Default Level
Usage Guidelines
Usage Scenario
In general, when a DHCP client applies for an IP address from a DHCP server,
parameters contained in the DHCP Request packet specify the options the client
requires. The DHCP server inserts the required options to a DHCP Response
packet.
Sometimes, a device, functioning as a DHCP server, receives a DHCP Request
packet that contains no parameter specifying the options the client requires.
However, the client still wants to obtain the options configured on the interface
address pool. You can run the dhcp server force insert option code &<1-254>
command to configure the DHCP server to forcibly insert an Option field to the
DHCP Response packet.
Prerequisites
system view.
address command.
4. The Option field has been configured in the interface address pool using the
dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex
hex-string | cipher cipher-string | ip-address ip-address &<1-8> } command in
the interface view.

Example
# Configure a DHCP server to forcibly insert Option 4 to a DHCP Response packet
on VLANIF100.
[HUAWEI] vlan 100
[HUAWEI-Vlanif100] dhcp server option 4 hex 11 22
[HUAWEI-Vlanif100] dhcp server force insert option 4
7.7.41 dhcp server force response

Function
The dhcp server force response command forces a DHCP server to reply with a
DHCP NAK message.
The undo dhcp server force response command disables the function of forcing a
DHCP server to reply with a DHCP NAK message.
By default, a DHCP server is not forced to reply with a DHCP NAK message.
Format
dhcp server force response
undo dhcp server force response
Parameters
None
Views
System view
Default Level
Usage Guidelines
Scenario
When a DHCP client goes online in two steps, the IP address requested by the
DHCP client is in the IP address pool, but no lease record of the DHCP client is
found in the address pool. For example, after obtaining an IP address from
another DHCP server, a wireless user roams to the current DHCP server and the
original IP address is in the address pool of the current DHCP server. Alternatively,
the address pool is reset and the original user needs to go online again. In this
case, when receiving a DHCP Request message from the DHCP client, the DHCP
server keeps silent and does not reply the DHCP client with a DHCP NAK message.

The DHCP client can apply for an IP address to go online again in four steps only
after the two steps for the client to go online time out. As a result, the DHCP
client is slow in obtaining an IP address. To force the DHCP server to reply with a
DHCP NAK message, you can run the dhcp server force response command, so
that the DHCP client can quickly enter the four-step process for going online and
apply for an IP address again.
Prerequisites
DHCP has been enabled on the device using the dhcp enable command.
Example
# Force a DHCP server to reply with a DHCP NAK message.
[HUAWEI] dhcp server force response
7.7.42 dhcp server group

Function
The dhcp server group command creates a DHCP server group and displays the
DHCP server group view or directly displays the view of the existing DHCP server
group.
The undo dhcp server group command deletes an existing DHCP server group.
By default, no DHCP server group is configured.
Format
dhcp server group group-name
undo dhcp server group group-name
Parameters
group-name Specifies the name of a The value is a string of 1

DHCP server group. to 32 case-sensitive
characters without
spaces.
Views
System view
Default Level

Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. Generally, a DHCP relay agent serves
multiple DHCP servers. To manage these DHCP servers in a unified manner, run
the dhcp server group command to create a DHCP server group. The DHCP server
group then assigns IP addresses to users using the DHCP relay agent.
Follow-up Procedure
● Run the dhcp-server command to add DHCP servers to the DHCP server
group.
● Run the dhcp relay server-select command in the interface view to specify a
DHCP server group for the DHCP relay agent.
Precautions
The maximum number of DHCP server groups that can be configured globally
varies according to the AC models:
● AD9430DN-12: 8
● AD9430DN-24 and AD9431DN-24X: 16
● Other AP models: 32
You can configure a maximum of 20 DHCP servers in a DHCP server group.
Example
# Create a DHCP server group named dhcp-srv1.
[HUAWEI] dhcp server group dhcp-srv1
7.7.43 dhcp server ip-range
Function
The dhcp server ip-range command sets the range of IP addresses that a DHCP
server pre-allocates to DHCP clients.
The undo dhcp server ip-range command deletes the configured IP address
range.
By default, the range of IP addresses that a DHCP server pre-allocates to DHCP

clients is not configured.
Format
dhcp server ip-range start-ip-address end-ip-address
undo dhcp server ip-range

Parameters
start-ip-address Specifies the start IP address. The value is in decimal dotted

notation.
end-ip-address Specifies the end IP address. The value is in decimal dotted

notation.
Views
Default Level
Usage Guidelines
Usage Scenario
You can run the dhcp server ip-range start-ip-address end-ip-address command
to change the range of IP addresses in an address pool based on actual usage of
IP addresses.
Prerequisites
system view.
address command.
Example
# Enable a DHCP server on a VLANIF100 to pre-allocate IP addresses 192.168.1.2
to 192.168.1.100 to DHCP clients.
[HUAWEI-Vlanif100] dhcp server ip-range 192.168.1.2 192.168.1.100
7.7.44 dhcp server lease

Function
The dhcp server lease command specifies the IP address lease for addresses in an

The undo dhcp server lease command restores the default IP address lease of
addresses in an interface address pool.
By default, the IP address lease of addresses in an interface address pool is one

day.
Format
dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server lease
Parameters
day day Specifies the number of The value is an integer

days in the IP address that ranges from 0 to
lease. 999. The default value is
1.
hour hour Specifies the number of The value is an integer

hours in the IP address that ranges from 0 to 23.
lease. The default value is 0.
minute minute Specifies the number of The value is an integer

minutes in the IP address that ranges from 0 to 59.
unlimited Indicates that the IP -

address lease is
unlimited.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. To meet different client requirements,

DHCP supports dynamic, automatic, and static address assignment.
DHCP clients require different IP address leases.

● If a host (such as the DNS server) needs to use a fixed IP address for a long
time, run the dhcp server lease unlimited command to configure the IP
address lease as unlimited.

● If a host (such as a portable computer) needs to use a temporary IP address,

run the dhcp server lease command to specify an IP address lease. After the
lease expires, the DHCP server withdraws the IP address and assigns the
address to other clients.
When a DHCP client starts and 50% or 87.5% of its IP address lease has passed,
the DHCP client sends a DHCP Request message to the DHCP server to renew the
lease.
● If the IP address can still be assigned to the client, the DHCP server informs
the client of a renewed IP address lease.
● If the IP address can no longer be assigned to the client, the DHCP server
informs the client that the IP address lease cannot be renewed.
You can run the display ip pool command to view information about the IP
address lease. The values of the lease and left fields in the command output
indicate the configured lease time and remaining lease time, respectively.
Prerequisites
system view.
address command.
Precautions
Different IP address leases can be specified for different interface address pools on
a DHCP server. All IP addresses in an interface address pool have the same lease.
If the IP address lease of an address pool is changed using this command, newly
assigned IP addresses use the new IP address lease. IP addresses assigned before
the change still use the original IP address lease before the lease is updated, and
use the new lease after the lease is updated.
Example
# Set the IP address lease of the address pool on VLANIF100 to 2 days 2 hours
and 30 minutes.
[HUAWEI-Vlanif100] dhcp server lease day 2 hour 2 minute 30
7.7.45 dhcp server logging

Function
The dhcp server logging command enables the logging function during IP
address allocation of the DHCP server in the interface view.
The undo dhcp server logging command disables the logging function during IP
address allocation of the DHCP server in the interface view.

By default, the logging function during IP address allocation of the DHCP server is
disabled.
Format
dhcp server logging [ allocation-fail | allocation-success | release | renew-fail |
renew-success | detect-conflict | recycle-conflict ] *
undo dhcp server logging [ allocation-fail | allocation-success | release |
renew-fail | renew-success | detect-conflict | recycle-conflict ] *
Parameters
allocation-fail Displays logs when -

address allocation fails.
allocation-success Displays logs when -

address allocation
succeeds.
release Displays logs when -

addresses are released.
renew-fail Displays logs when -

address lease renewal
fails.
renew-success Displays logs when -

address lease renewal
succeeds.
detect-conflict Displays logs when -

address conflict occurs.
recycle-conflict Displays logs when -

conflicting addresses are
reclaimed.
Views
Default Level
Usage Guidelines
Usage Scenario
This command is used on a DHCP server. When the DHCP server allocates IP
addresses to clients, it records address allocation information to facilitate routine

maintenance and fault location. After the logging function during IP address
allocation of the DHCP server is configured using the dhcp server logging
command, the DHCP server records logs about address allocation, conflict, lease
renewal, and release.
Run the display ip pool interface interface-pool-name command to check the

status of the logging function during IP allocation of the DHCP server.
Prerequisites
system view.
address command.
Precautions
● With this logging function enabled, if a large number of DHCP clients request
IP addresses from the DHCP server, the server frequently records logs. The
server performance may therefore be affected.
● IP address allocation logs are recorded in the AM module. To view log
information, the information center must be enabled. In addition, default
settings for log output vary depending on various factors including the log
level and output direction.
For example, the level of logs indicating that an IP address is successfully
allocated, an IP address is successfully renewed, and an IP address is
successfully released is informational, and these logs are not recorded in the
log buffer by default. You can run the info-center source AM channel 4 log
level informational command to change the level of the logs to be recorded
in the log buffer. You can then run the display logbuffer command to check
the preceding logs.
Example
# Enable the logging function during IP address allocation of the DHCP server on
the interface VLANIF100.
[HUAWEI-Vlanif100] dhcp server logging
7.7.46 dhcp server mask
Function
The dhcp server mask command sets the subnet mask of IP addresses that a
DHCP server pre-allocates to DHCP clients.
The undo dhcp server mask command deletes the configured subnet mask.

By default, the subnet mask of IP addresses that a DHCP server pre-allocates to

DHCP clients is not configured.
Format
dhcp server mask { mask | mask-length }
undo dhcp server mask
Parameters
mask Specifies a subnet mask. The value is in decimal dotted

notation.
mask-length Specifies the length of the The value is an integer ranging

subnet. from 0 to 32.
Views
Default Level
Usage Guidelines
Usage Scenario
After enabling the DHCP server function on an interface, you can configure the
range and subnet mask of IP addresses that a DHCP server pre-allocates to DHCP
clients. Run the dhcp server ip-range command to configure the IP address range
and run the dhcp server mask command to configure the subnet mask of the IP
addresses.
Prerequisites
system view.
address command.
Example
# Set the subnet mask of IP addresses that a DHCP server on a VLANIF100 pre-
allocates to DHCP clients to 255.255.255.0.


[HUAWEI-Vlanif100] dhcp server mask 255.255.255.0
7.7.47 dhcp server nbns-list

Function
The dhcp server nbns-list command configures Network Basic Input Output
System (NetBIOS) server addresses for an interface address pool.
The undo dhcp server nbns-list command deletes the NetBIOS server address
from an interface address pool.
By default, no NetBIOS server address is configured for an interface address pool.
Format
dhcp server nbns-list ip-address &<1-8>
undo dhcp server nbns-list { ip-address | all }
Parameters
ip-address Specifies the NetBIOS The value is in dotted

server address. decimal notation.
all Deletes all NetBIOS -

server addresses.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. Before hosts communicate with each
other, a NetBIOS server needs to resolve the accessed NetBIOS hostname to an IP
address. To enable hosts to communicate with each other, run the dhcp server
nbns-list command to configure NetBIOS server addresses for an interface
address pool. When assigning IP addresses to clients, a DHCP server also assigns
the configured NetBIOS server addresses to clients. To configure NetBIOS server
addresses for a global address pool, run the nbns-list command.
Prerequisites

system view.
address command.
Precautions
Each interface can be configured with a maximum of eight NetBIOS server

addresses. The first assigned address functions as the primary address, and other
addresses function as secondary addresses.
Example
# Specify a NetBIOS server at 192.168.1.99 for domain name resolution when IP
addresses in the interface address pool on VLANIF100 are assigned to clients.
[HUAWEI-Vlanif100] dhcp server nbns-list 192.168.1.99
7.7.48 dhcp server netbios-type
Function
The dhcp server netbios-type command specifies the NetBIOS node type for a
DHCP client connecting to an interface.
The undo dhcp server netbios-type command deletes the specified NetBIOS
node type of a DHCP client connecting to an interface.
By default, no NetBIOS node type is specified for a DHCP client connecting to an

interface.
Format
dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type
Parameters
b-node Indicates a node in -

broadcast mode. A b-
node obtains the
mapping in broadcast
mode.

h-node Indicates a node in -

hybrid mode. An h-node
is a b-type node enabled
with the end-to-end
communication
mechanism.
m-node Indicates a node in -

mixed mode. An m-node
is a p-type node with
some broadcast features.
p-node Indicates a node in peer- -

to-peer mode. This node
obtains mappings by
communicating with the
NetBIOS server.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. When DHCP clients use NetBIOS on the
WAN to communicate, their host names and IP addresses need to be mapped. You
can run the dhcp server netbios-type command to configure the NetBIOS node
type for an interface address pool. When assigning an IP address to the client, the
DHCP server also sends the specified NetBIOS node type to the client.
Prerequisites
system view.
address command.
Precautions
To specify the NetBIOS node type for a client in the global address pool, run the
netbios-type command.

Example
# Set the NetBIOS node type for a client in the address pool on VLANIF100 to p-
node.
[HUAWEI-Vlanif100] dhcp server netbios-type p-node
7.7.49 dhcp server next-server

Function
The dhcp server next-server command specifies a server IP address for DHCP
clients.
The undo dhcp server next-server command cancels the configuration.
By default, no server IP address is specified by the DHCP Server for DHCP clients.
Format
dhcp server next-server ip-address
undo dhcp server next-server
Parameters
ip-address Specifies a server IP The value is in dotted

address. decimal notation.
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp server next-server command is used on DHCP servers. When assigning
a DHCP client an IP address, a DHCP server can also assign the DHCP client an IP
address of the server that provides network services for the client. For example,
some clients like IP phones still need other configuration parameters after
automatically obtaining IP addresses. You can run the dhcp server next-server
command to specify the server address used after a client obtains an IP address.

The client then requests the configuration parameters from the specified server
after obtaining an IP address.
If users use addresses in the interface address pool, run the dhcp server next-
server command to specify the DHCP server IP address. If users use addresses in
the global address pool, run the next-server command to specify the DHCP server
IP address.
Prerequisites
system view.
address command.
Precautions
● The dhcp server next-server command takes effect for only users who use
addresses in the interface address pool.
● If you run the dhcp server next-server command multiple times, only the
Example
# Specify the server IP address 192.168.1.2 in the interface address pool on
VLANIF100 used to provide services for terminal users.
[HUAWEI-Vlanif100] dhcp server next-server 192.168.1.2
7.7.50 dhcp server option
Function
The dhcp server option command sets user-defined option for an interface
address pool.
The undo dhcp server option command deletes user-defined option from an
By default, no user-defined option is configured in an interface address pool.
Format
dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hex-
string | cipher cipher-string | ip-address ip-address &<1-8> }
undo dhcp server option [ code [ sub-option sub-code ] ]

Parameters

user-defined option. that ranges from 1 to
254, except values 1, 3,
6, 15, 44, 46, 50, 51, 52,
53, 54, 55, 57, 58, 59, 61,
82, 120, 121 and 184.
NOTE
● The format of
Option121 and
Option184 are different
from the other codes of
a customized option.
● There are well-known
options and customized
options. For details
about well-known
options, see RFC 2132.
sub-option sub-code Specifies the code of a The value is an integer

user-defined sub-option. that ranges from 1 to
254. For details about
well-known options, see
RFC 2132.
ascii ascii-string Specifies the user- The value is a string of 1

defined option code as to 255 characters when
an ASCII character string. sub-option is not
specified, or a string of 1
to 253 characters when
sub-option is specified.
hex hex-string Specifies the user- The value is a

defined option code as a hexadecimal string with
hexadecimal string. an even number of
digits, for example, hh or
hhhh. If sub-option is
not specified, the even
number is in the range
of 2 to 254. If sub-
option is specified, the
even number is in the
range of 2 to 252. The
value can be a
combination of digits
(0-9) and letters (A-F
and a-f).

cipher cipher-string Specifies the user- The value is a string, you

defined option code as a can enter a character
ciphertext character string in explicit text or
string. cipher text.
● The character string
in explicit text is a
string of 1 to 64
characters.
in cipher text is a
string of 32 to 104
characters.
No matter whether the
character string is
entered in explicit or
cipher text, the character
string is displayed in
cipher text in the
configuration file and in
explicit text in packets.
ip-address ip-address Specifies the user- The value is in dotted

defined option code as decimal notation.
an IP address.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. The Option field in a DHCP packet carries
control information and parameters, including basic information such as the DNS
service, NetBIOS service, and IP address lease. If a DHCP server is configured with
option, when a DHCP client applies for an IP address from an interface address
pool, the client can obtain configurations in the Option field of the DHCP response
packet from the DHCP server without having to configure the DNS service,
NetBIOS service, or IP address lease separately.
Prerequisites
system view.

address command.
Precautions
● When the password is contained in option, the ascii or hex type is insecure.
Set the option type to cipher. A secure password should contain at least two
types of the following: lowercase letters, uppercase letters, number, and
special characters. In addition, the password must consist of six or more than
six characters.
● The dhcp server option command configures basic functions, such as the
NetBIOS service and IP address lease. The system also provides commands to
configure these functions separately. These commands take precedence over
the dhcp server option command.
● To set user-defined option for a global address pool, run the option
command.
● When users on an enterprise's intranet use a proxy server to connect to the
Internet, you need to configure proxy server parameters so that users can use
browsers to access the network. The Web Proxy Auto-Discovery Protocol
(WPAD) implements automatic configuration of these parameters. The
administrator does not need to manually configure these parameters on each
client. To implement the WPAD function, the administrator needs to deploy
the configuration file of the proxy server in advance, and then run the dhcp
server option 252 ascii ascii-string command to specify the URL of the
configuration file. The ascii-string parameter specifies the URL of the
configuration file, in the format of http://xxx/proxy.pac. Set ascii-string
according to the actual location of the configuration file. When a browser
accesses the network, the browser requests the DHCP server to send the URL
of the configuration file on the proxy server, and then downloads the
configuration file to conduct automatic configuration. After the configuration
is completed, the browser can access the network.
NOTE
The value of ascii-string cannot be enclosed in double quotation marks as "ascii-

string". Otherwise, terminals cannot parse Option252.
Example
# Set Option64 to 0x11 (a hexadecimal number) for the interface address pool on
VLANIF100.
[HUAWEI-Vlanif100] dhcp server option 64 hex 11

7.7.51 dhcp server option121

Function
The dhcp server option121 command configures a classless static route allocated
by a DHCP server to a client.
The undo dhcp server option121 command deletes a classless static route
allocated by a DHCP server to a client.
By default, the classless static route allocated to a client is not configured.
Format
dhcp server option121 ip-address { ip-address mask-length gateway-address }
&<1-8>
undo dhcp server option121 [ ip-address ip-address mask-length gateway-
address ]
Parameters
ip-address Specifies the destination The value is in dotted

IP address. decimal notation.
mask-length Specifies the mask The value is an integer

length. that ranges from 0 to 32.
gateway-address Specifies the gateway The value is in dotted

address of a route. decimal notation.
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp server option121 ip-address command applies to only the DHCP server.
The dhcp server option121 ip-address command configures Option 121 that
defines a classless static route allocated to a client from an interface address pool.
mask-length and gateway-address specify a classless static route. The dhcp server
option121 ip-address command configures a maximum of eight classless static
routes.
Prerequisites

system view.
address command.
4. The undo dhcp server option121 command will delete all classless static
routes. To delete one classless static route, run the undo dhcp server
option121 ip-address ip-address mask-length gateway-address command.
Example
# Configure a classless static route allocated by a DHCP server to a client in the
interface address pool on VLANIF100.
[HUAWEI-Vlanif100] dhcp server option121 ip-address 10.10.10.10 24 192.168.11.11
7.7.52 dhcp server option184
Function
The dhcp server option184 command configures Option 184 allocated by a DHCP
server to a client.
The undo dhcp server option184 command deletes Option 184 allocated by a
DHCP server to a client.
By default, Option 184 allocated by a DHCP server to a client is not configured.
Format
dhcp server option184 { as-ip ip-address | fail-over ip-address dialer-string | ncp-
ip ip-address | voice-vlan vlan-id }
undo dhcp server option184 [ as-ip | fail-over | ncp-ip | voice-vlan ]
Parameters
ncp-ip ip-address Specifies the IP address The value is in dotted

of the network call decimal notation.
processor (NCP).
as-ip ip-address Specifies the IP address The value is in dotted

of the backup NCP. decimal notation.
fail-over ip-address Specifies the IP address The value is in dotted

in the failover route. decimal notation.

dialer-string Specifies the dialer The value is a string of 1

string. to 64 characters.
voice-vlan vlan-id Specifies the ID of a The value is an integer

voice VLAN. that ranges from 1 to
4094.
Views
Default Level
Usage Guidelines
Usage Scenario
The dhcp server option184 command applies to only the DHCP server and
configures Option 184 allocated by a DHCP server to a client in an interface
address pool.
Prerequisites
system view.
address command.
Example
# Configure Option 184 allocated by a DHCP server to a client in the interface
address pool on VLANIF100.
[HUAWEI-Vlanif100] dhcp server option184 as-ip 10.10.10.10
7.7.53 dhcp server ping

Function
The dhcp server ping command sets the maximum number of ping packets to be
sent and the maximum response time of a ping packet.
The undo dhcp server ping command restores the default setting.

By default, the DHCP server sends 0 ping packets and the maximum response
time is 500 ms.
Format
dhcp server ping { packet number | timeout milliseconds } *
undo dhcp server ping { packet | timeout }
Parameters
packet number Specifies the maximum The value is an integer

number of ping packets ranging from 0 to 10.
to be sent. The value 0 indicates
that no ping operation is
performed.
timeout milliseconds Specifies the maximum The value is an integer

response time of a ping that ranges from 0 to
packet. 10000, in milliseconds.
The value 0 indicates
that no ping operation is
performed.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. Repetitive IP address assignment will

cause IP address conflicts. To solve this problem, before assigning an IP address to
a client, the DHCP server needs to send ping packets using the dhcp server ping
command to check whether the IP address is in use. Address detection checks
whether the DHCP server receives any response within a certain period of time. If
there is no response within a certain period of time, the DHCP server continues to
send ping packets to this address until the number of ping packets reaches the
maximum value. If there is still no response, it indicates that the IP address is not
in use. This ensures that the IP address assigned to the client is unique.
Prerequisites
DHCP has been enabled using the dhcp enable command.

Example
# Set the maximum number of ping packets to 3 and the maximum response time
to 400 ms.
[HUAWEI] dhcp server ping packet 3
[HUAWEI] dhcp server ping timeout 400
7.7.54 dhcp server sip-server
Function
The dhcp server sip-server command configures the SIP server IP address
assigned to a DHCP client on an interface address pool.
The undo dhcp server sip-server command deletes the configured SIP server IP
address assigned to a DHCP client on an interface address pool.
By default, the SIP server IP address assigned to a DHCP client on an interface

address pool is not configured.
Format
dhcp server sip-server { ip-address ip-address &<1-2> | list domain-name
&<1-2> }
undo dhcp server sip-server
Parameters
ip-address ip-address Specifies an IP address for The value is in dotted

the SIP server. decimal notation.
list domain-name Specifies the domain name The value is a string of 1 to

of the SIP server. 63 characters.
Views
Default Level
Usage Guidelines
Usage Scenario

This command applies to the DHCP server. To enable DHCP clients to normally
access the Internet, the DHCP server needs to specify the SIP server IP address in
the interface address pool when assigning IP addresses to the clients.
Prerequisites
system view.
address command.
Precautions
● A maximum of two SIP server addresses can be configured in each address
pool. The first assigned address functions as the primary address, and the
other address functions as a secondary address.
● Before specifying the IP address or name for a SIP server, ensure that the SIP
server exists.
● If you run this command repeatedly, the latest configuration overrides the
previous ones.
Example
# Specify 10.1.1.1 as the IP address of the SIP server when addresses in the
interface VLANIF100 address pool are assigned to clients.
[HUAWEI-Vlanif100] dhcp server sip-server ip-address 10.1.1.1
7.7.55 dhcp server sname
Function
The dhcp server sname command configures the name of the server where the
DHCP client obtains the startup configuration file.
The undo dhcp server sname command deletes the configured name of the
server where the DHCP client obtains the startup configuration file.
By default, the name of the server where the DHCP client obtains the startup
configuration file is not configured.
Format
dhcp server sname sname
undo dhcp server sname

Parameters
sname Specifies the name of The value is a string of 1

the server where the to 63 case-sensitive
DHCP client obtains the characters without
startup configuration spaces.
file.
Views
Default Level
Usage Guidelines
Usage Scenario
the DHCP clients. After the name of the server where the DHCP client obtains the
startup configuration file is configured using the dhcp server sname command,
the DHCP client obtains the startup configuration file from this server.
Prerequisites
system view.
address command.
4. The startup configuration file name has been configured for the DHCP client
using the dhcp server bootfile.
Follow-up Procedures
Ensure that the route between the DHCP client and the file server where the
DHCP client obtains the startup configuration file is reachable.
Example
# Configure the name of the server where the DHCP client obtains the startup
configuration file as Test in the interface address pool on VLANIF100.
[HUAWEI] vlan 100


[HUAWEI-Vlanif100] dhcp server bootfile start.ini
[HUAWEI-Vlanif100] dhcp server sname Test
7.7.56 dhcp server static-bind
Function
The dhcp server static-bind command binds an IP address in an interface address
pool to a MAC address.
The undo dhcp server static-bind command unbinds the IP address in an

interface address pool from a MAC address.
By default, an IP address in an interface address pool is not bound to any MAC

address.
Format
dhcp server static-bind ip-address ip-address mac-address mac-address
[ description description ]
undo dhcp server static-bind [ ip-address ip-address | mac-address mac-

address ]
Parameters
ip-address ip-address Specifies the IP address The value is in dotted

to be bound. The IP decimal notation.
address must be valid in
an interface address
pool.
mac-address mac- Specifies the user MAC The value is in H-H-H

address address. format. An H is a
4 digits.
description description Specifies the user The value is a string of 1

description. to 256 case-sensitive
characters. It can contain
spaces.
Views
Default Level

Usage Guidelines
Usage Scenario
The dhcp server static-bind command applies to DHCP servers. When planning a
network, you need to allocate fixed IP addresses to some important hosts to
ensure reliability. In this case, you can bind IP addresses in the address pool to the
MAC addresses of these hosts. After the preceding configuration is complete, if the
host of the MAC address to which the IP address is bound request an IP address
from the DHCP server, the DHCP server finds the bound IP address based on the
host's MAC address and allocates this IP address to the host, ensuring that the IP
address obtained by the host is fixed.
You can run the dhcp server static-bind command to bind an IP address in an
interface address pool to a MAC address.
You can run the static-bind command to bind an IP address in a global address
Prerequisites
system view.
address command.
Precautions
● Ensure that the bound IP address is not configured as the IP address that
cannot be allocated using the dhcp server excluded-ip-address command.
● IP addresses that are used can also be statically bound to MAC addresses or
unbound from MAC addresses. When an IP address is statically bound to a
MAC address, ensure that the MAC address to be bound is the same as the
MAC address of the user who actually uses the IP address.
● The DHCP server preferentially allocates the IP address that has been
statically bound to the client's MAC address.
● After an IP address is bound to a MAC address, the IP address does not expire.
After an automatically allocated IP address is statically bound to a MAC
address, the lease time of the IP address becomes unlimited. After the static
binding between the IP address and the MAC address is deleted, the lease
time of the IP address becomes the same as that configured in the address
pool.
Example
# Configure a DHCP server to assign a fixed IP address 10.10.10.20 in the interface
address pool on vlanif 100 to a host with the MAC address 00e0-fcf3-2a3b.
[HUAWEI-Vlanif100] dhcp server static-bind ip-address 10.10.10.20 mac-address 00e0-fcf3-2a3b

7.7.57 dhcp server trust option82

Function
The dhcp server trust option82 command enables Option 82 on the DHCP server.
The undo dhcp server trust option82 command disables Option 82 on the DHCP
server.
By default, the DHCP server trusts Option 82.
Format
dhcp server trust option82
undo dhcp server trust option82
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
This command is used on the DHCP server to enable the Option 82 function. After
receiving a DHCP packet that carries the Option 82 field but the giaddr is 0, the
DHCP server processes the packet by default. Using the undo dhcp server trust
option82 command, the DHCP server discards the packet.
Prerequisites
Example
# Enable Option 82 of the DHCP server.
[HUAWEI] dhcp server trust option82
7.7.58 dhcp speed-limit auto

Function
The dhcp speed-limit auto command enables dynamic rate limiting on DHCP
packets.

The undo dhcp speed-limit auto command disables dynamic rate limiting on
DHCP packets.
By default, dynamic rate limiting is disabled on DHCP packets.
Format
dhcp speed-limit auto
undo dhcp speed-limit auto
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To ensure security or facilitate management, users may require that the DHCP
packet processing rate should be limited. If the rate is not limited, CPU and
memory resources can be used up due to malicious attacks.
Table 7-43 and Table 7-44 list the mapping between the DHCP packet rate and
CPU/memory usage after dynamic rate limiting on DHCP packets is enabled.
Table 7-43 DHCP packet rate and CPU usage

CPU Usage (%) DHCP Packet Rate (packets/second)
(70–85) 100
[85–100) 50
100 10
Table 7-44 DHCP packet rate and memory usage

Memory Usage (%) DHCP Packet Rate (packets/second)
(65–75) 100
[75–85) 50
[85–100) 10

Prerequisites
Precautions
● A device functioning only as a DHCP snooping device or DHCP client supports

this function.
● When the CPU usage is higher than 70% or the memory usage is higher than
65%, the DHCP packet processing rate is limited.
● The DHCP packet processing rate is the same as the smaller rate among the
rates corresponding to the CPU or memory usage. For example, when the CPU
usage is 80% and the memory usage is 80%, the DHCP packet rate is 50.
Example
# Enable dynamic rate limiting on DHCP packets.
[HUAWEI] dhcp speed-limit auto
7.7.59 dhcp-server
Function
The dhcp-server command adds DHCP servers to a DHCP server group.
The undo dhcp-server command deletes DHCP servers from a DHCP server group.
By default, no DHCP server is configured in a DHCP server group.
Format
dhcp-server ip-address [ ip-address-index ]
undo dhcp-server { ip-address | ip-address-index }
Parameters

of a DHCP server. decimal notation.
ip-address-index When you specify the IP The value is an integer

address for a DHCP that ranges from 0 to 19.
server, you can specify ip-
address-index for the IP
address. If you do not
specify the server index,
the system assigns an
idle index to the server.

Views
DHCP server group view
Default Level
Usage Guidelines
Usage Scenario
The dhcp-server command applies to DHCP relay agents. To ensure that the
DHCP relay agent can forward messages to multiple DHCP servers, configure
multiple DHCP servers in a DHCP server group.
Precautions
Each DHCP server group can be configured with a maximum of twenty DHCP
servers. You can delete a DHCP server by specifying ip-address-index.
Example
# Add the DHCP server at 10.10.78.56 to a DHCP server group dhcp-srv1.
[HUAWEI] dhcp server group dhcp-srv1
[HUAWEI-dhcp-server-group-dhcp-srv1] dhcp-server 10.10.78.56
7.7.60 display dhcp client
Function
The display dhcp client command displays DHCP client lease information.
Format
display dhcp client [ interface interface-type interface-number ]
Parameters
interface interface-type Displays DHCP client -

interface-number lease information on a
specified interface:
● interface-type
type.
number.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When a device functions as the DHCP client, this command displays DHCP client
lease information.
Example
# Display DHCP client lease information.
<HUAWEI> display dhcp client
DHCP client lease information on interface Vlanif119 :
Current machine state : Bound
Internet address assigned via : DHCP
Physical address : 00e0-fccd-a896
IP address : 192.168.119.254
Subnet mask : 255.255.255.0
Gateway ip address : 192.168.119.1
192.168.119.3
192.168.119.2
DHCP server : 192.168.119.1
Lease obtained at : 2008-10-01 04:35:10
Lease expires at : 2008-10-01 04:36:10
Lease renews at : 2008-10-01 04:35:40
Lease rebinds at : 2008-10-01 04:36:03
AC IP : 192.168.10.1
Classless static route : 192.168.0.0/16 via 192.168.119.1
10.10.0.0/16 via 192.168.119.2
Host name : client Request option list : 1 3 6 15 28 33 44 121 184
Class identifier : example
Client identifier : 00e0-fccd-a896
Table 7-45 Description of the display dhcp client command output
Item Description
DHCP client lease information on DHCP client lease information on the

interface if1 interface if1.
Current machine state Current device status.
Internet address assigned via IP address obtained using DHCP.
Physical address Device MAC address.
IP address Device IP address.
Subnet mask Mask of the device IP address.
Gateway ip address Gateway address of the DHCP server.
DHCP server DHCP server address.

Item Description
Lease obtained at Time the lease is obtained.
Lease expires at Time the lease expires.
Lease renews at Time the lease needs to be renewed.

The lease of an IP address needs to be
renewed when half of the lease
expires.
Lease rebinds at Time the lease is renewed. The lease

of an IP address is renewed when
87.5% of the lease expires.
AC IP AC IP address obtained through DHCP

Option 43.
Classless static route Classless static route.
Host name Information about Option 12, which is

the host name of the client.
Request option list Information about Option 55, which is

the request option list of the client.
Class identifier Information about Option 60, which is

the vendor type identifier.
Client identifier Information about Option 61, which is

the client identifier.
7.7.61 display dhcp client statistics

Function
The display dhcp client statistics command displays message statistics on a
DHCP client.
Format
display dhcp client statistics [ interface interface-type interface-number ]

Parameters
interface interface-type Displays message -

interface-number statistics on a specified
interface:
● interface-type
type.
number.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When the device functions as the DHCP client, the display dhcp client statistics
command displays message statistics.
Example
# Display message statistics on a DHCP client.
<HUAWEI> display dhcp client statistics
DHCP message statistics on interface GigabitEthernet0/0/1 :
Input: total 0 packets
Bootp reply : 0
Offer : 0
Ack : 0
Nak : 0
Output: total 0 packets
Bootp request : 0
Discover : 0
Request : 0
Request of init-reboot: 0
Request of selecting : 0
Request of renewing : 0
Request of rebinding : 0
Decline : 0
Release : 0
Table 7-46 Description of the display dhcp client statistics command output
Item Description
Input Total number of DHCP messages

received by the client.

Item Description
Bootp reply Number of BOOTP replies received by

the client from the server.
Offer Number of Offer messages received by

Ack Number of ACK messages received by

Nak Number of NAK messages received by

Output Total number of messages forwarded

by the client.
Bootp request Number of BOOTP requests received

by the server from the client.
Discover Number of Discover messages received

Request Number of Request messages received

Request of init-reboot Number of Request of init-reboot

messages received by the server from
the client.
Request of selecting Number of Request of selecting

the client.
Request of renewing Number of Request of renewing

the client.
Request of rebinding Number of Request of rebinding

the client.
Decline Number of Decline messages received

Release Number of Release messages received

7.7.62 display dhcp configuration
Function
The display dhcp configuration command displays the configuration of a DHCP
public module.

Format
display dhcp configuration
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the configuration of a DHCP public module.
Example
# Display the configuration of a DHCP public module.
<HUAWEI> display dhcp configuration
DHCP global running information :
DHCP : Enable
DHCP speed limit : Disable (default)
DHCP anti-attack check duplicate option : Disable (default)
Table 7-47 Description of the display dhcp configuration command output

Item Description
DHCP global running information Global configuration of a DHCP public

module.
DHCP Whether DHCP is enabled. The value

can be:
● Enable: DHCP is enabled.
● Disable (default): DHCP is disabled.
By default, DHCP is disabled.
dhcp enable command.

Item Description
DHCP speed limit Whether dynamic DHCP packet rate

limiting is enabled. The value can be:
● Enable: This function is enabled.
● Disable (default): This function is
disabled. By default, dynamic DHCP
packet rate limiting is disabled.
dhcp speed-limit auto command.
DHCP anti-attack check duplicate Whether the function of checking and

option discarding DHCP packets with
duplicate options is enabled. The value
can be:
● Enable: This function is enabled.
● Disable (default): This function is
disabled. By default, the function of
checking and discarding DHCP
packets with duplicate options is
disabled.
dhcp anti-attack check duplicate
option command.
7.7.63 display dhcp option template
Function
The display dhcp option template command displays the configuration of a
DHCP Option template.
Format
display dhcp option template [ name template-name ]
Parameters
name template-name Displays the The template must be an

configuration of a existing DHCP Option
specified DHCP Option template.
template.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After configuring a DHCP Option template, you can run the display dhcp option
template command to view the configuration of the DHCP Option template,
including the template name, number, IP address of a server configured for the
client after the client automatically obtains the IP address, domain name, and
values of customized options.
Example
# Display the configuration of the DHCP Option template named test.
<HUAWEI> display dhcp option template name test
-----------------------------------------------------------------------------
Template-Name : test
Template-No : 1
Next-server : 192.168.1.5
Domain-name : example.com
DNS-server0 : 192.168.2.7
DNS-server1 : 192.168.2.8
NBNS-server0 : 192.168.1.7
NBNS-server1 : 192.168.1.8
Netbios-type : b-node
Gateway-0 : 192.168.1.10
# Display the configurations of all DHCP Option templates.

<HUAWEI> display dhcp option template
-----------------------------------------------------------------------------
Template-Name : template1
Template-No : 0
Domain-name : -
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Gateway-0 :-
-----------------------------------------------------------------------------
Template-Name : template2
Template-No : 1
Domain-name : example.com
Option-code : 64
Option-subcode : 3
Option-type : hex
Option-value : 11
DNS-server0 : 192.168.2.7
DNS-server1 : 192.168.2.8
NBNS-server0 : 192.168.2.7
NBNS-server1 : 192.168.2.8
Netbios-type : b-node
Gateway-0 : 192.168.1.10

Table 7-48 Description of the display dhcp option template command output
Item Description
Template-Name Name of the DHCP Option template.

To specify the parameter, run the dhcp
option template command.
Template-No Index value of the DHCP Option

template.
Next-server IP address of a server configured for

the client after the client automatically
obtains the IP address.
To specify the parameter, run the
next-server command in the DHCP
Option template view.
Domain-name Name of a domain.

domain-name command in the DHCP
Option-code Code for a customized option.

option command in the DHCP Option
template view.
Option-subcode Code for a customized sub-option.

template view.
Option-type Character string type for a customized

option.
template view.
Option-value Character string value for a

customized option.
template view.
DNS-server0 Address of the DNS server. Currently, a

maximum of eight DNS server
addresses can be configured. Values 0
and 1 indicate the first and second
DNS server addresses respectively.
To specify the parameter, run the dns-
list command in the DHCP Option
template view.

Item Description
NBNS-server0 Address of the NetBIOS server.

Currently, a maximum of eight
NetBIOS server addresses can be
configured in a DHCP Option
template. Values 0 and 1 indicate the
first and second NetBIOS server
addresses respectively.
nbns-list command in the DHCP
Netbios-type NetBIOS node type.

netbios-type command in the DHCP
Gateway-0 Gateway address. Currently, a

maximum of eight gateway addresses
can be configured. The value 0
indicates the first gateway address.
gateway-list command in the DHCP
7.7.64 display dhcp relay

Function
The display dhcp relay command displays configuration information about a
DHCP relay agent.
Format
display dhcp relay { configuration | all | interface interface-type interface-
number }
Parameters
configuration Displays configuration -

information about DHCP
relay agents configured
globally and on all
interfaces.

all Displays configuration -

information about DHCP
relay agents configured
on all interfaces.
interface interface-type Displays configuration -

interface-number information about a
DHCP relay agent
configured on a specified
interface.
● interface-type
type.
number.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check configuration information about DHCP relay
agents configured globally and on interfaces.
Example
# Display configuration information about DHCP relay agents on all interfaces.
<HUAWEI> display dhcp relay configuration
DHCP relay global running information :
DHCP relay address cycle : Disable (default)
DHCP relay trust option82 : Enable (default)
DHCP relay request server-match : Enable (default)
DHCP relay reply forward all : Disable (default)
DHCP relay agent running information of interface Vlanif5 :
Server group name : group1
Gateway address in use : 10.100.100.1
Gateway switch : enable
DHCP relay agent running information of interface Vlanif100 :
Server IP address [00] : 10.2.2.3
Gateway address in use : 10.2.2.2

Table 7-49 Description of the display dhcp relay configuration command output
Item Description
DHCP relay global running Configuration information about DHCP

information relay agents configured globally.
DHCP relay address cycle Whether the DHCP server polling function
is enabled on a DHCP relay agent.
● Enable: The DHCP server polling
function is enabled on a DHCP relay
agent.
● Disable: The DHCP server polling
function is disabled on a DHCP relay
agent.
To configure this item, run the ip relay
address cycle command.
DHCP relay trust option82 Whether Option 82 is enabled on a DHCP

relay agent.
● Enable: Option 82 is enabled on a DHCP
relay agent.
● Disable: Option 82 is disabled on a
DHCP relay agent.
To configure this item, run the dhcp relay
trust option82 command.
DHCP relay request server-match Whether a DHCP relay agent is enabled to

check the DHCP server identifier
(Option54) in a DHCP Request message to
be forwarded.
● Enable: A DHCP relay agent is enabled
to check the DHCP server identifier
(Option54) in a DHCP Request message
to be forwarded.
● Disable: A DHCP relay agent is disabled
from checking the DHCP server identifier
(Option54) in a DHCP Request message
to be forwarded.
request server-match enable command.
DHCP relay reply forward all Whether a DHCP relay agent is enabled to
forward all DHCP ACK messages.
● Enable: A DHCP relay agent is enabled
to forward all DHCP ACK messages.
● Disable: A DHCP relay agent is disabled
from forwarding all DHCP ACK
messages.
reply forward all enable command.

Item Description
DHCP relay agent running DHCP relay agent configuration of the if

information of interface if interface.
Server group name Group name of the DHCP Server.

relay server-select command.
Server IP address [x] IP address of a DHCP server in the DHCP

server group. The value x is the index of a
DHCP server.
To specify the parameter, run the dhcp-
server command.
Gateway address in use IP address of the DHCP gateway.

To specify the parameter, run the gateway
command.
Gateway switch Whether automatic gateway switchover is

enabled on a DHCP relay agent. The value
can be:
● Enable: The automatic gateway
switchover on a DHCP relay agent is
enabled.
● Disable: The automatic gateway
switchover on a DHCP relay agent is
disabled.
gateway-switch enable command.
7.7.65 display dhcp relay statistics

Function
The display dhcp relay statistics command displays message statistics on a DHCP
relay agent.
Format
display dhcp relay statistics [ server-group group-name ]

Parameters
server-group group- Displays message The value must be an

name statistics on DHCP relay existing DHCP server
agents connected to group on the device.
DHCP servers in a
specified DHCP server
group.
specified, message
statistics on DHCP relay
agents connected to all
DHCP servers are
displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
Run the display dhcp relay statistics command to check whether the client is
correctly configured or the network is connected.
● Run the display dhcp relay statistics server-group group-name command to
check message statistics on DHCP relay agents connected to DHCP servers in
a specified DHCP server group. The DHCP server group name needs to be
specified.
● Run the display dhcp relay statistics command to check message statistics
on all DHCP relay agents besides DHCP relay agents connected to DHCP
servers in the DHCP server group.
Follow-up Procedure
After detecting incorrect message statistics on a DHCP relay agent, run the reset
dhcp relay statistics [ server-group group-name ] command to clear message
statistics on the DHCP relay agent.
Example
# Display message statistics on a DHCP relay agent.
<HUAWEI> display dhcp relay statistics
The statistics of DHCP RELAY:
DHCP packets received from clients :0
DHCP DISCOVER packets received :0

DHCP REQUEST packets received :0

DHCP RELEASE packets received :0
DHCP INFORM packets received :0
DHCP DECLINE packets received :0
DHCP packets sent to clients :0
Unicast packets sent to clients :0
Broadcast packets sent to clients :0
DHCP packets received from servers :0
DHCP OFFER packets received :0
DHCP ACK packets received :0
DHCP NAK packets received :0
DHCP packets sent to servers :0
DHCP Bad packets received :0
Table 7-50 Description of the display dhcp relay statistics command output
Item Description
DHCP packets received from DHCP messages received from clients.

clients
DHCP DISCOVER packets received DHCP Discover messages received from

clients.
DHCP REQUEST packets received DHCP Request messages received from

clients.
DHCP RELEASE packets received DHCP Release messages received from

clients.
DHCP INFORM packets received DHCP Inform messages received from

clients.
DHCP DECLINE packets received DHCP Decline messages received from

clients.
DHCP discard packets received DHCP discard messages received from

( First ) clients.
DHCP packets sent to clients DHCP messages sent to clients.
Unicast packets sent to clients Unicast packets sent to clients.
Broadcast packets sent to clients Broadcast packets sent to clients.
DHCP packets received from DHCP messages received from servers.

servers
DHCP OFFER packets received DHCP Offer messages received from

servers.
DHCP ACK packets received DHCP ACK messages received from servers.
DHCP NAK packets received DHCP NAK messages received from servers.
DHCP discard packets received DHCP discard messages received from

( Second ) servers.
DHCP packets sent to servers DHCP messages sent to servers.
DHCP Bad packets received DHCP error messages received.

7.7.66 display dhcp relay user-table
Function
The display dhcp relay user-table command displays user entries on a DHCP
relay agent.
Format
display dhcp relay user-table { all | ip-address ip-address | mac-address mac-
address }
Parameters
all Displays all user entries on the DHCP -

relay agent.
ip-address Displays the user entry with a specified The value is in

ip-address IP address on the DHCP relay agent. dotted decimal
notation.
mac-address Displays the user entry with a specified The value is in H-H-
mac-address MAC address on the DHCP relay agent. H format. An H
contains 4
hexadecimal digits.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
A DHCP relay agent can dynamically create user entries after user entry detection
is enabled. After this function is enabled, you can use the display dhcp relay
user-table command to check the IP address, MAC address, VLAN ID, and Layer 3
access interface index of each DHCP client.
Prerequisites
User entry detection has been enabled on the DHCP relay agent using the dhcp
relay detect enable command.

Example
# Display all user entries on the DHCP relay agent.
<HUAWEI> display dhcp relay user-table all
IP Address MAC Address VLAN Interface Lease Time
--------------------------------------------------------------------------------
10.1.1.212 5cd9-98bc-0318 3501 Wlan-Dbss11:0 2017.05.05 15:55:22
10.1.1.222 000b-c002-9aed 3501 Wlan-Dbss11:0 2017.05.05 15:55:23
--------------------------------------------------------------------------------
Print count: 2 Total count: 2
# Display the user entry with IP address 10.1.1.212.

<HUAWEI> display dhcp relay user-table ip-address 10.1.1.212
--------------------------------------------------------------------------------
10.1.1.212 5cd9-98bc-0318 3501 Wlan-Dbss11:0 2017.05.05 15:55:22
--------------------------------------------------------------------------------
# Display the user entry with MAC address 5cd9-98bc-0318.

<HUAWEI> display dhcp relay user-table mac-address 5cd9-98bc-0318
--------------------------------------------------------------------------------
10.1.1.212 5cd9-98bc-0318 3501 Wlan-Dbss11:0 2017.05.05 15:55:22
--------------------------------------------------------------------------------
Table 7-51 Description of the display dhcp relay user-table command output
Item Description
IP Address IP address of a DHCP client.
MAC Address MAC address of the DHCP client.
VLAN VLAN to which the DHCP client

belongs.
Interface Index of the Layer 3 interface to which

the DHCP client connects.
Lease Time Lease expiration time.
Print count Number of user entries that are

displayed.
Total count Total number of user entries.
7.7.67 display dhcp server database
Function
The display dhcp server database command displays information about the
DHCP database.

Format
display dhcp server database
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The display dhcp server database command displays the storage path and file
name of DHCP data on a DHCP server. This information helps to check:
● Whether the function that saves DHCP data to the storage device is enabled.
If this function is not enabled, run the dhcp server database command to
enable it.
● Whether the interval at which DHCP data is saved is proper.
● Whether the function that recovers DHCP data from the storage device after
the system restarts is enabled.
Precautions
The function that saves DHCP data to storage devices and the function that
recovers DHCP data from storage devices can be enabled in any sequence.
Example
# Display information about the DHCP database.
<HUAWEI> display dhcp server database
Status: disable
Recover from files after reboot: disable
File saving lease items: flash:/dhcp/lease.txt
File saving conflict items: flash:/dhcp/conflict.txt
Save Interval: 300 (seconds)

Table 7-52 Description of the display dhcp server database command output
Item Description
Status Whether to save the data to the storage

device:
● disable
● enable
The value is set using the dhcp server
database command.
Recover from files after reboot Whether to recover data from the file on
the storage device after the system restarts:
● disable
● enable
database command.
File saving lease items File name and path of the file for storing
address lease information.
File saving conflict items File name and path of the file for storing
address conflict information.
Save Interval Interval at which DHCP data is saved, in

seconds.
database command.
7.7.68 display dhcp server configuration
Function
The display dhcp server configuration command displays DHCP server
configuration.
Format
display dhcp server configuration
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
When the AP functions as a DHCP server, you can run the display dhcp server
configuration command to check DHCP server configuration.
Example
# Display DHCP server configuration.
<HUAWEI> display dhcp server configuration
DHCP server global running information :
DHCP server bootp : Disable (default)
DHCP server bootp automatic : Disable (default)
DHCP server ping packet :0 (default)
DHCP server ping timeout : 500 (default)
DHCP server trust option82 : Enable (default)
DHCP server force response : Disable (default)
DHCP server running information for interface Vlanif10 :

DHCP server mode : Interface
DHCP server running information for interface

Vlanif20 :
DHCP server mode : Global
Table 7-53 Description of the display dhcp server configuration command

output
Item Description
DHCP server global running Global DHCP server configuration.

information
DHCP server bootp Whether the DHCP server is enabled

to respond to BOOTP requests. To
configure this item, run the dhcp
server bootp command.
DHCP server bootp automatic Whether the DHCP server is enabled

to dynamically allocate IP addresses to
BOOTP clients. To configure this item,
run the dhcp server bootp automatic
command.
DHCP server ping packet Maximum number of ping packets

sent by the DHCP server. To configure
this item, run the dhcp server ping
command.
DHCP server ping timeout Maximum time to wait for a response

to the ping packet sent by the DHCP
server. To configure this item, run the
dhcp server ping command.

Item Description
DHCP server trust option82 Whether the DHCP server is enabled

to trust the Option 82 field. To
server trust option82 command.
DHCP server force response Whether the DHCP server is enabled

to reply with DHCP NAK messages. To
server force response command.
DHCP server running information for DHCP server configuration on an

interface ifn interface.
DHCP server mode DHCP server mode. The value can be:
● Interface: indicates a DHCP server
based on an interface address pool.
To configure this item, run the dhcp
● Global: indicates a DHCP server
based on the global address pool.
To configure this item, run the dhcp
select global command.
7.7.69 display dhcp server group
Function
The display dhcp server group command displays the configuration of a DHCP
server group.
Format
display dhcp server group [ group-name ]
Parameters
group-name Displays the The value must be an

configuration of a existing DHCP server
specified DHCP server group on the device.
group.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. The display dhcp server group
command displays information about all the DHCP server groups of a DHCP relay
agent and the number of DHCP servers in the DHCP server groups. If group-name
is specified, the display dhcp server group group-name command displays DHCP
server addresses and the number of DHCP servers in a specified DHCP server
group.
Prerequisites
A DHCP server group has been created on a DHCP relay agent using the dhcp
server group command.
Example
# Display the configuration of the DHCP server group myServers.
<HUAWEI> display dhcp server group myServers
Group-name : myServers
(0) Server-IP : 10.1.1.1
Gateway : 10.10.10.1
Table 7-54 Description of the display dhcp server group command output
Item Description
Group-name Name of a DHCP server group.

server group command.
(x) Server-IP IP addresses of DHCP servers in a DHCP

server group. x is the index of the IP
addresses and ranges from 0 to 19.
To specify the parameter, run the dhcp-
server command.
Gateway Gateway address of the DHCP server in the

DHCP server group.
To specify the parameter, run the gateway
command.
7.7.70 display dhcp server statistics

Function
The display dhcp server statistics command displays statistics on a DHCP server.

Format
display dhcp server statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run the display dhcp server statistics command to check whether the
client is correctly configured or the network is connected.
Follow-up Procedure
After detecting incorrect message statistics on a DHCP server, run the reset dhcp
server statistics command to clear message statistics on the DHCP server.
Example
# Display statistics on the DHCP server.
<HUAWEI> display dhcp server statistics
DHCP Server Statistics:
Client Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Server Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0
Table 7-55 Description of the display dhcp server statistics command output
Item Description
DHCP Server Statistics Statistics on the DHCP server.
Client Request Number of DHCP messages sent from the

DHCP client to the DHCP server.

Item Description
Dhcp Discover, Dhcp Request, Numbers of different types of DHCP

Dhcp Decline, Dhcp Release, Dhcp messages sent from the DHCP client to the
Inform DHCP server.
Server Reply Number of DHCP messages sent from the

DHCP server to the DHCP client.
Dhcp Offer, Dhcp Ack, Dhcp Nak Numbers of different types of DHCP
messages sent from the DHCP server to the
DHCP client.
Bad Messages Number of unknown messages.
7.7.71 display dhcp statistics

Function
The display dhcp statistics command displays DHCP message statistics.
Format
display dhcp statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display dhcp statistics command displays statistics about sent and received
DHCP messages.
Example
# Display DHCP message statistics.
<HUAWEI> display dhcp statistics
Input: total 172 packets, discarded 0 packets
Bootp request : 0, Bootp reply : 0
Discover : 0, Offer : 172
Request : 0, Ack : 0
Release : 0, Nak : 0
Decline : 0, Inform : 0

Rx buffers full : 2978, L2fdb lookup failed : 38
Output: total 172 packets, discarded 0 packets

DHCP AM interact statistics
Msg send to AM Request
to AM : 0, Release to AM : 0 Decline to
AM : 0 Msg receive from
AM Request from
AM : 0, Release from AM : 0
Decline from AM : 0
Drop Reason
Temporary lease full : 0, Retransmit too frequent : 0
Discover too frequent : 0, Request static ip fail : 0
Session does not exist : 0, Send ipc msg to AM fail : 0
No temporary lease table: 0, Select req IP invalid : 0
Reboot req IP invalid : 0, Renew req IP invalid : 0
Packet unknown : 0
Table 7-56 Description of the display dhcp statistics command output

Item Description
Bootp request Number of BOOTP requests sent by

the device that functions as the client.
Bootp reply Number of BOOTP replies received by

Discover Number of Discover messages received

Offer Number of Offer messages received by

Request Number of BOOTP requests received

Ack Number of ACK messages received by

Release Number of Release messages received

Nak Number of NAK messages received by

Decline Number of Decline messages sent by

the client.
Inform Number of Inform messages sent by

the client.
DHCP AM interact statistics Statistics about exchange messages

between the DHCP module and the
AM module.
Msg send to AM Messages sent to the AM module.
Request to AM Address request messages sent to the

AM module.

Item Description
Release to AM Address release messages sent to the

AM module.
Release to AM Address conflict messages sent to the

AM module.
Msg receive from AM Messages received from the AM

module.
Request from AM Address request messages received

from the AM module.
Release from AM Address release messages received

from the AM module.
Decline from AM Address conflict messages received

from the AM module.
Drop Reason Cause of a DHCP message loss.
Drop Reason Cause of a DHCP message loss.
Temporary lease full Full temporary lease table.
Retransmit too frequent Messages that are retransmitted too

frequently.
Discover too frequent Request messages that are sent too

frequently.
Request static ip fail Failure to request a static IP address.
Session does not exist Session table not existing.
Send ipc msg to AM fail Failure to send messages to the AM

module.
No temporary lease table Failure to query the temporary lease

table.
Select req IP invalid Invalid requested IP address in the

discovery stage.
Reboot req IP invalid Invalid requested IP address in the

two-step login stage.
Renew req IP invalid Invalid requested IP address in the

address lease renewal stage.
Packet unknown Unknown messages.

Item Description
Rx buffers full or L2fdb lookup failed Information displayed when the DHCP
service is abnormal. The displayed
information includes:
● Rx buffers full: Total number of
DHCP packets discarded because
the remaining queue length is
shorter than the reserved threshold.
● L2fdb lookup failed: Total number
of DHCP packets discarded because
entries fail to be queried.
● High cpu occupancy: Total number
the CPU usage is excessively high.
● Port blocked: Total number of
the inbound interface is blocked.
● Bad vlan id: Total number of DHCP
packets discarded because the
VLAN ID is incorrect.
● Memory exhausted: Total number
the memory is exhausted.
● L3if protocol down: Total number of
the Layer 3 protocol of the source
interface goes Down.
● Rate limit: Total number of DHCP
packets discarded because rates of
the packets exceed the limit.
● Bad packet length: Total number of
the packet length is incorrect.
● Bad ip header length: Total number
the IP header length is incorrect.
● Bad ip header checksum: Total
number of DHCP packets discarded
because the checksum of the IP
header is incorrect.
● Bad udp checksum: Total number of
the checksum of the UDP header is
incorrect.
● Hops exceeded: Total number of
the number of next hops is
incorrect.

Item Description
● Bad magic cookie: Total number of

the magic-cookie field is incorrect.
● Duplicate option: Total number of
the option fields are duplicate.
● Bad option length: Total number of
the option field length is incorrect.
● End option absent: Total number of
DHCP packets discarded because of
the incorrect end option.
● Dest-port equals source: Total
number of DHCP packets discarded
because the source interface is also
the outbound interface.
● Bad chaddr: Total number of DHCP
packets discarded because the MAC
address of the client is incorrect.
● Bad giaddr: Total number of DHCP
packets discarded because the relay
gateway is incorrect.
● Bad request: Total number of DHCP
request packets are incorrect.
● Bad reply: Total number of DHCP
response packets are incorrect.
● Bad dest udp-port: Total number of
the destination interface is
incorrect.
● Bad message type: Total number of
DHCP packets discarded because of
incorrect destination interfaces.
● L2fdb lookup failed: Total number
of incoming DHCP packets
discarded because entries fail to be
queried.
● Max-user limit: Total number of
the maximum number of users is
exceeded.
● Add bindtable failed: Total number
dynamic binding entries are added.

Item Description
● Client transfered: Total number of

DHCP packets discarded due to
interface flapping.
● Bad original interface: Total number
dynamic binding entries are added.
● Bad client-id: Total number of
the client ID is incorrect.
● Bad server-id: Total number of
the server ID is incorrect.
● Bad dest-ip: Total number of DHCP
destination IP address is incorrect.
● Other error: Total number of DHCP
packets discarded due to other
reasons.
7.7.72 display ip pool
Function
The display ip pool command displays configured IP address pool information.
Format
display ip pool
display ip pool interface interface-pool-name [ start-ip-address [ end-ip-

address ] | all | conflict | expired | used ]
display ip pool name ip-pool-name [ start-ip-address [ end-ip-address ] | all |
conflict | expired | used [ user-type { dhcp | pppoe | l2tp | ipsec | ssl-vpn |
ppp } ] ]
Parameters
interface Displays the configuration of the specified The interface

interface-pool- interface address pool. address pool
name must be an
NOTE
existing one.
An interface address pool is often specified using
the interface type and interface number, which are
not separated by spaces.

name ip-pool- Displays the configuration of the specified The global

name global address pool. address pool
must be an
existing one.
start-ip-address Displays the IP addresses within the range The value is

[ end-ip-address ] specified by the start IP address in an IP in dotted
address pool. decimal
notation.
If end-ip-address is specified, the end IP
address is also specified.
all Displays information about all IP addresses in -

an IP address pool.
conflict Displays the conflicting IP addresses in the -

address pool. (If an IP address that the DHCP
server prepares to allocate to a user exists on
the network, the IP address will be added to
the conflict list. This problem occurs when a
static IP address is configured or an active/
standby switchover occurs in a VRRP group if
the range of IP addresses in the address
pools on the master and backup devices
overlap.)
expired Displays information about expired and idle -

IP addresses in an IP address pool.
used [ user-type Displays information about used IP addresses -

{ dhcp | pppoe | of the specified user type in an IP address
l2tp | ipsec | ssl- pool:
vpn | ppp } ] ● dhcp indicates users who obtain IP
addresses through DHCP.
● pppoe indicates users who obtain IP
addresses through PPPoE dial-up.
● l2tp indicates L2TP users.
● ipsec indicates IPSec users.
● ssl-vpn indicates SSL VPN users.
● ppp indicates PPP users.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display ip pool command to view configured IP address pool and
IP address information, including the IP address pool name, lease, lock status, and
status of IP addresses in the IP address pool.
Example
# Display information about conflicting addresses in the IP address pool named
test.
<HUAWEI> display ip pool name test conflict
Pool-name : test
Pool-No :1
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
Option-code : 60
Option-subcode : --
Option-type : cipher
Option-value : %^%#5g)NPN1M,$M;pQ-lT\P>Al6QN4#ldIVVjD69XlCN%^%#
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 :-
Network : 192.168.0.0
Mask : 255.255.255.0
Bootfile : 43534
Logging : Enable
Conflicted address recycle interval: 1 Days 0 Hours 0 Minutes
Address Statistic: Total :254 Used :1
Idle :252 Expired :2
Conflict :1 Disabled :0
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
192.168.0.1 192.168.0.254 254 1 252(2) 1 0
-------------------------------------------------------------------------------
Client-ID format as follows:
DHCP : mac-address PPPoE : mac-address
IPSec : user-id/portnumber/vrf PPP : interface index
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
-------------------------------------------------------------------------------
Index IP Client-ID Type Left Status
-------------------------------------------------------------------------------
109 192.168.0.110 - - - Conflict
-------------------------------------------------------------------------------
Table 7-57 Description of the display ip pool command output
Item Description
Pool-name Name of an IP address pool.

To configure this parameter, run the ip
pool (system view) command.

Item Description
Pool-No Index of the IP address pool.
Lease Lease of the IP address pool.

lease command.
Domain-name Name of a domain.

domain-name command.
Option-code Value of a customized option.

option command.
Option-subcode Value of a customized sub-option.

option command.
Option-type Type of a customized option code:

● ascii: indicates that the customized
option code is an ASCII character
string.
● hex: indicates that the customized
option code is a hexadecimal string.
● cipher: indicates that the
customized option code is a
ciphertext character string.
option command.
Option-value Content of a customized option.

option command.
DNS-server0 Address of the DNS server. Currently,

an IP address pool can be configured
with up to eight DNS servers. The
value 0 indicates the first DNS server
address and the value 1 indicates the
second DNS server address.
dns-list command.

Item Description
NBNS-server0 Address of the NetBIOS server.

Currently, an address pool can be
configured with up to eight NetBIOS
server addresses. The value 0 indicates
the first NetBIOS server address.
nbns-list command.
Netbios-type NetBIOS type.

netbios-type command.
Position Position of the IP address pool.
Status (First) Status of the IP address pool.

lock (IP address pool view)
command.
Gateway-0 Gateway address. Currently, a

maximum of eight gateway addresses
can be configured in an IP address
pool. The value 0 indicates the first
gateway address.
gateway-list command.
Network Network segment of the IP address

pool.
Mask Subnet mask of the IP address pool.

network (IP address pool view)
command.
Bootfile Name of the startup configuration file

configured for the DHCP client.
bootfile command.
Logging Status of the logging function when

the DHCP server allocates IP
addresses.
● Enable
● Disable
logging or dhcp server logging
command.

Item Description
Conflicted address recycle interval Interval for automatically reclaiming

conflicting IP addresses in the IP
address pool.
conflict auto-recycle interval day day
[ hour hour [ minute minute ] ]
command.
Address Statistic Statistics about IP addresses in the IP

address pool.
Start Start IP address of the IP address pool.
End End IP address of the IP address pool.
Total Total number of IP addresses in the IP

address pool.
Total = Used + Idle(Expired) + Conflict
+ Disable
Used Number of used IP addresses in the IP

address pool.
Idle(Expired) Number of idle (expired) IP addresses

in the address pool.
NOTE
If the mask length of the address pool is
shorter than that of the interface IP
address on the DHCP server, users may fail
to go online even when there are idle IP
addresses in the address pool.
Conflict Number of conflicting IP addresses in

the IP address pool.
Disabled Number of disabled IP addresses in the

IP address pool.

Item Description
Client-ID format as follows Client ID format:

● DHCP: mac-address. The client ID
format of DHCP users is a MAC
address.
● PPPoE: mac-address. The client ID
format of PPPoE users is a MAC
address.
● IPSec: user-id/portnumber/vrf. The
client ID format of IPSec users is a
user ID, port number, or VPN index.
● PPP: interface index. The client ID
format of PPP users is an interface
index.
● L2TP: cpu-slot/session-id. The client
ID format of L2TP users is a CPU
ID-slot ID or session ID.
● SSL-VPN: user-id/session-id. The
client ID format of SSL-VPN users is
a user ID or session ID.
Index Index.
IP IP address.
Client-ID DHCP client ID.
Type DHCP client type. The types include

DHCP, PPPoE, IPSec, PPP, L2TP, and
SSL-VPN.
Left Remaining lease of an IP address.

When the result of the calculation
formula ([Lease – Left]/Lease) is 50%
or 87.5%, the DHCP client sends a
DHCP Request message to the DHCP
server to renew the lease. If the
renewal succeeds, the value of the Left
field is recounted. If the renewal fails,
the DHCP client requests an IP address
again and the status of its original IP
address is set to Expired.

Item Description
Status (Second) Status of an IP address:

● Used: indicates that the IP address
is used.
● Idle: indicates that the IP address is
idle.
● Expired: indicates that the lease of
the IP address expires and the IP
address is idle.
● Conflict: indicates that the IP
address conflicts with another IP
address on the network.
● Disable: indicates that the IP
address cannot be used.
● Static-bind: indicates that the IP
address is bound to a MAC address.
● Static-bind used: indicates that the
IP address is bound to a MAC
address and used.
7.7.73 display snmp-agent trap feature-name dhcp all
Function
The display snmp-agent trap feature-name dhcp all command displays the
status of all traps for the DHCP module.
Format
display snmp-agent trap feature-name dhcp all
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario

After enabling the trap function for the DHCP module, you can run this command
to check the status of all traps for the DHCP module. To enable the trap function
for the DHCP module, run the snmp-agent trap enable feature-name dhcp
command.
Prerequisites
The SNMP function has been enabled on the device. For details, see snmp-agent.
Example
# Display the status of all traps for the DHCP module.
<HUAWEI>display snmp-agent trap feature-name dhcp all
------------------------------------------------------------------------------
Feature name: dhcp
Trap number : 15
------------------------------------------------------------------------------
hwNomatchSnpBindTblDhcpPktAlarm
off off
hwDhcpSnpChaddrAlarm off off
hwDhcpV6PktPrefixAlarm off on
hwUntrustedReplyPktAlarm off off
hwDhcpPktRateAlarm off on
hwSnpUserNumberAlarmIf on off
hwSnpUserNumberAlarmIfResume on off
hwSnpUserNumberAlarmVlan on off
hwSnpUserNumberAlarmVlanResume on off
hwSnpUserNumberAlarmGlobal on off
hwSnpUserNumberAlarmGlobalResume
on off
hwNdSnpUserNumberAlarmIf on off
hwNdSnpUserNumberAlarmIfResume on off
hwNdSnpUserNumberAlarmGlobal on off
hwNdSnpUserNumberAlarmGlobalResume
on off
hwNomatchSnpBindTblDhcpv6PktAlarm
off off
hwNomatchSnpBindTblNDPktAlarm off off
Table 7-58 Description of the display snmp-agent trap feature-name dhcp all
command output
Item Description
Feature name Name of the module to which a trap belongs.
Trap number Number of traps.

Item Description
Trap name Name of a trap. Traps for the DHCP module include:
● hwNomatchSnpBindTblDhcpPktAlarm: The device
sends a Huawei proprietary trap when the
number of DHCP Request packets that do not
match DHCP snooping binding entries and are
discarded on an interface exceeds the threshold.
● hwDhcpSnpChaddrAlarm: The device sends a
Huawei proprietary trap when the number of
discarded DHCP packets whose CHADDR field
differs from the source MAC address exceeds the
threshold.
● hwDhcpV6PktPrefixAlarm: The device sends a
Huawei proprietary trap message when the
DHCPv6 prefix length exceeds the threshold.
● hwUntrustedReplyPktAlarm: The device sends a
number of DHCP Reply packets discarded on an
untrusted interface exceeds the threshold.
● hwDhcpPktRateAlarm: The device sends a Huawei
proprietary trap message when the number of
discarded DHCP packets whose rate exceeds the
limit exceeds the threshold.
● hwSnpUserNumberAlarmIf: The device sends a
number of DHCP access users on an interface
exceeds the upper threshold.
● hwSnpUserNumberAlarmIfResume: The device
sends a Huawei proprietary trap message when
the number of DHCP access users on an interface
falls below the lower threshold.
● hwSnpUserNumberAlarmVlan: The device sends a
number of DHCP access users in a VLAN exceeds
the upper threshold.
● hwSnpUserNumberAlarmVlanResume: The device
the number of DHCP access users in a VLAN falls
below the lower threshold.
● hwSnpUserNumberAlarmGlobal: The device sends
a Huawei proprietary trap message when the
number of DHCP access users on the device
● hwSnpUserNumberAlarmGlobalResume: The
device sends a Huawei proprietary trap message
when the number of DHCP access users on the
device falls below the lower threshold.

Item Description
● hwNdSnpUserNumberAlarmIf: The device sends a

number of ND access users on an interface
● hwNdSnpUserNumberAlarmIfResume: The device
the number of ND access users on an interface
falls below the lower threshold.
● hwNdSnpUserNumberAlarmGlobal: The device
the number of ND access users on the device
● hwNdSnpUserNumberAlarmGlobalResume: The
when the number of ND access users on the
device falls below the lower threshold.
● hwNomatchSnpBindTblDhcpv6PktAlarm: The
when the number of DHCPv6 Request packets
discarded on an interface because they do not
match the binding entries exceeds the threshold.
● hwNomatchSnpBindTblNDPktAlarm: The device
the number of ND packets discarded on an
interface because they do not match the binding
entries exceeds the threshold.
Default switch status Default status of the trap function:

● on: The trap function is enabled by default.
● off: The trap function is disabled by default.
Current switch status Trap status:

● on: The trap is enabled.
● off: The trap is disabled.
7.7.74 dns-list
Function
The dns-list command configures the DNS server address for the DHCP client.
The undo dns-list command deletes a configured DNS server address.
By default, no DNS server address is configured.

Format
dns-list { ip-address &<1-8> | unnumbered interface interface-type interface-
number }
undo dns-list { ip-address | unnumbered interface | all }
DHCP Option template view
dns-list ip-address &<1-8>
undo dns-list { ip-address | all }
Parameters
ip-address Specifies the DNS server The value is in dotted

address. decimal notation. A
maximum of eight DNS
server addresses can be
configured. These IP
addresses are separated
by spaces.
unnumbered interface Borrows the DNS server -

interface-type interface- address obtained by the
number interface as the DNS
server IP address.
all Deletes all DNS server -

addresses.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. If user hosts access hosts on the network
by domain names, user hosts need to send DNS requests to the DNS server and
resolve the domain name to access for communication. To connect a DHCP client
to the network, configure a DHCP server address so that the DHCP server can
assign both the specified DNS server address and an IP address to the client. To
configure DNS server addresses for an interface address pool, run the dhcp server
dns-list command.

Precautions
In the IP address pool view and DHCP Option template view, a device can be
configured with a maximum of eight DNS server addresses respectively. The
address first assigned to the clients functions as the primary address, and the
other seven addresses function as secondary addresses.
Example
# In the IP address pool view, set the IP address of the DNS server to 10.10.10.10.
[HUAWEI-ip-pool-global1] dns-list 10.10.10.10
# In the DHCP Option template view, set the IP address of the DNS server to
10.10.10.10.
[HUAWEI-dhcp-option-template-template1] dns-list 10.10.10.10
7.7.75 domain-name
Function
The domain-name command configures the domain name suffix for the DHCP
client.
The undo domain-name command deletes a configured domain name suffix.
By default, no domain name suffix is configured.
Format
domain-name domain-name
undo domain-name
Parameters
domain-name Specifies a domain name The value is a string of 1

to be assigned to a to 63 characters without
DHCP client. spaces.
NOTE
When quotation marks are
used around the string,
spaces are allowed in the
string.
Views

Default Level
Usage Guidelines
This command applies to DHCP servers. When allocating IP addresses to the client,
the DHCP server also specifies domain names for clients. Run the domain-name
command on the DHCP server to specify a domain name. When allocating IP
addresses to clients, the DHCP server also sends the domain names to the clients.
To configure a domain name for an interface address pool, run the dhcp server
domain-name (interface view) command.
Example
# In the IP address pool view, configure the domain name suffix assigned to the
DHCP client as example.com.
[HUAWEI] ip pool test
[HUAWEI-ip-pool-test] domain-name example.com
# In the DHCP Option template, configure the domain name suffix assigned to the
DHCP client as example.com.
[HUAWEI-dhcp-option-template-template1] domain-name example.com
7.7.76 excluded-ip-address
Function
The excluded-ip-address command specifies the range of IP addresses that
cannot be automatically assigned to clients from an address pool.
The undo excluded-ip-address command deletes the specified range of IP
addresses that cannot be automatically assigned to clients from an address pool.
By default, all IP addresses in an address pool can be automatically assigned to
clients.
Format
excluded-ip-address start-ip-address [ end-ip-address ]
undo excluded-ip-address start-ip-address [ end-ip-address ]

Parameters

segment where
addresses cannot be
automatically assigned
to clients.

address of the IP address decimal notation. end-ip-
segment where address and start-ip-
addresses cannot be address must be on the
automatically assigned same network segment
to clients. If end-ip- and end-ip-address must
address is not specified, be larger than start-ip-
only the IP address address.
corresponding to start-
ip-address cannot be
automatically assigned.
Views
Default Level
Usage Guidelines
Usage Scenario
The excluded-ip-address command applies to DHCP servers. Fixed IP addresses

are allocated to some specific hosts (such as the WWW server) on the network for
a long time. If these hosts' IP addresses are overlapped with IP addresses in the
address pool and the DHCP server allocates these overlapped IP addresses to
other hosts, IP address conflicts may occur. To prevent such IP address conflicts,
you need to exclude these IP addresses from being automatically assigned in the
address pool.
You can run the excluded-ip-address command to specify the IP addresses or the
range of IP addresses that cannot be automatically assigned to clients in the
You can run the dhcp server excluded-ip-address command to specify the IP
addresses or the range of IP addresses that cannot be automatically assigned to
clients in the interface address pool.
Prerequisites

Network segment addresses that can be assigned from the global address pool
have been configured using the network (IP address pool view) command.
Precautions
● The excluded IP address or IP address segment must be in the local address

pool.
● You do not need to exclude the gateway address configured using the
gateway-list command from being automatically allocated. The device
automatically adds the gateway address into the list of IP addresses that
cannot be automatically allocated.
You do not need to exclude the IP address of a server's interface connecting
to a client from being automatically allocated. The device automatically sets
the status of the interface IP address to Conflict during address assignment.
● If you run the excluded-ip-address command multiple times, you can specify
multiple IP addresses or ranges of IP addresses that cannot be automatically
assigned to clients from the specified address pool.
● You can run the display ip pool command to check the IP addresses in use in
the current address pool, so that you can exclude the unused IP addresses
from being automatically assigned to clients. If you need to exclude IP
addresses in use from being automatically assigned to clients, run the reset ip
pool command to reclaim these IP addresses first.
Example
# Disable IP addresses 10.10.10.10 to 10.10.10.20 from being automatically
assigned to clients from the address pool global1.
[HUAWEI-ip-pool-global1] network 10.10.10.0 mask 24
[HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.10 10.10.10.20
7.7.77 force insert option
Function
The force insert option command configures a DHCP server to forcibly insert an
Option field specified in the global address pool or DHCP Option template to a
DHCP Response packet that it sends to a DHCP client.
The undo force insert option command deletes the Option field forcibly inserted
to a DHCP Response packet that a DHCP server sends to a DHCP client.
By default, a DHCP server does not forcibly insert an Option field to a DHCP
Format
force insert option code &<1-254>
undo force insert option code &<1-254>

Parameters

forcibly replied option. that ranges from 1 to
You can configure a 254.
DHCP server to forcibly
reply one or more
options.
Views
Default Level
Usage Guidelines
Usage Scenario
When a DHCP client applies for an IP address from a DHCP server, parameters
contained in the DHCP Request packet specify the options the client requires. The
DHCP server inserts the required options to a DHCP Response packet.
Sometimes, the DHCP server on the existing network receives a DHCP Request
packet that contains no parameter specifying the options the client requires.
However, the client still wants to obtain the options configured on the global
address pool. You can run the force insert option code &<1-254> command to
configure the DHCP server to forcibly insert an Option field to the DHCP Response
packet.
Prerequisites
The Option field has been configured in the global address pool by running the
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher
cipher-string | ip-address ip-address &<1-8> } command in the global address
pool view.
Example
in the address pool pool1.
[HUAWEI] ip pool pool1
[HUAWEI-ip-pool-pool1] option 4 hex 11 22
[HUAWEI-ip-pool-pool1] force insert option 4

in the DHCP Option template template1.

[HUAWEI-dhcp-option-template-template1] option 4 hex 11 22

[HUAWEI-dhcp-option-template-template1] force insert option 4
7.7.78 gateway (DHCP server group view)

Function
The gateway command specifies an egress gateway address of the DHCP server in
the DHCP server group view.
The undo gateway command restores the default setting.
By default, no egress gateway address is specified.
Format
gateway ip-address
undo gateway
Parameters

of an egress gateway. decimal notation.
Views
DHCP server group view
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. If a DHCP server and its DHCP relay
agent are on different network segments, you can run the gateway command to
specify an egress gateway address for the DHCP relay agent. In this way, the
DHCP relay agent can communicate with the DHCP server. Run the gateway-list
command to configure an egress gateway for the DHCP server.
Precautions
● If an egress gateway is not configured for a DHCP relay agent using the
gateway command, the DHCP relay agent uses the interface address as the
gateway address to communicate with the DHCP server.
● When two wireless access point devices function as the DHCP server and
DHCP relay agent respectively, they must use the same egress gateway
address.

Example
# Specify the egress gateway address of the server group myServers as 10.10.10.1.
[HUAWEI] dhcp server group myServers
[HUAWEI-dhcp-server-group-myServers] gateway 10.10.10.1
7.7.79 gateway-list
Function
The gateway-list command configures an egress gateway address for a DHCP
client.
The undo gateway-list command deletes a configured egress gateway address.
By default, no egress gateway address is configured.
Format
gateway-list ip-address &<1-8>
undo gateway-list { ip-address | all }
Parameters

of an egress gateway. decimal notation.
all Deletes all gateway -

addresses.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. If a DHCP server and its client are on
different network segments, you can run the gateway-list command to specify an
egress gateway address. In this way, the DHCP server and client can communicate
with each other. Then the DHCP server can assign both an IP address and the
specified egress gateway address to the client. You can configure multiple
gateways in a global address pool to load balance traffic and improve network
reliability.

To configure an egress gateway for a DHCP relay agent, run the gateway (DHCP
server group view) command.
If a gateway address is configured on the DHCP server, a DHCP client will obtain
the gateway address from the DHCP server and automatically generates a default
route to the gateway address. If you run the option121 command on the DHCP
server to allocate classless static routes to DHCP clients, the DHCP client uses an
allocated classless static route and does not automatically generate a default
route to the gateway address.
Precautions
● The IP addresses specified in the excluded-ip-address command cannot be
configured as a gateway address.
● After an IP address is configured as a gateway address, the device adds the IP
address to the list of IP addresses that cannot be automatically allocated,
removing the need to run the excluded-ip-address command.
● In the IP address pool view or DHCP Option template view, a maximum of
eight egress gateway addresses can be configured on the device. These
gateway addresses cannot be subnet broadcast addresses.
● When configuring an egress gateway address for the global address pool of a
DHCP server, ensure that this egress gateway address is the same as that of
Example
# In the IP address pool view, set the egress gateway address for the DHCP client
to 10.1.1.1.
[HUAWEI-ip-pool-global1] gateway-list 10.1.1.1
# In the DHCP Option template view, set the egress gateway address for the
DHCP client to 10.1.1.1.
[HUAWEI-dhcp-option-template-template1] gateway-list 10.1.1.1
7.7.80 ip pool (system view)

Function
The ip pool command creates a global address pool.
The undo ip pool command deletes a global address pool.
By default, no global address pool is created.
Format
ip pool ip-pool-name
undo ip pool ip-pool-name

Parameters
ip-pool-name Specifies the name for The value is a string of 1

an IP address pool. to 64 case-insensitive
characters without
spaces. It can contain
digits, letters, and special
characters such as
underscores (_), hyphens
(-), and periods (.). It
cannot be set to - or --.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. When configuring a DHCP server, run the
ip pool (system view) command in the system view to create a global IP address
pool and set parameters for the global IP address pool, including a gateway
address, and the IP address lease. Then the configured DHCP server can assign IP
addresses in the IP address pool to clients.
Follow-up Procedure
Run the network command to specify the range of the IP addresses in the pool.
Example
# Create a global address pool named global1.
7.7.81 ip relay address cycle
Function
The ip relay address cycle command enables the DHCP server polling function on
a DHCP relay agent.
The undo ip relay address cycle command disables the DHCP server polling
function on a DHCP relay agent.
By default, DHCP server polling is disabled on a DHCP relay agent.

Format
ip relay address cycle
undo ip relay address cycle
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. When multiple DHCP server
addresses are configured on a DHCP relay agent, the DHCP relay agent forwards
DHCP Discover messages to all servers by default. As a result, DHCP servers need
to process a large number of messages, leading to heavy loads of servers. To solve
this problem, configure the ip relay address cycle command. After this command
is configured, the DHCP relay agent forwards a received DHCP Discover message
to one DHCP server at a time, and forwards the DHCP Discover message to a
different DHCP server each time it receives the message. Multiple DHCP servers
then can allocate the same number of IP addresses, implementing load balancing
among DHCP servers.
Prerequisites
Example
# Enable DHCP server polling on the wireless access point in the system view.
[HUAWEI] ip relay address cycle
7.7.82 ip address bootp-alloc

Function
The ip address bootp-alloc command enables the BOOTP client function on an
interface.
The undo ip address bootp-alloc command disables the BOOTP client function
from an interface.
By default, the BOOTP client function is disabled on an interface.

Format
ip address bootp-alloc [ unicast ]
undo ip address bootp-alloc
Parameters
unicast Indicates that -

the client
requests the
server to
unicast
response
packets to the
client.
Views
Default Level
Usage Guidelines
Usage Scenario
DHCP is developed based on the BOOTP protocol. The device supports both DHCP
and BOOTP and allows hosts to obtain IP addresses by BOOTP.
To enable an interface to obtain IP addresses using BOOTP, you can enable the
BOOTP client function on the interface. A BOOTP client requests for an IP address
from the server using BOOTP. The BOOTP client has two functions:
● Sends BOOTP Request messages to the server.
● Processes BOOTP Reply messages from the server.
To obtain an IP address, the BOOTP client sends a BOOTP Request message to the
server. When the server receives the BOOTP Request message, it sends a BOOTP
response message to the BOOTP client. The BOOTP client obtains the assigned IP
address from the response message.
Example
# Enable the BOOTP client function on VLANIF100 to obtain an IP address.
[HUAWEI-Vlanif100] ip address bootp-alloc

7.7.83 ip address dhcp-alloc

Function
The ip address dhcp-alloc command enables the DHCP client function on an
interface.
The undo ip address dhcp-alloc command disables the DHCP client function on
an interface.
By default, the DHCP client function is disabled on an interface.
Format
ip address dhcp-alloc [ unicast ]
undo ip address dhcp-alloc
Parameters
unicast Indicates that -

the client
requests the
server to
unicast
response
packets.
Views
Default Level
Usage Guidelines
Usage Scenario
To enable an interface of the AP to obtain IP addresses using DHCP, enable the
DHCP client function on the interface. A BOOTP client applies for an IP address
from the server using DHCP. The DHCP client has two functions:
● Sends DHCP Request messages to the server.
● Processes DHCP Reply messages from the server.
To obtain an IP address, the DHCP client sends a DHCP Request message to the
server. After the server receives the DHCP Request message, it sends a DHCP
response message to the DHCP client. The DHCP client obtains the assigned IP
address from the response message.

Example
# Enable the DHCP client function on VLANIF100 to obtain an IP address.
[HUAWEI-Vlanif100] ip address dhcp-alloc
7.7.84 lease
Function
The lease command sets the lease for IP addresses in a global IP address pool.
The undo lease command restores the default lease of IP addresses in a global IP
address pool.
By default, the lease of IP addresses is one day.
Format
lease { day day [ hour hour [ minute minute ] ] | unlimited }
undo lease
Parameters
day day Specifies the number of The value is an integer

days in the IP address that ranges from 0 to
lease. 999. The default value is
1.
hour hour Specifies the number of The value is an integer

hours in the IP address that ranges from 0 to 23.
minute minute Specifies the number of The value is an integer

minutes in the IP address that ranges from 0 to 59.
unlimited Indicates that the IP -

address lease is
unlimited.
Views
Default Level

Usage Guidelines
Usage Scenario
This command applies to DHCP servers. To meet different client requirements,

DHCP supports dynamic, automatic, and static address assignment.
Different hosts require different IP address leases. For example, if some hosts such
as a DNS server need to use certain IP addresses for a long time, run the lease
command to set the IP address lease of the current global address pool to
unlimited. If some hosts such as a portable computer just need to use temporary
IP addresses, run the lease command to set the IP address lease of the current
global address pool to the required time so that the expired IP addresses can be
released and assigned to other clients.
When a DHCP client starts and 50% or 87.5% of its IP address lease has passed,
the DHCP client sends a DHCP Request message to the DHCP server to renew the
lease.
● If the IP address can be assigned to the client, the DHCP server informs the
client that the IP address lease can be renewed.
● If the IP address can no longer be assigned to the client, the DHCP server
informs the client that the IP address lease cannot be renewed. The client
needs to request for another IP address.
You can run the display ip pool command to view information about the IP
address lease. The values of the lease and left fields in the command output
indicate the configured lease time and remaining lease time, respectively.
Prerequisites
A global IP address pool has been created using the ip pool command.
Precautions
Different IP address leases can be specified for different global address pools on a
DHCP server. In a global address pool, all addresses have the same lease.
To specify the IP address lease for an interface address pool, run the dhcp server
lease command.
If the IP address lease of an address pool is changed using this command, newly
assigned IP addresses use the new IP address lease. IP addresses assigned before
the change still use the original IP address lease before the lease is updated, and
use the new lease after the lease is updated.
Example
# Set the lease of a global address pool global1 to 2 days 2 hours and 30
minutes.
[HUAWEI-ip-pool-global1] lease day 2 hour 2 minute 30

7.7.85 lock (IP address pool view)

Function
The lock command locks an IP address pool.
The undo lock restores the default configuration.
By default, no IP address pool is locked.
Format
lock
undo lock
Parameters
None
Views
Default Level
Usage Guidelines
After the lock command is run, the specified IP address pool is locked and IP
addresses in this address pool cannot be assigned to clients. When a DHCP server
needs to be redeployed, you need to migrate address pools on the DHCP server to
another DHCP server on the live network. To retain the addresses that have been
assigned to clients from a global address pool, run the lock command to lock the
global address pool. When new users get online after the address pool migration,
they apply for IP addresses from a new address pool.
Example
# Lock the IP address pool global1.
[HUAWEI-ip-pool-global1] lock
7.7.86 logging (IP address pool view)

Function
The logging command enables the logging function during IP address allocation
of the DHCP server in the IP address pool view.
The undo logging command disables the logging function during IP address
allocation of the DHCP server in the IP address pool view.

By default, the logging function during IP address allocation of the DHCP server is
disabled.
Format
logging [ allocation-fail | allocation-success | release | renew-fail | renew-
success | detect-conflict | recycle-conflict ] *
undo logging [ allocation-fail | allocation-success | release | renew-fail |
renew-success | detect-conflict | recycle-conflict ] *
Parameters
allocation-fail Displays logs when address allocation fails. -
allocation-success Displays logs when address allocation succeeds. -
release Displays logs when addresses are released. -
renew-fail Displays logs when address lease renewal fails. -
renew-success Displays logs when address lease renewal succeeds. -
detect-conflict Displays logs when address conflict occurs. -
recycle-conflict Displays logs when conflicting addresses are -

reclaimed.
Views
Default Level
Usage Guidelines
Usage Scenario
This command is used on a DHCP server. When the DHCP server allocates IP
addresses to clients, it records address allocation information to facilitate routine
maintenance and fault location. After the logging function during IP address
allocation of the DHCP server is configured using the logging command, the
DHCP server records logs about address allocation, conflict, lease renewal, and
release.
Run the display ip pool name ip-pool-name command to check the status of the
logging function during IP address allocation of the DHCP server.

Prerequisites
The global address pool has been created using the ip pool (system view)
command.
Precautions
● With this logging function enabled, if a large number of DHCP clients request
IP addresses from the DHCP server, the server frequently records logs. The
server performance may therefore be affected.
● IP address allocation logs are recorded in the AM module. To view log
information, the information center must be enabled. In addition, default
settings for log output vary depending on various factors including the log
level and output direction.
For example, the level of logs indicating that an IP address is successfully
allocated, an IP address is successfully renewed, and an IP address is
successfully released is informational, and these logs are not recorded in the
log buffer by default. You can run the info-center source AM channel 4 log
level informational command to change the level of the logs to be recorded
in the log buffer. You can then run the display logbuffer command to check
the preceding logs.
Example
# Enable the logging function during IP address allocation of the DHCP server in
the IP address pool pool1.
[HUAWEI] ip pool pool1
[HUAWEI-ip-pool-pool1] logging
7.7.87 nbns-list
Function
The nbns-list command configures the NetBIOS server address for the DHCP
client.
The undo nbns-list command deletes a configured NetBIOS server address.
By default, no NetBIOS server address is configured.
Format
nbns-list ip-address &<1-8>
undo nbns-list { ip-address | all }

Parameters

of a NetBIOS server. decimal notation. A
maximum of eight
NetBIOS server addresses
can be configured. These
IP addresses are
separated by spaces.
all Deletes all NetBIOS -

server addresses.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. Before hosts communicate with each
other, a NetBIOS server needs to resolve the accessedNetBIOS hostname to an IP
address. To enable hosts to communicate with each other, run the nbns-list
command to configure NetBIOS server addresses. When assigning IP addresses to
clients, a DHCP server also assigns the configured NetBIOS server addresses to
clients. To configure NetBIOS server addresses for an interface address pool, run
the dhcp server nbns-list command.
Precautions
In the IP address pool view and DHCP Option template view, a device can be
configured with a maximum of eight NetBIOS server addresses respectively. The
first assigned address functions as the primary address, and the other seven
addresses function as secondary addresses.
Example
# In the IP address pool view, set the IP address of the NetBIOS server to
192.168.1.1.
[HUAWEI-ip-pool-global1] nbns-list 192.168.1.1
# In the DHCP Option template view, set the IP address of the NetBIOS server to
10.1.1.1.
[HUAWEI-dhcp-option-template-template1] nbns-list 10.1.1.1

7.7.88 netbios-type
Function
The netbios-type command configures the NetBIOS node type for the DHCP
client.
The undo netbios-type command deletes a configured NetBIOS node type.
By default, no NetBIOS node type for the DHCP client is configured.
Format
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
Parameters
b-node Indicates a node in -

broadcast mode. A b-
node obtains the
mapping between host
names and IP addresses
in broadcast mode.
h-node Indicates a node in -

hybrid mode. An h-node
is a b-type node enabled
with the end-to-end
communication
mechanism.
m-node Indicates a node in -

mixed mode. An m-node
is a p-type node with
some broadcast features.
p-node Indicates a node in peer- -

to-peer mode. A p-node
obtains the mapping
between host names and
IP addresses by
communicating with a
NetBIOS server.
Views

Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. When a DHCP client uses NetBIOS for
communication, its host name needs to be mapped to an IP address, and the
NetBIOS node type needs to be specified for it using the netbios-type command.
When a DHCP server assigns an IP address to clients, it also sends the specified
NetBIOS node type to clients.
Prerequisites
To specify the NetBIOS node type for a client in the interface address pool, run the
dhcp server netbios-type command.
Example
# In the IP address pool view, set the NetBIOS node type for the DHCP client to b-
node.
[HUAWEI-ip-pool-global1] netbios-type b-node
# In the DHCP Option template view, set the NetBIOS node type for the DHCP
client to b-node.
[HUAWEI-dhcp-option-template-template1] netbios-type b-node
7.7.89 network (IP address pool view)
Function
The network command sets a network segment address for a global address pool.
The undo network command restores the default network segment address.
By default, no network segment address is specified.
Format
network ip-address [ mask { mask | mask-length } ]
undo network
Parameters
ip-address Specifies a network The value is in dotted

segment address. decimal notation.

mask Specifies the mask of the -

network segment
address. If this
parameter is not
specified, the natural
mask is used.
mask Specifies the mask of the The value is in dotted

network segment decimal notation.
address.
mask-length Specifies the network The value is an integer

mask length of the that ranges from 0 to 32.
DHCP server.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. Before a DHCP server assigns IP addresses
to clients from a global address pool, run the network command to set a network
segment address for the global address pool so that the DHCP server can select
and assign IP addresses on this network segment to clients. When a DHCP server
assigns an IP address to the client from the interface address pool, the network
segment of the interface IP address is that of the interface address pool.
Precautions
● Each IP address pool can be configured with only one network segment. If the
system needs multiple address segments, multiple IP address pools are
required.
● The size of an address pool can be controlled by setting the mask length. The
mask length is in reverse proportion to the address pool size.
● When configuring an address pool, ensure that IP addresses on the network
address segment must be class A, B, or C IP addresses, and the mask cannot
be set to 0, 1, 31, or 32.
● If you need to assign IP addresses with a 16-bit mask in the network segment
10.1.1.0 to clients, the number of IP addresses in an IP address pool is 64K
after the network 10.1.1.0 mask 16 command is executed in the view of the
IP address pool. If the number of IP addresses in the IP address pool is less
than 64K, the network 10.1.1.0 mask 16 command cannot be executed in
the view of the IP address pool. In this case, perform the following operations:

Run the following commands in the IP address pool view:

[HUAWEI-ip-pool-test] ip pool test
[HUAWEI-ip-pool-test] section 0 10.1.1.2 10.1.1.254 // The section command specifies the range of
IP addresses to be allocated.
[HUAWEI-ip-pool-test] network 10.1.1.1 mask 16 // The network command specifies the mask of IP
addresses to be allocated using the mask parameter.
Enable the DHCP server function on a specific interface.

[HUAWEI-Vlanif10] dhcp select global
● The size of the IP address pool cannot be larger than 1K.
Example
# Set the network segment address of the IP address pool global1 to 192.168.1.0
and mask length to 24.
7.7.90 next-server
Function
The next-server command configures the IP address of a server for the DHCP
client after the client automatically obtains the IP address.
The undo next-server command deletes a configured IP address of a server for
the DHCP client after the client automatically obtains the IP address.
By default, no IP address of a server is configured for the DHCP client after the
client automatically obtains the IP address.
Format
next-server ip-address
undo next-server
Parameters
ip-address Specifies a server IP The value is in dotted

Views
Default Level

Usage Guidelines
Usage Scenario
The next-server command is used on DHCP servers. When assigning a client an IP
address, a DHCP server can also assign the client an IP address of the server that
provides network services for the client. For example, after obtaining IP addresses,
clients such as IP phones need parameters such as the startup configuration file to
work normally. You can run the next-server command to specify the server
address used after a client obtains an IP address. The client then requests the
configuration parameters from the specified server after obtaining an IP address.
If users use addresses in the interface address pool, run the dhcp server next-
server command to specify the DHCP server IP address. If users use addresses in
the global address pool, run the next-server command to specify the DHCP server
IP address.
Precautions
● Only one IP address of a server that provides network services can be
configured in each IP address pool view or DHCP Option template view. If the
system needs multiple IP addresses of servers that provide network services,
configure multiple IP address pools or DHCP Option templates.
● If you run the next-server command multiple times, only the latest
Example
# In the IP address pool view, set the IP address of a server for the DHCP client
after the client automatically obtains the IP address to 10.1.2.2.
[HUAWEI-ip-pool-global1] next-server 10.1.2.2
# In the DHCP Option template view, set the IP address of a server for the DHCP
client after the client automatically obtains the IP address to 10.1.2.2.
[HUAWEI-dhcp-option-template-template1] next-server 10.1.2.2
7.7.91 option
Function
The option command configures the user-defined option that a DHCP server
assigns to a DHCP client.
The undo option command deletes the user-defined option that a DHCP server
assigns to a DHCP client.
By default, no user-defined option that a DHCP server assigns to a DHCP client is
configured.
Format
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher
cipher-string | ip-address ip-address &<1-8> }

undo option [ code [ sub-option sub-code ] ]
Parameters
code Specifies the code of a The value is an integer

user-defined option. that ranges from 1 to
254, except the values 1,
3, 6, 15, 44, 46, 50, 51,
52, 53, 54, 55, 57, 58, 59,
61, 82, 120, 121, and
184.
sub-option sub-code Specifies the code of a The value is an integer

user-defined sub-option. that ranges from 1 to
254. For details about
well-known options, see
RFC 2132.
ascii ascii-string Specifies the user- The value is a string of

defined option code as case-sensitive characters
an ASCII character string. with spaces supported. If
sub-option is not
specified, the value is a
string of 1 to 255
characters. If sub-option
is specified, the value is a
string of 1 to 253
characters.
hex hex-string Specifies the user- The value is a

defined option code as a hexadecimal string with
hexadecimal character an even number of
string. characters, for example,
hh or hhhh. If sub-
option is not specified,
the value without spaces
ranges from 1 to 254
characters; if sub-option
is specified, the value
without spaces ranges
from 1 to 252. The value
can be a combination of
digits (0-9), uppercase
letters (A-F), and
lowercase letters (a-f).

cipher cipher-string Specifies the user- The value is a character

defined option code as a string either in plain text
ciphertext character or cipher text.
string. ● The character string
in plain text is a string
of 1 to 64 characters.
in cipher text is a
string of 32 to 104
characters.
No matter whether the
character string is
entered in plain or cipher
text, the character string
is displayed in cipher text
in the configuration file
and in plain text in
packets.
ip-address ip-address Specifies the user- The value is in dotted

defined option code as decimal notation.
an IP address.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to DHCP servers. The option field in a DHCP packet carries
control information and parameters. If a DHCP server is configured with options,
when a DHCP client applies for an IP address, the client can obtain the
configurations in the option field of the DHCP response packet from the DHCP
server. To configure user-defined options for an interface address pool, run the
dhcp server option command.
Precautions
● To ensure configuration accuracy, read the Request For Comments (RFC)
before configuring options.
● When an option contains a password, the option code in ascii or hex type is
insecure. You are advised to set the option code type to cipher. For security
purposes, a password must contain at least two types of the following:

lowercase letters, uppercase letters, digits, and special characters. In addition,

the password must consist of at least six characters.
● Note the following if the option code [ sub-option sub-code ] { ascii ascii-
string | hex hex-string | cipher cipher-string | ip-address ip-address &<1-8> }
command is not executed for the first time:
– If the new code is different from the existing code, both the new and
existing configurations take effect.
– If the new code is the same as the existing code, the following situations
may occur:
▪ When a sub-code is specified in the existing command, the new

configuration overrides the existing configuration if the new and
existing sub-codes are the same, and both the new and existing
configurations take effect if the new and existing sub-codes are
different. If no sub-code is specified in the new command, the new
configuration overrides the existing configuration.
▪ When no sub-code is specified in the existing command, the new

configuration overrides the existing configuration.
● When users on an enterprise's intranet use a proxy server to connect to the
Internet, you need to configure proxy server parameters so that users can use
browsers to access the network. The Web Proxy Auto-Discovery Protocol
(WPAD) implements automatic configuration of these parameters. The
administrator does not need to manually configure these parameters on each
client. To implement the WPAD function, the administrator needs to deploy
the configuration file of the proxy server in advance, and then run the option
252 ascii ascii-string command to specify the URL of the configuration file.
The ascii-string parameter specifies the URL of the configuration file, in the
format of http://xxx/proxy.pac. Set ascii-string according to the actual location
of the configuration file. When a browser accesses the network, the browser
requests the DHCP server to send the URL of the configuration file on the
proxy server, and then downloads the configuration file to conduct automatic
configuration. After the configuration is completed, the browser can access
the network.
NOTE
The value of ascii-string cannot be enclosed in double quotation marks as "ascii-

string". Otherwise, terminals cannot parse Option252.
Example
# In the global address pool global1, configure Option64 to 0x11 (a hexadecimal
number).
[HUAWEI-ip-pool-global1] option 64 hex 11
# In the DHCP Option template template1, configure Option64 to 0x11 (a

hexadecimal number).
[HUAWEI-dhcp-option-template-template1] option 64 hex 11

7.7.92 option121
Function
The option121 command configures the classless static route for the DHCP client.
The undo option121 command deletes a configured classless static route.
By default, no classless static route is configured.
Format
option121 ip-address { ip-address mask-length gateway-address } &<1-8>
undo option121 [ ip-address ip-address mask-length gateway-address ]
Parameters
ip-address Specifies the destination The value is in dotted

mask-length Specifies the mask The value is an integer

length. that ranges from 0 to 32.
gateway-address Specifies the gateway The value is in dotted

address of a route. decimal notation.
Views
Default Level
Usage Guidelines
Usage Scenario
The option121 command applies to only the DHCP server. The option121
command configures Option 121 that defines a classless static route allocated to a
client.
mask-length and gateway-address specify a classless static route. The option121

command configures a maximum of eight classless static routes.
Precautions
● To configure multiple classless static routes, run the option121 command

repeatedly.

● The undo option121 command will delete all classless static routes. To delete
one classless static route, run the undo option121 ip-address ip-address
mask-length gateway-address command.
Example
# In the IP address pool view, configure classless static routes delivered by the
DHCP server.
[HUAWEI-ip-pool-global1] option121 ip-address 10.10.10.10 24 10.11.11.11
# In the DHCP Option template view, configure classless static routes delivered by
the DHCP server.
[HUAWEI-dhcp-option-template-template1] option121 ip-address 10.10.10.10 24 10.11.11.11
7.7.93 option184
Function
The option184 command configures the Option 184 field for the DHCP client.
The undo option184 command deletes a configuration in the Option 184 field.
By default, no content in the Option 184 field is configured.
Format
option184 { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address
| voice-vlan vlan-id }
undo option184 [ as-ip | fail-over | ncp-ip | voice-vlan ]
Parameters
ncp-ip ip-address Specifies the IP address The value is in dotted

of the network call decimal notation.
processor (NCP).
as-ip ip-address Specifies the IP address The value is in dotted

of the backup NCP. decimal notation.
fail-over ip-address Specifies the IP address The value is in dotted

in the failover route. decimal notation.
dialer-string Specifies the dialer The value is a string of 1

string. to 64 characters.
voice-vlan vlan-id Specifies the ID of a The value is an integer

voice VLAN. that ranges from 1 to
4094.

Views
Default Level
Usage Guidelines
The option184 command applies to only the DHCP server and configures Option
184 allocated by a DHCP server to a client in a global address pool.
Example
# In the IP address pool view, configure the Option 184 field.
[HUAWEI-ip-pool-global1] option184 as-ip 192.168.1.10
# In the DHCP Option template view, configure the Option 184 field.
[HUAWEI-dhcp-option-template-template1] option184 as-ip 10.10.10.10
7.7.94 reset dhcp client statistics

Function
The reset dhcp client statistics command clears packet statistics about a DHCP
client.
Format
reset dhcp client statistics [ interface interface-type interface-number ]
Parameters
interface interface-type Clear packet statistics -

interface-number about the DHCP client of
the specified interface.
● interface-type
type.
number.
Views
User view

Default Level
3: Management level
Usage Guidelines
Usage Scenario
The reset dhcp client statistics command is applicable to DHCP client. During
DHCP troubleshooting, statistics about the packets sent and received within a
specified period need to be checked. Therefore, before collecting packet statistics,
run the reset dhcp client statistics command to clear the existing packet
statistics. Then you can run the display dhcp client statistics command to check
packet statistics about the DHCP client.
Precautions
The reset dhcp client statistics command can be run multiple times at any
interval.
Example
# Clear packet statistics about the DHCP client.
<HUAWEI> reset dhcp client statistics
7.7.95 reset dhcp relay statistics

Function
The reset dhcp relay statistics command clears message statistics on a DHCP
relay agent.
Format
reset dhcp relay statistics [ server-group group-name ]
Parameters
server-group group- Specifies the name of a The value is a string of 1

name DHCP server group. to 32 case-sensitive
characters without
spaces.
Views
User view
Default Level
3: Management level

Usage Guidelines
Usage Scenario
This command applies to DHCP relay agents. Collecting statistics on the DHCP
messages sent and received within a specified period helps you locate DHCP
faults. Run the reset dhcp relay statistics [ server-group group-name ]
command to clear original statistics on DHCP messages, and run the display dhcp
relay statistics [ server-group group-name ] command to view packet statistics
about the DHCP relay agent.
● Run the reset dhcp relay statistics server-group group-name command to
clear message statistics on DHCP relay agents connected to DHCP servers in a
specified DHCP server group. The DHCP server group name needs to be
specified.
● Run the reset dhcp relay statistics command to clear message statistics on
all DHCP relay agents besides DHCP relay agents connected to DHCP servers
in the DHCP server group.
Precautions
The reset dhcp relay statistics command can be run multiple times at any
interval.
Example
# Clear message statistics on the DHCP relay agent.
<HUAWEI> reset dhcp relay statistics
7.7.96 reset dhcp server statistics
Function
The reset dhcp server statistics command clears statistics on the DHCP server.
Format
reset dhcp server statistics
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

This command applies to DHCP servers. Collecting statistics on the DHCP

messages sent and received within a specified period helps you locate DHCP
faults. Run the reset dhcp server statistics command to clear original statistics on
DHCP messages and then run the display dhcp server statistics to view message
statistics on the DHCP server.
Precautions
The reset dhcp server statistics command can be run multiple times at any
interval.
Example
# Clear message statistics on the DHCP server.
<HUAWEI> reset dhcp server statistics
7.7.97 dhcp relay detect enable

Function
The dhcp relay detect enable command enables user entry detection on a DHCP
relay agent.
The undo dhcp relay detect enable command disables user entry detection on
By default, user entry detection is disabled on a DHCP relay agent.
Format
dhcp relay detect enable
undo dhcp relay detect enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
This command applies to the device that functions as a DHCP relay agent. After
receiving Ack messages from a DHCP server, the DHCP relay agent sends all Ack
messages in which the giaddr field value is the same as DHCP clients' network
segment to DHCP clients. After DHCP clients successfully obtain IP addresses
through the DHCP relay agent, the DHCP relay agent adds corresponding user
entries. In some cases, for example, multiple DHCP servers exist on the network or

the address pool on the DHCP server is reset, DHCP clients may obtain the same
IP address, resulting in an address conflict.
To address this issue, you can enable user entry detection on the DHCP relay
agent. If the DHCP relay agent receives an Ack message from a DHCP server after
this function is enabled, the DHCP relay agent detects the IP address to be
allocated to a DHCP client in the message and the client's MAC address, and
checks whether the addresses are consistent with the corresponding user entry.
● If the addresses are consistent with the user entry, the DHCP relay agent
forwards the Ack message to the DHCP client, and the DHCP client
successfully obtains the IP address.
● If the addresses are inconsistent with the user entry, the DHCP relay agent
sends a Decline message indicating that the IP address has been used by
another client to the DHCP server, and sends a Nak message to the DHCP
client to instruct the DHCP client to request an IP address again.
If the DHCP relay agent receives a Release or Decline message from a DHCP
client, the DHCP relay agent deletes the corresponding user entry.
NOTE
When the number of user entries reaches the maximum value, the device does not record user
entries for new online users, and does not perform address conflict detection for these users.
Therefore, it is recommended that you reduce the lease time appropriately based on the actual
usage scenario after configuring user entry detection on the DHCP relay agent. This
configuration ensures that user entries of offline users can be cleared promptly and the device
can perform address conflict detection for online users.
If the device is configured as a DHCP relay agent in proxy mode, new users cannot obtain IP
addresses when the number of user entries reaches the maximum value. It is recommended that
you reduce the lease time appropriately based on the actual usage scenario so that user entries
of offline users can be cleared promptly and new users can go online properly.
Example
# Enable user entry detection on the device that functions as a DHCP relay agent.
[HUAWEI] dhcp relay detect enable
7.7.98 reset dhcp statistics

Function
The reset dhcp statistics command clears packet statistics about a DHCP.
Format
reset dhcp statistics
Parameters
None
Views
User view

Default Level
3: Management level
Usage Guidelines
During DHCP troubleshooting, statistics about the packets sent and received
within a specified period need to be checked. Therefore, before collecting packet
statistics, run the reset dhcp statistics command to clear the existing packet
statistics. Then you can run the display dhcp statistics command to view DHCP
message statistics.
Example
# Clear packet statistics about the DHCP.
<HUAWEI> reset dhcp statistics
7.7.99 reset ip pool

Function
The reset ip pool command resets the IP address pool configured on the device.
Format
reset ip pool { interface interface-name | name ip-pool-name } { start-ip-address
[ end-ip-address ] | all | conflict | expired | used }
Parameters
interface interface-name Specifies the name of The value is a string of 1

the interface address to 64 characters without
pool to be reset, which is spaces. A combination of
represented by the type digits, letters,
and number of an underscores (_), and dots
interface. (.) is allowed.
name ip-pool-name Specifies the name of The value is a string of 1

the global address pool to 64 characters without
to be reset. spaces. A combination of
digits, letters,
underscores (_), and dots
(.) is allowed.

pool to be reset.

pool to be reset.

all Indicates that all the IP -

addresses need to be
reset.
conflict Indicates that the -

conflicting IP addresses
need to be reset.
expired Indicates that the -

expired IP addresses
need to be reset.
used Indicates that the used -

IP addresses need to be
reset.
Views
User view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The reset ip pool command resets the IP addresses that cannot be released in an
IP address pool. If an IP address conflict occurs because two clients use the same
IP address, run the reset ip pool command to reset the specified IP address pool.
Precautions
If a user's IP address is within the IP address range specified when this command
is run, the user cannot continue to use the IP address after this command is run,
and needs to send an IP address application request again.
The address pool status cannot be restored after this command is run. Therefore,
exercise caution when deciding to run this command.
Follow-up Procedure
After the address pool is set to idle, the client can obtain an IP address from the
Example
# Reset the conflicting IP addresses in the IP address pool mypool.
<HUAWEI> reset ip pool name mypool conflict

7.7.100 section (IP address pool view)
Function
The section command configures the IP address segment in an IP address pool.
The undo section command deletes the configured IP address segment in an IP

address pool.
By default, the IP address segment in an IP address pool is not configured.
Format
section section-id start-address [ end-address ]
undo section section-id
Parameters
section-id Specifies the ID of the address segment in The value is an integer

the IP address pool. that ranges from 0 to
255.
start-address Specifies the start IP address of the The value is in dotted

address segment. decimal notation.
end-address Specifies the end IP address of the The value is in dotted

address segment. decimal notation.
NOTE
The end IP address must be larger than the
start IP address. If the end IP address is not
entered, there is only one address in the
address segment.
Views
Default Level
Usage Guidelines
An IP address pool consists of one or more IP address segments. The IP addresses
on each address segment cannot overlap.

Example
# Configure an IP address segment 10.1.1.10-10.1.1.15 with the ID 0 for the IP
address pool abc.
[HUAWEI] ip pool abc
[HUAWEI-ip-pool-abc] section 0 10.1.1.10 10.1.1.15
7.7.101 sip-server (IP address pool view)
Function
The sip-server command configures the SIP server IP address assigned to a DHCP
client in a global address pool.
The undo sip-server command deletes the configured SIP server IP address
assigned to a DHCP client in a global address pool.
By default, the SIP server IP address assigned to a DHCP client in a global address
pool is not configured.
Format
sip-server { ip-address ip-address &<1-2> | list domain-name &<1-2> }
undo sip-server
Parameters
ip-address ip- Specifies an IP address for The value is in dotted
address the SIP server. decimal notation.
list domain-name Specifies the domain name The value is a string of 1 to

of the SIP server. 63 characters.
Views
Default Level
Usage Guidelines
Usage Scenario
This command applies to the DHCP server. To enable DHCP clients to normally
access the Internet, the DHCP server needs to specify the SIP server IP address in
the address pool when assigning IP addresses to the clients.

Precautions
● A maximum of two SIP server addresses can be configured in each address

pool. The first assigned address functions as the primary address, and the
other address functions as a secondary address.
● Before specifying the IP address or name for a SIP server, ensure that the SIP
server exists.
● If you run this command repeatedly, the latest configuration overrides the
previous ones.
Example
# Specify 192.168.1.1 as the IP address of the SIP server when addresses in the
global address pool global1 are assigned to clients.
[HUAWEI-ip-pool-global1] sip-server ip-address 192.168.1.1
7.7.102 sname
Function
The sname command configures the name of the server from which the DHCP
client obtains the startup configuration file.
The undo sname command deletes the configured name of the server from which
the DHCP client obtains the startup configuration file.
By default, no name is configured for the server from which the DHCP client
obtains the startup configuration file.
Format
sname sname
undo sname
Parameters
sname Specifies the name of The value is a string of 1

the server where the to 63 case-sensitive
DHCP client obtains the characters without
startup configuration spaces.
file.
Views

Default Level
Usage Guidelines
Usage Scenario
the DHCP client. After the name of the server from which the DHCP client obtains
the startup configuration file is configured using the sname command, the DHCP
client obtains the startup configuration file from this server.
Precautions
Ensure that the route between the DHCP client and the file server from which the
DHCP client obtains the startup configuration file is reachable.
Example
# In the IP address pool view, configure the name of the server from which the
DHCP client obtains the startup configuration file as example.
[HUAWEI] ip pool p1
[HUAWEI-ip-pool-p1] sname example
# In the DHCP Option template view, configure the name of the server from
which the DHCP client obtains the startup configuration file as example.
[HUAWEI-dhcp-option-template-template1] sname example
7.7.103 snmp-agent trap enable feature-name dhcp

Function
The snmp-agent trap enable feature-name dhcp command enables the trap
function for the DHCP module.
The undo snmp-agent trap enable feature-name dhcp command disables the
trap function for the DHCP module.
For details about whether the trap function for the DHCP module is enabled or
disabled by default, see display snmp-agent trap feature-name dhcp all.
Format
snmp-agent trap enable feature-name dhcp [ trap-name
{ hwdhcppktratealarm | hwdhcpsnpchaddralarm | hwdhcpv6pktprefixalarm |
hwndsnpusernumberalarmglobal | hwndsnpusernumberalarmglobalresume |
hwndsnpusernumberalarmif | hwndsnpusernumberalarmifresume |
hwnomatchsnpbindtbldhcppktalarm | hwsnpusernumberalarmglobal |
hwsnpusernumberalarmglobalresume | hwsnpusernumberalarmif |
hwsnpusernumberalarmifresume | hwsnpusernumberalarmvlan |
hwsnpusernumberalarmvlanresume | hwuntrustedreplypktalarm |
hwnomatchsnpbindtbldhcpv6pktalarm | hwnomatchsnpbindtblndpktalarm } ]

undo snmp-agent trap enable feature-name dhcp [ trap-name

{ hwdhcppktratealarm | hwdhcpsnpchaddralarm | hwdhcpv6pktprefixalarm |
hwndsnpusernumberalarmglobal | hwndsnpusernumberalarmglobalresume |
hwndsnpusernumberalarmif | hwndsnpusernumberalarmifresume |
hwnomatchsnpbindtbldhcppktalarm | hwsnpusernumberalarmglobal |
hwsnpusernumberalarmglobalresume | hwsnpusernumberalarmif |
hwsnpusernumberalarmifresume | hwsnpusernumberalarmvlan |
hwsnpusernumberalarmvlanresume | hwuntrustedreplypktalarm |
hwnomatchsnpbindtbldhcpv6pktalarm | hwnomatchsnpbindtblndpktalarm } ]
Parameters
trap-name Enables or disables the -

trap function for a
specified event of the
DHCP module.
hwdhcppktratealarm Enables the device to -

send a Huawei
proprietary trap when
the number of discarded
DHCP packets whose
rate exceeds the limit
exceeds the threshold.
hwdhcpsnpchaddra- Enables the device to -

larm send a Huawei
the number of discarded
DHCP packets whose
CHADDR field differs
from the source MAC
address exceeds the
threshold.
hwdhcpv6pktprefixalar Enables the device to -

m send a Huawei
the DHCPv6 prefix length
hwndsnpusernumbera- Enables the device to -

larmglobal send a Huawei
the number of ND access
users on the device
exceeds the upper
threshold.


larmglobalresume send a Huawei
users on the device falls
below the lower
threshold.

larmif send a Huawei
users on an interface
exceeds the upper
threshold.

larmifresume send a Huawei
users on an interface
falls below the lower
threshold.
hwnomatchsnpbindtbld Enables the device to -

hcppktalarm send a Huawei
the number of DHCP
Request packets that do
not match DHCP
snooping binding entries
and are discarded on an
interface exceeds the
threshold.
hwsnpusernumbera- Enables the device to -

larmglobal send a Huawei
the number of DHCP
access users on the
device exceeds the upper
threshold.

larmglobalresume send a Huawei
the number of DHCP
access users on the
device falls below the
lower threshold.

hwsnpusernumberalar- Enables the device to -

mif send a Huawei
the number of DHCP
access users on an
interface exceeds the
upper threshold.
hwsnpusernumberalar- Enables the device to -

mifresume send a Huawei
the number of DHCP
access users on an
interface falls below the
lower threshold.

larmvlan send a Huawei
the number of DHCP
access users in a VLAN
exceeds the upper
threshold.

larmvlanresume send a Huawei
the number of DHCP
access users in a VLAN
falls below the lower
threshold.
hwuntrustedreplypkta- Enables the device to -

larm send a Huawei
proprietary trap message
when the number of
DHCP reply packets
discarded on an
untrusted interface
hwnomatchsnpbindtbld Enables the device to -

hcpv6pktalarm send a Huawei
when the number of
DHCPv6 request packets
discarded on an interface
because they do not
match the binding
entries exceeds the
threshold.

hwnomatchsnpbindtbln Enables the device to -

dpktalarm send a Huawei
when the number of ND
packets discarded on an
interface because they
do not match the
binding entries exceeds
the threshold.
Views
System view
Default Level
Usage Guidelines
After the trap function is enabled, the device generates traps during operation and
sends the traps to the NMS through the SNMP module. If the trap function is
disabled, the device does not generate traps and the SNMP module does not send
traps to the NMS.
You can specify snmp-agent to enable the trap function for one or more events.
NOTE
For traps that are enabled by default, the device has the trap suppression function configured
and does not report traps within 10 minutes.
Example
# Enable the hwdhcppktratealarm trap function for the DHCP module.
[HUAWEI] snmp-agent trap enable feature-name dhcp trap-name hwdhcppktratealarm
7.7.104 static-bind
Function
The static-bind command binds an IP address in a global address pool to a MAC
address of a client.
The undo static-bind command unbinds the IP address in a global address pool
from a MAC address.
By default, the IP address in a global address pool is not bound to any MAC
address.

Format
static-bind ip-address ip-address mac-address mac-address [ option-template
template-name | description description ]
undo static-bind [ ip-address ip-address | mac-address mac-address ]
Parameters

to be bound. The IP decimal notation.
address must be a valid
IP address in the global
address pool.
mac-address mac- Specifies the user MAC The value is in H-H-H

address address. format. An H is a
4 digits.
option-template Specifies the name of The name is a string of 1

template-name the DHCP Option to 31 case-sensitive
template. To allocate characters without
network configuration spaces.
parameters except IP
addresses to static
clients, specify the
parameter. Before
specifying the parameter,
run the dhcp option
template command to
create a DHCP option
template, and configure
network parameters for
static clients in the DHCP
description description Specifies the user The value is a string of 1

spaces.
Views
Default Level

Usage Guidelines
Usage Scenario
The static-bind command applies to DHCP servers. When planning a network,

you need to allocate fixed IP addresses to some important hosts to ensure
reliability. In this case, you can bind IP addresses in the address pool to the MAC
addresses of these hosts. After the preceding configuration is complete, if the host
of the MAC address to which the IP address is bound request an IP address from
the DHCP server, the DHCP server finds the bound IP address based on the host's
MAC address and allocates this IP address to the host, ensuring that the IP address
obtained by the host is fixed.
You can run the static-bind command to bind an IP address in a global address
You can run the dhcp server static-bind command to bind an IP address in an
interface address pool to a MAC address.
Prerequisites
Network segment addresses that can be assigned from the global address pool
have been configured using the network (IP address pool view) command.
Precautions
● Ensure that the bound IP address is not configured as the IP address that
cannot be allocated using the excluded-ip-address command.
● IP addresses that are used can also be statically bound to MAC addresses or
unbound from MAC addresses. When an IP address is statically bound to a
MAC address, ensure that the MAC address to be bound is the same as the
MAC address of the user who actually uses the IP address.
● The DHCP server preferentially allocates the IP address that has been
statically bound to the client's MAC address.
● After an IP address is bound to a MAC address, the IP address does not expire.
After an automatically allocated IP address is statically bound to a MAC
address, the lease time of the IP address becomes unlimited. After the static
binding between the IP address and the MAC address is deleted, the lease
time of the IP address becomes the same as that configured in the address
pool.
● A maximum of 256 IP addresses and MAC addresses can be bound.
Example
# Configure a DHCP server to assign a fixed IP address 192.168.1.10 in the global
address pool global1 to a host with the MAC address 00e0-fc96-e4c0.
[HUAWEI-ip-pool-global1] static-bind ip-address 192.168.1.10 mac-address 00e0-fc96-e4c0
7.8 DNS Configuration Commands

7.8.1 display dns configuration
Function
The display dns configuration command displays the global DNS configurations.
Format
display dns configuration
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display the global DNS configurations.
<HUAWEI> display dns configuration
-------------------------------------------------------------------------------
Dns resolve : Disabled
DNS-server-select-algorithm : Auto
Dns server source ip address : -
Dns proxy : Disabled
Dns forward retry-number : 2
Dns forward retry-timeout : 3
-------------------------------------------------------------------------------
Table 7-59 Description of the display dns configuration command output
Item Description
Dns resolve Whether dynamic DNS resolution is enabled. The value

can be:
● Enabled: Dynamic DNS resolution is enabled.
● Disabled: Dynamic DNS resolution is disabled.
To enable dynamic DNS resolution, run the dns resolve
command.

Item Description
DNS-server-select- Algorithm for selecting a destination DNS server. The

algorithm value can be:
● Fixed: The destination DNS server is selected in fixed
order.
● Auto: The destination DNS server is selected in auto
order.
To specify an algorithm for selecting a destination DNS
server, run the dns-server-select-algorithm command.
Dns server source ip Source IP address of the local device for communication.
address To set the source IP address of the local device, run the
dns server source-ip command.
Dns proxy Whether DNS proxy is enabled. The value can be:
● Enabled: DNS proxy is enabled.
● Disabled: DNS proxy is disabled.
To enable DNS proxy, run the dns proxy enable
command.
Dns forward retry- Number of times for retransmitting query messages to

number the destination DNS server.
To set the number of times for retransmitting query
messages to the destination DNS server, run the dns
forward retry-number command.
Dns forward retry- Retransmission timeout period that the device sends
timeout query messages to the destination DNS server.
To set the retransmission timeout period that the device
sends query messages to the destination DNS server, run
the dns forward retry-timeout command.
7.8.2 display dns domain

Function
The display dns domain command displays the configuration and sequence of
domain name suffixes.
Format
display dns domain [ verbose ]

Parameters

verbose Displays the detail information of domain name suffixes. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display dns domain command to view the configuration and
sequence of domain name suffixes.
Example
# Display the list of domain name suffixes.
<HUAWEI> display dns domain
Type:
D:Dynamic S:Static
NO. Type Domain name TTL

1 S com -
2 S net -
Table 7-60 Description of the display dns domain command output
Item Description
NO. Domain name suffix numbers, that is, the configuration sequence
of domain name suffixes.
Type Domain name suffixes type, including dynamic and static domain
name suffix.
Domain Configured domain name suffix.

name In this example, two domain name suffixes are displayed. During
DNS resolution, the first suffix "com" is added and sent to the
DNS server. If the DNS server gives no response, the query
message is resent. If the DNS server still gives no response, the
query message is resent for a third time. If the DNS server still
does not respond, the second suffix "net" is added and sent to
the DNS server for searching for the mapped address.
TTL Domain name suffix TTL.

7.8.3 display dns dynamic-host

Function
The display dns dynamic-host command displays dynamic DNS entries saved in
the domain name cache.
Format
display dns dynamic-host [ ip | naptr | srv ] [ domain-name ]
Parameters
ip Specifies the Class-A and -

PTR query dynamic DNS
entries.
naptr Specifies the NAPTR -

query dynamic DNS
entries.
srv Specifies the SRV query -

dynamic DNS entries.
domain-name Specifies the dynamic The value must be an

DNS entries of a domain existing domain name
name. suffix.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display dns dynamic-host command to view dynamic DNS
entries saved in the domain name cache and check whether domain names match
the mapping entries.
Example
# Display the dynamic DNS entries saved in the domain name cache.
<HUAWEI> display dns dynamic-host
Host TTL Type Address
sipx.autosrv.com 114 IP 192.168.1.1
sip.autosrv.com 237 IP 192.168.1.2
sip.autonaptr.com 117 IP 192.168.1.3

_sip._tcp.autosrv.com 55 SRV 0 0 0 sipx.autosrv.com

0 0 0 sip.autosrv.com
autonaptr.com 0 NAPTR 101 10 A SIP+D2T sip.autona
Total : 5
Table 7-61 Description of the display dns dynamic-host command output

Item Description
Host Domain name.

● sipx.autosrv.com: indicates the domain
name of the server providing the SIP
service.
● _sip._tcp.autosrv.com: indicates the
domain name of the server providing
the SIP service through TCP in
autosrv.com.
● autonaptr.com: indicates the domain
name in the NAPTR resource record.
TTL Time left before dynamic DNS entries saved

in the cache age out, in seconds.
Type Query type:

● IP: Class-A query, which is used to
request the IP address corresponding to
a domain name, or Pointer (PTR) query,
which is used to request the domain
name corresponding to an IP address.
● SRV: Service Record (SRV) query, which
is used to obtain information about a
server based on the protocol running on
the server, including the domain name
and port number.
● NAPTR: Naming Authority Pointer
(NAPTR) query, which is used to obtain
information about a server based on the
server's domain name, including the IP
address, and the transmission protocol.

Item Description
Address IP address mapping the domain name.

● 192.168.1.1: indicates the IPv4 address.
● 0 0 0 sipx.autosrv.com: indicates the SRV
query result. In the SRV query result, 0 0
0 indicates the priority, weight, and port
number respectively, and
sipx.autosrv.com indicates the domain
name of the server providing the SIP
service.
● 101 10 A SIP+D2T sip.autona: indicates
the NAPTR query result. In the NAPTR
query result, 101 10 indicates the
NAPTR resource record sequence and
priority; A indicates that the IP address
to be queried; SIP+D2T indicates that
SIP and TCP are used; sip.autona
indicates the domain name to be
queried.
7.8.4 display dns forward table

Function
The display dns forward table command displays the DNS forwarding table,
including the mapping entry of the source IP address in a specified DNS query
message.
Format
display dns forward table [ source-ip ip-address ]
Parameters
source-ip ip-address Specifies the source IP The value is in dotted

address in query decimal notation.
messages.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
After DNS proxy or DNS relay is enabled, you can run the display dns forward
table command to view the DNS table of IP addresses.
NOTE
When the device receives DNS request packets form the client but does not receive DNS reply
packets from the server, you need to run the display dns forward table command to view the
DNS forwarding table.
Example
# Display the DNS table on the DNS proxy or DNS relay.
<HUAWEI> display dns forward table
Domain name : www.domain.com
Source IP : 10.136.128.53
Source port : 2055
Source packet id : 3562
Forward packet id : 60669
Query type :1
Table 7-62 Description of the display dns forward table command output
Item Description
Domain name Domain name.
Source IP IP address of the client.
Source port Port number of the client.
Source packet id ID of the request packet from the

client.
Forward packet id ID of the forwarded packet, which

corresponds to the ID of the request
packet from the client.
Query type Common query type. The options are

as follows:
● 1: Class-A query
● 12: Pointer Record (PTR) query
● 33: SRV query
● 35: NAPTR query
● 255: Any query type

7.8.5 display dns server
Function
The display dns server command displays the configuration and sequence of the
current DNS server.
Format
display dns server [ verbose ]
Parameters
verbose Displays detailed information about the DNS server. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After configuring DNS, run the display dns server command to view the
configuration and sequence of current DNS servers.
Example
# Display configurations of a DNS server.
<HUAWEI> display dns server
Type:
D:Dynamic S:Static
IPv4 DNS server :

NO. Type Status Used IP Address
0 S - Yes 10.1.1.1
1 S - Yes 10.1.1.2
2 D Up Yes 10.1.1.2
3 D Up Yes 10.1.1.3
Table 7-63 Description of the display dns server command output
Item Description
Configuration type of the DNS server IP address,

Type including dynamic and static.
IPv4 DNS server IPv4 DNS server configuration.

Item Description
NO. DNS server number, indicating the order in which they

were configured.
Status DNS server status.
Used Indicates whether the DNS server is used.
IP Address IPv4 address of the DNS server.
7.8.6 display dns statistics

Function
The display dns statistics command displays statistics on DNS packets.
Format
display dns statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can use this command to check statistics on DNS packets.
Example
# Display statistics on DNS packets.
<HUAWEI> display dns statistics
SumFromDNSv4Client :0
SumToDNSv4Client :0
SumFromDNSv4Server :0
SumToDNSv4Server :0
RetryFromClient :0
NotQueryFromClient :0
ParseFailFromClient :0
TooLongFromClient :0
LocalQueryFromClient :0
NotStandardQueryFromClient : 0

NotRespFromServer :0
NoAnswerFromServer :0
ParseFailFromServer :0
TooLongFromServer :0
ErrorRespFromServer :0
NotStandardQueryFromServer : 0
Table 7-64 Description of the display dns statistics command output

Item Description
SumFromDNSv4Client Total number of packets sent from IPv4

DNS clients.
SumToDNSv4Client Total number of packets sent to IPv4 DNS

clients.
SumFromDNSv4Server Total number of packets sent from IPv4

DNS servers.
SumToDNSv4Server Total number of packets sent to IPv4 DNS

servers.
RetryFromClient Number of packets retransmitted from

clients.
NotQueryFromClient Number of non-query packets sent from

clients.
ParseFailFromClient Number of packets that failed to be parsed

and are sent from clients.
TooLongFromClient Number of packets longer than 512 bytes

sent from clients.
LocalQueryFromClient Number of query packets of which the

source address is a local address and sent
from clients.
NotStandardQueryFromClient Number of nonstandard query packets sent

from clients.
NotRespFromServer Number of non-response packets sent from

servers.
NoAnswerFromServer Number of response packets of which the

ANCOUNT field is 0 and sent from servers.
ParseFailFromServer Number of packets that failed to be parsed

and are sent from servers.
TooLongFromServer Number of packets longer than 512 bytes

sent from servers.
ErrorRespFromServer Number of error response packets sent

from servers.

Item Description
NotStandardQueryFromServer Number of nonstandard query packets sent

from servers.
7.8.7 display dns zone

Function
The display dns zone command displays configuration of a DNS zone.
Format
display dns zone zone-name
Parameters
zone-name Specifies the DNS zone The value must be an

name. existing DNS zone name
on the device.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display information about the DNS zone named com.
<HUAWEI> display dns zone com
Dns zone : com
TTL : 1200
Resource records as follows:
Hostname : example
Class : IN
Type :A
Address : 10.1.1.1
Hostname : example123
Class : IN
Type : AAAA

Address : FC00::1
Resource records statistics: A 1, AAAA 1
Table 7-65 Description of the display dns zone command output
Item Description
Dns zone Name of the DNS zone. To configure

the DNS zone name, run the dns zone
command.
TTL Storage time of the static resource

records in the DNS zone. To configure
the storage time of the static resource
records in the DNS zone, run the ttl
command.
Resource records as follows Information about static resource

records in the DNS zone, including:
● Hostname: host name.
● Class: supported network type.
Currently, only the IN type
(Internet) is supported.
● Type: type of static resource records,
including type A and type AAAA.
● Address: IP address corresponding
to a host name.
To configure static resource records in
the DNS zone, run the rr a or rr aaaa
command.
Resource records statistics Number of static resource records in

the DNS zone, including static resource
records of type A and type AAAA.
7.8.8 display ip host
Function
The display ip host command displays mappings between hosts and IP addresses.
Format
display ip host
Parameters
None

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After configuring static DNS entries, you can run the display ip host command to
view the mapping between hosts and IP addresses.
Example
# Display mappings between hosts and IP addresses.
<HUAWEI> display ip host
Host Age Flags Address
example 0 static 10.2.2.2
Table 7-66 Description of the display ip host output of the command
Item Description
Host Host name.
Age Aging time.

The value 0 indicates that the static DNS entry need not be
aged.
Flags Status of the domain name.

"Static" indicates the static domain name.
Address IP address matching the host.
7.8.9 dns domain

Function
The dns domain command configures a domain name suffix of a server or a host
on a DNS client that the DNS client wants to access.
The undo dns domain command deletes a configured domain name suffix from a
DNS client.
By default, no domain name suffix is configured on a DNS client.
Format
dns domain domain-name
undo dns domain [ domain-name ]

Parameters
domain-name Specifies a domain The value is a string of 1 to 64

name suffix on a DNS characters, spaces not supported. The
client. string is a combination of digits, letters,
underscores (_), dots (.), and hyphen (-).
Views
System view
Default Level
Usage Guidelines
Application Scenario
Generally, the domain name suffixes of some servers or hosts that a DNS client
accesses are the same, for example, com.cn. In this case, you can set the domain
name suffixes. When a DNS client accesses a host:
● If the entered domain name does not carry dots (.), for example, "huawei",
the system first adds the suffix com.cn to the domain name and sends a
domain name request of "huawei.com.cn" to the DNS server to find the IP
address corresponding to the domain name. If the DNS client does not receive
any response from the server, it sends a domain name request of "huawei" to
the DNS server to find the IP address corresponding to the domain name.
● If the entered domain name carries dots (.), for example, "ilite.huawei", the
system first sends a domain name request of "ilite.huawei" to the DNS server
to find the IP address corresponding to the domain name. If the DNS client
does not receive any response from the server, it adds the suffix com.cn to the
domain name and sends a domain name request of "ilite.huawei.com.cn" to
the DNS server to find the IP address corresponding to the domain name.
Precautions
A DNS client supports a maximum of 10 domain name suffixes. To configure
multiple domain name suffixes, you can run the dns domain command
repeatedly.
If the name of the suffix to be deleted is specified, the specified suffix is deleted.
Otherwise, all the suffixes are deleted.
When a DNS client attempts to query a domain name suffix, it queries the suffix
only in local dynamic DNS entries. If the suffix is not found, the DNS client sends a
domain name request to the DNS server.
Example
# Configure a domain name suffix as com.cn.

[HUAWEI] dns domain com.cn
7.8.10 dns forward retry-number

Function
The dns forward retry-number command sets the number of times for the device
to retransmit query requests to the destination DNS server.
The undo dns forward retry-number command restores the default
retransmission count.
By default, the retransmission count is 2.
Format
dns forward retry-number number
undo dns forward retry-number
Parameters
number Specifies the number of The value is an integer

times for the device to from 0 to 15.
retransmit query
requests to the
destination DNS server.
Views
System view
Default Level
Usage Guidelines
The mode for a device to select the destination DNS server can be auto and fixed.
For how a device sends DNS request packets to the destination DNS server in each
mode and the corresponding precautions, see dns-server-select-algorithm.
If the number of times for the device to retransmit DNS request packets to each
destination DNS server is relatively large and the packet retransmission timeout
period is relatively long, the time for the DNS client to wait for the response from
the DNS server is too long. However, the request timeout period of the DNS client
is shorter, so that the DNS client fails to properly receive response packets from
the server. To enable the DNS server to rapidly respond DNS request packets, you
can run the dns forward retry-number and dns forward retry-timeout
commands to adjust the number of times for the device to retransmit DNS request

packets to each DNS server and the packet retransmission timeout period for
ensuring that the DNS client can properly receive response packets from the
server.
You need to consider the number of times for the device to retransmit DNS query
requests to the destination DNS server, retransmission timeout period, and mode
for the device to select the DNS server into consideration before configuring the
query timeout period on a device.
● When the mode for a device to select the destination DNS server is auto, the
query timeout period of a DNS device is calculated as follows: (Number of
retransmission times + 1) x Retransmission timeout period
● When the mode for a device to select the destination DNS server is fixed, the
retransmission times + 1) x Retransmission timeout period x Number of DNS
servers
Example
# Set the retransmission count that the device sends query packets to the
destination DNS server to 1.
[HUAWEI] dns forward retry-number 1
7.8.11 dns forward retry-timeout

Function
The dns forward retry-timeout command sets the retransmission timeout period
that the device sends Query packets to the destination DNS server.
The undo dns forward retry-timeout command restores the default
retransmission timeout period.
By default, the retransmission timeout period for which the device sends DNS
query requests to the destination DNS server is 3 seconds.
Format
dns forward retry-timeout time
undo dns forward retry-timeout
Parameters
time Specifies the The value is an integer

retransmission timeout that ranges from 1 to 15,
period that the device in seconds.
sends Query packets to
the destination DNS
server.

Views
System view
Default Level
Usage Guidelines
The mode for a device to select the destination DNS server can be auto and fixed.
For how a device sends DNS request packets to the destination DNS server in each
mode and the corresponding precautions, see dns-server-select-algorithm.
If the number of times for the device to retransmit DNS request packets to each
destination DNS server is relatively large and the packet retransmission timeout
period is relatively long, the time for the DNS client to wait for the response from
the DNS server is too long. However, the request timeout period of the DNS client
is shorter, so that the DNS client fails to properly receive response packets from
the server. To enable the DNS server to rapidly respond DNS request packets, you
can run the dns forward retry-number and dns forward retry-timeout
commands to adjust the number of times for the device to retransmit DNS request
packets to each DNS server and the packet retransmission timeout period for
ensuring that the DNS client can properly receive response packets from the
server.
You need to consider the number of times for the device to retransmit DNS query
requests to the destination DNS server, retransmission timeout period, and mode
for the device to select the DNS server into consideration before configuring the
query timeout period on a device.
● When the mode for a device to select the destination DNS server is auto, the
retransmission times + 1) x Retransmission timeout period
● When the mode for a device to select the destination DNS server is fixed, the
retransmission times + 1) x Retransmission timeout period x Number of DNS
servers
Example
# Set the retransmission timeout period that the device sends Query packets to
the destination DNS server to 2 seconds.
[HUAWEI] dns forward retry-timeout 2
7.8.12 dns proxy enable
Function
The dns proxy enable command enables DNS proxy.
The undo dns proxy enable command disables DNS proxy.

By default, DNS proxy is disabled. The DNS proxy function is enabled in the
delivery configuration file of common FAT APs and Cloud APs..
Format
dns proxy enable
undo dns proxy enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
DNS proxy is used to forward DNS requests and reply packets between the DNS
client and DNS server. The DNS client sends a DNS request packet to the device on
which DNS proxy is enabled. The device sends the request packet to the DNS
server and sends the reply packet to the DNS client. The device functions as the
DNS proxy to provide services of the DNS server. Users do not need to interact
with the DNS server directly. This function simplifies route deployment and
improves performance and security of the DNS server.
Example
# Enable DNS proxy.
[HUAWEI] dns proxy enable
# Disable DNS proxy.

[HUAWEI] undo dns proxy enable
7.8.13 dns resolve
Function
The dns resolve command enables dynamic DNS resolution.
The undo dns resolve command disables dynamic DNS resolution.
By default, dynamic DNS resolution is disabled. The dynamic DNS resolution

function is enabled in the delivery configuration file.

Format
dns resolve
undo dns resolve
Parameters
None
Views
System view
Default Level
Usage Guidelines
To obtain IP addresses mapping domain names using the DNS server, run the dns
resolve command to enable dynamic DNS resolution on the device.
Example
# Enable dynamic DNS resolution.
[HUAWEI] dns resolve
7.8.14 dns server
Function
The dns server command configures an IP address for a DNS server.
The undo dns server command deletes the DNS server IP address.
By default, no DNS server IP address is configured.
Format
dns server ip-address
undo dns server [ ip-address ]
Parameters

of a DNS server. decimal notation.

Views
System view
Default Level
Usage Guidelines
A maximum of six DNS servers can be specified on AP. During dynamic DNS
resolution, query messages are sent to DNS servers based on the configuration
sequence of DNS servers.
The system sends a query to the DNS server first configured. If no response is
received in the specified period of time (which can be configured by running the
dns forward retry-timeout) command, it resends the query twice. If receiving no
response for the specified times (which can be configured by running the dns
forward retry-number command), the system sends the query to the next DNS
server and so on.
NOTE
For cloud APs, run the dns-server (WAN view) command to configure the DNS server. This
is because DNS server information configured using the dns server command cannot be
saved on cloud APs and will be lost after the APs restart.
Example
# Assign the IP address 10.2.0.70 to the DNS server.
[HUAWEI] dns server 10.2.0.70
7.8.15 dns server source-ip
Function
The dns server source-ip command configures the source IP address for the
device to send and receive DNS packets.
The undo dns server source-ip command deletes the source IP address for the
device to send and receive DNS packets.
By default, no source IP address is configured for the device.
Format
dns server source-ip ip-address
undo dns server source-ip

Parameters
ip-address Specifies the source IP The value is in dotted

address for the device to decimal notation.
send and receive DNS
packets.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
When the device sends and receives DNS packets, the administrator can specify a
source IP address for the device to ensure the communication security. The route
from the DNS server to the specified source IP address must be reachable. The
DNS server uses the specified source IP address as the destination address and
sends a DNS response packet to the local device.
When the device functions as a DNS proxy or relay, run the dns server source-ip
ip-address command to configure the source IP address for communicating with
the DNS server.
Precautions
To make the command take effect, pay attention to the following points:
● Ensure that the source IP address is the IP address of an interface or logical
interface on the device, and there are reachable routes between the interface
and the DNS server.
● Ensure that the source IP address and the IP address of the DNS server are on
the same VPN or public network.
Example
# Specify source IP address 172.16.1.1 for the local device.
[HUAWEI] dns server source-ip 172.16.1.1
7.8.16 dns-server-select-algorithm
Function
The dns-server-select-algorithm command configures the mode in which the
device selects a DNS server.

The undo dns-server-select-algorithm command restores the default setting.

By default, the device selects a DNS server in auto mode.
Format
dns-server-select-algorithm { fixed | auto }
undo dns-server-select-algorithm
Parameters
fixed Selects a DNS server in -

fixed mode.
auto Selects a DNS server in -

auto mode.
Views
System view
Default Level
Usage Guidelines
The device can select a DNS server in either of the following modes:
● auto: The device uses the internal algorithm to calculate the priorities of all
configured DNS servers (IP addresses of DNS servers can be configured by
running the dns server command), and then sends a DNS query request to
the DNS server with the highest priority. If no response is received within a
specified period of time, the device retransmits the DNS query request. If the
device still does not receive a response from the DNS server after sending
query requests multiple times, the device sends the DNS query request to the
next server in sequence until it receives a response or has sent to all of the
configured DNS servers.
● fixed: The device sends a DNS query request to the first DNS server. If no
response is received within a specified period of time, the device retransmits
the DNS query request. If the device still does not receive a response from the
DNS server after sending query requests multiple times, the device sends the
DNS query request to the next server in sequence until it receives a response
or has sent to all of the configured DNS servers.

NOTE
This function is supported when the device functions as a DNS client or DNS proxy/relay.
When the device functions as a DNS client:
● This function is supported only for DNS query requests sent by IPSec, voice, PKI, and DDNS
services.
● This function is not supported for DNS query requests sent by other services. The device
sends the requests according to the order in which DNS servers are configured. If no
response is received, the device retransmits the requests according to the order in which
DNS servers are configured.
Example
# Configure the device to select a DNS server in fixed mode.
[HUAWEI] dns-server-select-algorithm fixed
7.8.17 dns zone
Function
The dns zone command creates a DNS zone and displays the DNS zone view.
The undo dns zone command deletes the DNS zone.
By default, no DNS zone is configured.
Format
dns zone zone-name
undo dns zone zone-name
Parameters
zone-name Specifies the name of a The value is a string of 1

DNS zone. to 63 case-insensitive
characters without
spaces.
Views
System view
Default Level

Usage Guidelines
Usage Scenario
Static domain name resolution is implemented using static resource records. Static
resource records of type A and type AAAA can be queried. The manually created
mappings between some common domain names and IP addresses are stored
locally as static resource records. When a client requests for the IP address
corresponding to a domain name, the device first queries the IP address
information locally, improving the efficiency of domain name resolution.
Static resource records can be configured using ip host host-name ip-address or
configured in the DNS zone. You can select the static resource record configuration
method based on the following rules: When the domain name length does not
exceed 24 characters, use ip host to configure static resource records; when the
domain name length exceeds 24 characters, configure static resource records in
the DNS zone. When you configure static resource records in the DNS zone, use
the domain name consisting of the host name (in the static resource records of
type A or type AAAA) and DNS zone name.
If the static resource records configured using the preceding two methods both
exist on the device, when the device performs DNS query, the static resource
records configured using ip host host-name ip-address take precedence over those
configured in the DNS zone. For example, when receiving a DNS query request,
the device first queries the static resource records configured using ip host based
on the domain name. If no matching record can be found, the device queries the
static resource records configured in the DNS zone based on the domain name. If
the matching record can be found in the static resource records configured in the
DNS zone, the device sends a response; otherwise, the device forwards the DNS
query request to the remote DNS server.
Follow-up Procedure
In the DNS zone view, run the rr a hostname host-name ip-address ip-address or
rr aaaa hostname host-name ipv6-address ipv6-address command to configure
static resource records of type A or type AAAA.
Example
# Create the DNS zone com.
[HUAWEI] dns zone com
7.8.18 ip host
Function
The ip host command configures static DNS entries.
The undo ip host command deletes static DNS entries.
By default, no static DNS entries are configured.
Format
ip host host-name ip-address

undo ip host host-name [ ip-address ]
Parameters
host-name Specifies the host name. The value is a string of 1 to 24 case-

sensitive characters without spaces.
ip-address Specifies the IP address The value is in dotted decimal

mapping the host name. notation.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
A static domain name resolution table is manually set up using the ip host
command, describing the mappings between host names and IP addresses. In
addition, some common host names are added to the table. Then, static host
name resolution can be performed according to the static domain name resolution
table. When requiring the IP address corresponding to a host name, the client first
searches the static host name resolution table for the specified host name and
obtains the corresponding IP address. In this manner, the efficiency of host name
resolution is improved.
Precautions
The ip host command configures a maximum of 50 static DNS entries. Each host
name can be mapped to only one IP address. When multiple IP addresses are
mapped to a host name, only the latest configuration takes effect.
Example
# Configure the IP address 10.110.0.1 for the host test.
[HUAWEI] ip host test 10.110.0.1
7.8.19 reset dns dynamic-host
Function
The reset dns dynamic-host command deletes dynamic DNS entries saved in the
domain name cache.

Format
reset dns dynamic-host
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
NOTICE
Clear dynamic DNS entries with caution because they cannot be restored after
being cleared.
After confirming the action of clearing DNS entries, you can run the reset
command to clear them.
Example
# Clear dynamic DNS entries from the domain name cache.
<HUAWEI> reset dns dynamic-host
7.8.20 reset dns forward table

Function
The reset dns forward table command clears the DNS entries forwarded.
Format
reset dns forward table [ source-ip ip-address ]
Parameters
source-ip ip-address Clear the DNS entries of The value is in dotted

a specified source IP decimal notation.
address.

Views
User view
Default Level
3: Management level
Usage Guidelines
When the AP as a DNS proxy or relay is attacked, the DNS table will be full. The
reset dns forward table command can delete all DNS entries.
Example
# Clear DNS entries in the DNS table on the DNS proxy or DNS relay.
<HUAWEI> reset dns forward table
7.8.21 reset dns statistics
Function
The reset dns statistics command clears statistics on DNS packets.
Format
reset dns statistics
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
The reset dns statistics command clears statistics on DNS packets. The cleared
statistics cannot be restored.
Example
# Clear statistics on DNS packets.
<HUAWEI> reset dns statistics

7.8.22 rr a
Function
The rr a command configures static resource records of type A.
The undo rr a command deletes static resource records of type A.
By default, no static resource record of type A is configured.
Format
rr a hostname host-name ip-address ip-address
undo rr a [ hostname host-name [ ip-address ip-address ] ]
Parameters
hostname host-name Specifies the host name. The value is a string of 1

characters without
spaces.

corresponding to the decimal notation.
host name.
Views
DNS zone view
Default Level
Usage Guidelines
Usage Scenario
In the DNS zone, you can configure resource records of type A and create
mappings between host names and IP addresses. When a client requests for the IP
address corresponding to a domain name, the device sends a response using the
locally configured resources of type A.
You can run the display dns zone zone-name command to check the currently
configured static resource records of type A.
Prerequisites
A DNS zone has been created using the dns zone zone-name command.
Precautions

Each host name can be mapped to only one IP address. When multiple IP
addresses are mapped to a host name, only the latest configuration takes effect.
Example
# In the DNS zone com, configure resource records of type A and create the
mapping between the host name example and IP address 10.1.1.1.
[HUAWEI-dns-zone-com] rr a hostname example ip-address 10.1.1.1
7.8.23 rr aaaa
Function
The rr aaaa command configures static resource records of type AAAA.
The undo rr aaaa command deletes static resource records of type AAAA.
By default, no static resource record of type AAAA is configured.
Format
rr aaaa hostname host-name ipv6-address ipv6-address
undo rr aaaa [ hostname host-name [ ipv6-address ipv6-address ] ]
Parameters
hostname host-name Specifies the host name. The value is a string of 1

characters without
spaces.
ipv6-address ipv6- Specifies the IPv6 The value consists of 128

address address corresponding to octets, which are
the host name. classified into 8 groups.
Each group contains 4
hexadecimal numbers in
the format
X:X:X:X:X:X:X:X.
Views
DNS zone view
Default Level

Usage Guidelines
Usage Scenario
In the DNS zone, you can configure resource records of type AAAA and create
mappings between host names and IPv6 addresses. When a client requests for the
IPv6 address corresponding to a domain name, the device sends a response using
the locally configured resources of type AAAA.
configured static resource records of type AAAA.
Prerequisites
Precautions
Each host name can be mapped to only one IPv6 address. When multiple IPv6
addresses are mapped to a host name, only the latest configuration takes effect.
Example
# In the DNS zone com, configure resource records of type AAAA and create the
mapping between the host name example and IPv6 address FC00::1.
[HUAWEI-dns-zone-com] rr aaaa hostname example ipv6-address fc00::1
7.8.24 ttl
Function
The ttl command configures the storage time of static resource records in the DNS
zone.
The undo ttl command restores the default storage time of static resource records
in the DNS zone.
By default, the storage time of static resource records in the DNS zone is 1200
seconds.
Format
ttl ttl-value
undo ttl
Parameters
ttl-value Specifies the storage The value is an integer

time of static resource ranging from 0 to
records in the DNS zone. 259200, in seconds.

Views
DNS zone view
Default Level
Usage Guidelines
Usage Scenario
Static resource records in the DNS zone can be saved in the cache. For example,
after the storage time of static resource records in the DNS zone is configured on
the device functioning as the DNS proxy, a client sends a DNS protocol packet to
obtain the storage time. The client saves the parsed mapping between a domain
name and an IP address in the cache each time the client uses the static resource
records configured in the DNS zone. When the client queries records based on the
same domain name next time, it can directly read the records from the cache,
without repeatedly sending a request to the DNS proxy. The mappings saved in
the client's cache will be aged and deleted after the storage time expires, so that
the static resource records can be updated in real time.
configured storage time of static resource records in the DNS zone.
Prerequisites
Example
# In the DNS zone com, configure the storage time of static resource records to
1300 seconds.
[HUAWEI-dns-zone-com] ttl 1300
7.9 NAT Configuration Commands

NOTE
The AD9431DN-24X do not support this feature.
7.9.1 display app-inspect table statistics

Function
The display app-inspect table statistics command displays statistics on NAT
application entries.
Format
display app-inspect { servermap | session } table statistics

Parameters
servermap Displays statistics on -

servermap entries at the
application layer.
session Displays statistics on -

session entries at the
application layer.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view statistics on Session entries and Servermap
entries at the application layer to facilitate NAT related fault diagnosis and
troubleshooting.
Session entry: includes quintuple information (the protocol number, source IP

address, source port number, destination IP address, and destination port number).
When each session passes through the NAT, a session entry is created.
Servermap entry: includes triplet information (the protocol number, source IP

address, and destination IP address). When the NAT uses a multi-channel protocol
for communication, Servermap entries are created.
Example
# Display statistics on all session entries at the application layer.
<HUAWEI> display app-inspect session table statistics
App-inspect Session History Maximum Info:
Maximum Number : 124
Record Time : 2013-12-23 11:35:19
Table 7-67 Description of the display app-inspect session table statistics command
output
Item Description
App-inspect Session History Information about maximum number of

Maximum Info session entries in the history.
Maximum Number Maximum number of session entries.

Item Description
Record Time Time when maximum number of session

entries is recorded.
# Display statistics on all Servermap entries at the application layer.

<HUAWEI> display app-inspect servermap table statistics
App-inspect Servermap History Maximum Info:
Maximum Number : 61
Record Time : 2013-12-23 11:35:27
Table 7-68 Description of the display app-inspect servermap table statistics

command output
Item Description
App-inspect Servermap History Information about maximum number of

Maximum Info Servermap entries in the history.
Maximum Number Maximum number of Servermap entries.
Record Time Time when maximum number of

Servermap entries is recorded.
7.9.2 display app-inspect session table

Function
The display app-inspect session table command displays the application-layer
session table.
Format
display app-inspect session table [ application-protocol application-protocol-
name ] [ source-ip ip-address [ port-number ] ] [ destination-ip ip-address
[ port-number ] ]
Parameters
application-protocol Indicates the type of the The value of application-

application-protocol- application-layer protocol-name can be
name protocol. DNS, FTP, HTTP, PPTP,
RTSP.

source-ip ip-address Indicates the data ● ip-address: The value

port-number sessions with a specified is in dotted decimal
source IP address and notation.
port number. ● port-number: The
value is an integer
that ranges from 1 to
65535.
destination-ip ip- Indicates the data ● ip-address: The value

address port-number sessions with a specified is in dotted decimal
destination IP address notation.
and port number. ● port-number: The
value is an integer
65535.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view information about a specified application-layer
session table or all application-layer session tables. The application-layer session
table information is displayed only when some traffic on the device is sent to the
application layer.
Example
# Display information about all application-layer session tables.
<HUAWEI> display app-inspect session table
The total number of session tables is 1.
NO.1.
APP-Protocol : RTSP
Initiator-VPN: ----
Responder-VPN: ----
Connection Info:
Initiator(IP:Port) Responder(IP:Port) Protocol
1.1.1.2 :33713 ---> 2.2.2.2 :554 TCP(6)
1.1.1.2 :33713 <--- 2.2.2.2 :554 TCP(6)

Table 7-69 Description of the display app-inspect session table command output
Item Description
The total number of session Number of application-layer session tables.

tables is
NO.1. The first entry in the session table.
APP-Protocol The application protocol.
Initiator-VPN Source VPN name.

The device does not support this object.
Responder-VPN Destination VPN name.

Connection Info Connection between the source address

and destination address.
Initiator(IP:Port) Source IP address and port number.
Responder(IP:Port) Destination IP address and port number.
Protocol Transport protocol type (TCP/UDP).
7.9.3 display nat address-group

Function
The display nat address-group command displays the configuration of a NAT
address pool.
Format
display nat address-group [ group-index ] [ verbose ]
Parameters
group-index Indicates the index of a The value must be an

NAT address pool. existing NAT address
pool index.
verbose Displays details about -

the NAT address pool.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can check the configuration and application of the NAT address pool.
Example
# Display all the NAT address pools.
<HUAWEI> display nat address-group
NAT Address-Group Information:
--------------------------------------
Index Start-address End-address
--------------------------------------
1 10.1.1.1 10.1.1.10
2 10.10.10.10 10.10.10.15
--------------------------------------
Total : 2
# Display the NAT address pool according to the index of the NAT address pool.
<HUAWEI> display nat address-group 1
--------------------------------------
Index Start-address End-address
--------------------------------------
1 10.1.1.1 10.1.1.10
--------------------------------------
Total : 1
# Display details about the NAT address pool.

<HUAWEI> display nat address-group 1 verbose
-----------------------------------------------------------
Index Start-address End-address Ref-times Ref-type
-----------------------------------------------------------
1 10.1.1.1 10.1.1.10 0 ----
-----------------------------------------------------------
Total : 1
Table 7-70 Description of the display nat address-group command output

Item Description
NAT Address-Group Information of the NAT address pool.

Information
Index Index of the NAT address pool.
Start-address Start IP address of the NAT address pool.
End-address End IP address of the NAT address pool
Ref-times Number of times that a NAT address pool is referenced.

Item Description
Ref-type Mode in which the NAT address pool is referenced.

● pat: translates the IP address and port information of
data packets.
● no-pat: only translates the IP addresses of data
packets, not port information.
● ----: indicates that the NAT address pool is not
referenced.
Total Number of NAT address pools.
7.9.4 display nat alg
Function
The display nat alg command displays whether NAT application level gateway
(ALG) is enabled for an application layer protocol.
Format
display nat alg
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display the status of NAT ALG.
<HUAWEI> display nat alg
NAT Application Level Gateway Information:
----------------------------------
Application Status
----------------------------------
dns Disabled
ftp Disabled
rtsp Enabled

pptp Disabled
----------------------------------
Table 7-71 Description of the display nat alg command output
Item Description
NAT Application Information of the NAT ALG.

Level Gateway
Information
Application Application protocol type.
Status Whether the NAT ALG function is enabled.
7.9.5 display nat dns-map
Function
The display nat dns-map command displays the configuration of DNS mapping.
Format
display nat dns-map [ domain-name ]
Parameters
domain-name Specifies the valid The value is a string of 1

domain name that can to 255 case-insensitive
be resolved by the DNS characters without
server. spaces. The string cannot
contain the following
characters: / : < > @ \ |
% ' ".
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None

Example
# Display the configuration of NAT DNS mapping.
<HUAWEI> display nat dns-map
NAT DNS mapping information:
Domain-name : www.example.com
Global IP : vlanif300 (Real IP : 1.1.1.1)
Global port : 2
Protocol : tcp
Total : 1
Table 7-72 Description of the display nat dns-map command output
Item Description
NAT DNS mapping Information of NAT DNS Mapping.

information
Domain-name Domain name.
Global IP IP address provided for external access.
Global port Port number provided for external access.
Protocol Type of the protocol carried over IP.
Total Number of NAT DNS mapping information items.
7.9.6 display nat filter-mode
Function
The display nat filter-mode command displays the current NAT filtering mode.
Format
display nat filter-mode
Parameters
None
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can run this command to check the current NAT filtering mode. The modes
include:
● endpoint-independent: independent of the external address and port.
● endpoint-dependent: dependent on the external address and independent of
the port.
● endpoint-and-port-dependent: dependent on the external address and port.
Example
# Display the current NAT filtering mode.
<HUAWEI> display nat filter-mode
Nat filter mode is : endpoint-independent
Table 7-73 Description of the display nat dns-map command output
Item Description
Nat filter mode is The current NAT filtering mode.
7.9.7 display nat log configuration
Function
The display nat log configuration command displays the configuration of NAT
session logs.
Format
display nat log configuration
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None

Example
# Display the configuration of NAT session logs.
<HUAWEI> display nat log configuration
Session log :
Status : disabled
Log-interval : 30 s
Binary-log host :
Host Source
10.10.10.1:3456 10.10.10.2:20000
Table 7-74 Description of the display nat log configuration command output
Item Description
Session log NAT session log information.
status Status of the NAT log function.

● enabled
● disabled
log-interval Interval for generating NAT session logs.
Binary-log host Information about the binary NAT session

log server.
host IP address and port number of the binary

NAT session log server.
source IP address and port number used by the

device to communicate with the binary
NAT session log server.
7.9.8 display nat mapping table

Function
The display nat mapping table command displays NAT mapping table
information or the number of entries in the NAT table.
Format
display nat mapping table { all | number }
display nat mapping table inside-address ip-address protocol protocol-name
port port-number

Parameters
all Displays information -

about all entries in the
NAT mapping table.
number Displays the number of -

entries in the NAT
mapping table.
inside-address ip- Indicates the internal IP The value is in dotted

address address of the server. decimal notation.
protocol protocol-name Indicates the protocol The value can be tcp or

type. udp.
port port-number Indicates the protocol The value is an integer

port number. that ranges from 1 to
65535.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display nat mapping table command displays information about all entries in
a NAT table or the number of entries in the NAT table. You can also enter
keywords to view a specified entry.
Example
# Display the number of entries in the NAT table.
<HUAWEI> display nat mapping table number
The total number of NAT dynamic mapping tables is: 1
# Display information about all entries in the NAT table.

<HUAWEI> display nat mapping table all
NAT Dynamic Mapping Table Information:
Protocol : UDP(17)
InsideAddr Port Vpn : 192.168.1.121 555
GlobalAddr Port : 1.1.1.1 10491
Protocol : UDP(17)
InsideAddr Port Vpn : 192.168.1.119 555
GlobalAddr Port : 2.2.2.2 23099
Total : 2

Table 7-75 Description of the display nat mapping table command output
Item Description
The total number of Number of NAT mapping tables.

NAT dynamic
mapping tables is
NAT Dynamic Information of NAT mapping tables.

Mapping Table
Information
Protocol Application protocol type.
InsideAddr Port Vpn Private IP address, port number, and VPN instance name.
The device does not support Vpn.
GlobalAddr Port Public IP address and port number.
Total Number of NAT mapping tables.
7.9.9 display nat mapping-mode
Function
The display nat mapping-mode command displays the NAT mapping mode.
Format
display nat mapping-mode
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After NAT mapping is configured, you can view the NAT mapping information. For
example, you can view:
● Endpoint-independent mapping information about TCP packets.

● Endpoint-independent mapping information about UDP packets.
● Endpoint-independent mapping about TCP and UDP packets.

Example
# Display NAT mapping information.
<HUAWEI> display nat mapping-mode
NAT Mapping Mode Information:
-----------------------------------------------------------
nat mapping-mode endpoint-independent tcp
-----------------------------------------------------------
Total : 1
Table 7-76 Description of display nat mapping-mode command output
Item Description
NAT Mapping Mode Information of the NAT mapping mode.

Information
Total Number of the NAT mapping mode.
7.9.10 display nat outbound
Function
The display nat outbound command displays information about outbound NAT.
Format
display nat outbound [ acl acl-number | address-group group-index | interface
interface-type interface-number ]
Parameters
acl acl-number Displays the number of a The value must be an

basic ACL or an existing ACL number.
advanced ACL.
address-group group- Displays the index of a The value must be an

index NAT address pool. existing address pool
index.
interface interface-type Displays the type and -

interface-number number of an interface.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display all information about outbound NAT.
<HUAWEI> display nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
Vlanif300 2000 1 no-pat
--------------------------------------------------------------------------
Total : 1
Table 7-77 Description of the display nat outbound command output

Item Description
Interface Name of an interface.
Acl Basic or advanced ACL that is in use.
Address-group/IP/ The index of a NAT address pool or IP address or

Interface loopback interface.
Type Type of NAT. (If no NAT address pool is specified, the IP

address of the interface is used as the translated IP
address. That is, Easy IP is used.)
Total Number of outbound NAT information items.
7.9.11 display nat server

Function
The display nat server command displays the configuration of the NAT server.
Format
display nat server [ global global-address | inside host-address | interface
interface-type interface-number | acl acl-number ]

Parameters
global global-address Indicates the public The value is in dotted

address of the NAT decimal notation.
server.
inside host-address Indicates the private The value is in dotted

address of the NAT decimal notation.
server.
interface interface-type Indicates the type and -

interface-number number of an interface
or a sub-interface.
acl acl-number Indicates the number of The value is an integer

an ACL. that ranges from 2000 to
3999.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can use this command to check whether the NAT server is configured
correctly.
Example
# Display the configuration of all NAT servers.
<HUAWEI> display nat server
Nat Server Information:
Interface : Vlanif300
Global IP/Port : current-interface/0(any) (Real IP : 2.2.2.2)
Inside IP/Port : 10.1.1.1/0(any)
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----
Vrrp id : ----
Description : ----
Total : 1

Table 7-78 Description of the display nat server command output
Item Description
Nat Server Information of Nat Server.

Information
Interface Name of an interface.
Global IP/Port Public IP address and port number.
Inside IP/Port Private IP address and port number.
Protocol Protocol number and protocol type.
VPN instance-name Name of the VPN instance.

Acl number Number of the ACL in the NAT server.
Vrrp id VRRP ID.

Description NAT description.
Total Number of NAT servers.
7.9.12 display nat session
Function
The display nat session command displays the NAT mapping table.
Format
display nat session { all [ verbose ] | number }
display nat session protocol { protocol-name | protocol-number } [ source

source-address [ source-port ] ] [ destination destination-address [ destination-
port ] ] [ verbose ]
display nat session source source-address [ source-port ] [ destination
destination-address [ destination-port ] ] [ verbose ]
display nat session destination destination-address [ destination-port ]
[ verbose ]
Parameters
all Displays all entries in the -

NAT mapping table.


NAT mapping table.
number Displays the number of -

entries in the NAT
mapping table.
protocol { protocol- Displays the NAT ● The value of protocol-

name | protocol- mapping table with a name can be icmp,
number } specified protocol type or tcp, or udp.
port number. ● The value of protocol-
number is an integer
255.
source source-address Specifies the source IP ● source-address: The

[ source-port ] address and port number value is in dotted
before the NAT decimal notation.
translation. ● source-port: The value
is an integer that
ranges from 1 to
65535.
destination destination- Specifies the destination ● destination-address:

address [ destination- IP address and port The value is in dotted
port ] number before the NAT decimal notation.
translation. ● destination-port: The
value is an integer
65535.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command displays information about the NAT mapping table. You can view
information about all entries or display information by specifying keywords. The
entries in a NAT mapping table are triggered by service packets. If the device does
not receive any service packet, no entry is generated.
Example
# Display details about all entries in the NAT mapping table.

<HUAWEI> display nat session all verbose

-------------------------------------------------------------------------------
Pro SrcAddr:Port DestAddr:Port NewSrcAddr:Port NewDestAddr:Port
-------------------------------------------------------------------------------
TCP(6) 10.18.11.253:50943
10.18.11.1:21 10.18.11.253:50943
192.168.1.2:21
TTL:600,SrcVpn:-,DestVpn:-
TCP(6) 10.18.11.253:50950
10.18.11.1:3821 10.18.11.253:50950
192.168.1.2:3821
TTL:600,SrcVpn:-,DestVpn:-
-------------------------------------------------------------------------------
Total : 2
Table 7-79 Description of the display nat session all verbose command output
Item Description
Pro Protocol type.
SrcAddr:Port Source address and service port number before the

translation.
DestAddr:Port Destination address and service port number before the

translation.
NewSrcAddr:Port Source address and service port number after the

translation.
NewDestAddr:Port Destination address and service port number after the

translation.
TTL Time to live of the mapping table entries.
SrcVpn Source VPN instance name.

DestVpn Destination VPN instance name.

7.9.13 display nat session aging-time
Function
The display nat session aging-time command displays the aging time of NAT
session entries for each protocol.
Format
display nat session aging-time
Parameters
None

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the aging time of NAT session entries for
each protocol.
Example
# Display the aging time of NAT session entries for each protocol on the current
device.
<HUAWEI> display nat session aging-time
---------------------------------------------
tcp protocol timeout : 600 (s)
http protocol timeout : 120 (s)
udp protocol timeout : 120 (s)
icmp protocol timeout : 20 (s)
dns protocol timeout : 120 (s)
ftp protocol timeout : 120 (s)
ftp-data protocol timeout : 120 (s)
rtsp protocol timeout : 60 (s)
rtsp-media protocol timeout : 120 (s)
pptp protocol timeout : 600 (s)
pptp-data protocol timeout : 600 (s)
---------------------------------------------
Table 7-80 Description of the display nat session aging-time command output
Item Description
tcp protocol timeout The aging time of TCP connections. The

default value is 600 seconds.
http protocol timeout The aging time of HTTP connections. The

udp protocol timeout The aging time of UDP connections. The

icmp protocol timeout The aging time of ICMP connections. The

dns protocol timeout The aging time of the DNS protocol. The
ftp protocol timeout The aging time of FTP control connections.

The default value is 120 seconds.
ftp-data protocol timeout The aging time of FTP data connections.


Item Description
rtsp protocol timeout The aging time of the RTSP protocol. The
rtsp-media protocol timeout The aging time of the RTSP media protocol.
pptp protocol timeout The aging time of PPTP control

connections. The default value is 600
seconds.
pptp-data protocol timeout The aging time of PPTP data connections.

7.9.14 display nat static

Function
The display nat static command displays the configuration of static NAT.
Format
display nat static [ global global-address | inside host-address | interface
interface-type interface-number | acl acl-number ]
Parameters
global global-address Indicates the public The value is in dotted

address for static NAT. decimal notation.
inside host-address Indicates the private The value is in dotted

address for static NAT. decimal notation.


3999.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
After static NAT is configured, you can use the display nat static command to view
the configuration of static NAT.
Example
# Display the global configuration of static NAT.
<HUAWEI> display nat static
Static Nat Information:
Global Nat Static
Global IP/Port : 1.1.1.1/0(any)
Inside IP/Port : 10.1.1.1/0(any)
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----
Vrrp id : ----
Netmask : 255.255.255.255
Description : ----
Total : 1
Table 7-81 Description of the display nat static command output

Item Description
Global IP/Port Public IP address and port number.
Inside IP/Port Private IP address and port number.
Protocol Protocol number and protocol type.
VPN instance-name Name of the VPN instance.

Acl number Number of the ACL in the static NAT.
Vrrp id VRRP ID.

Netmask Network mask.
Description NAT description.
Total Number of static NATs.
7.9.15 display nat static interface enable

Function
The display nat static interface enable command displays the interface enabled
with the static NAT function.
Format
display nat static interface enable

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display the interface enabled with the static NAT function.
<HUAWEI> display nat static interface enable
Static Nat enable Information :
------------------------------------------------
interface Vlanif300
------------------------------------------------
Total : 1
Table 7-82 Description of the display nat static interface enable command output
Item Description
Static Nat enable Interface enabled with the static NAT function.
Information
Total Number of interfaces enabled with the static NAT

function.
7.9.16 display port-mapping
Function
The display port-mapping command displays mappings between the specified
application-layer protocols and ports.
Format
display port-mapping [ protocol-name | port port-number ]

Parameters
protocol-name Displays the mapping The value can be dns,

between the specified ftp, pptp and rstp.
the application-layer
protocol and port.
port port-number Displays the mapping The value is an integer

between the specified that ranges from 1 to
port and the application- 65535.
layer protocol.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display port-mapping command displays the port mappings, including the
mappings between application-layer protocols and ports, condition (ACL) in which
each mapping takes effect, and the type of each mapping (defined by the system
or user).
Example
# Display the mapping between the DNS protocol and port.
<HUAWEI> display port-mapping dns
-------------------------------------------------
Service Port Acl Type
-------------------------------------------------
dns 53 system defined
-------------------------------------------------
Total number is : 1
Table 7-83 Description of the display port-mapping command output

Item Description
Service Type of the application-layer protocol.
Port Port number.
Acl Number of the ACL for mappings.

Item Description
Type Mapping type.

● system defined: default mapping.
● user defined: mapping defined by the
user.
Total number is The total number of mappings between the

DNS protocol and port.
7.9.17 nat address-group
Function
The nat address-group command configures a NAT address pool.
The undo nat address-group command deletes a NAT address pool.
By default, no NAT address pool is configured.
Format
nat address-group group-index start-address end-address
undo nat address-group group-index
Parameters
group-index Specifies the index of a The value is an integer

NAT address pool. that ranges from 0 to 3.
start-address Specifies the start The value is in dotted

address of the address decimal notation.
pool.
end-address Specifies the end address The value is in dotted

of the address pool. decimal notation.
Views
System view
Default Level

Usage Guidelines
Usage Scenario
The address pool is a set of consecutive IP addresses. When a packet from the
private network reaches the public network through address translation, the
source address of the packet will be translated to another address by the address
pool.
Precautions
The start IP address of the address pool must be smaller than or equal to the end
IP address of the address pool and up to 255 IP addresses can be configured in the
address pool.
Example
# Configure an address pool ranging from 10.110.10.10 to 10.110.10.15, with the
address pool index being 1.
[HUAWEI] nat address-group 1 10.110.10.10 10.110.10.15
7.9.18 nat alg
Function
The nat alg command enables the NAT ALG function for application protocols.
The undo nat alg command disables the NAT ALG function for application
protocols.
By default, NAT ALG is disabled on Fat APs. For cloud APs, DNS NAT ALG is
disabled, and NAT ALG for other protocols is enabled.
Format
nat alg { all | protocol-name } enable
undo nat alg { all | protocol-name } enable
Parameters
all Enables the NAT ALG -

function for DNS, FTP,
PPTP and RTSP.
protocol-name Enables the NAT ALG The value can be dns,

function for the specified ftp, pptp, and rtsp.
protocol type.

Views
System view
Default Level
Usage Guidelines
After the NAT ALG function is enabled for an application protocol, packets of the
application protocol can traverse the public network through NAT. Otherwise, the
application protocol cannot work normally.
Example
# Enable the NAT ALG function for FTP.
[HUAWEI] nat alg ftp enable
# Disable the NAT ALG function for FTP.

[HUAWEI] undo nat alg ftp enable
7.9.19 nat dns-map

Function
The nat dns-map command configures a mapping entry from the domain name
to the public IP address, port number, and protocol type.
The undo nat dns-map command deletes a mapping entry from the domain
name to the public IP address, port number, and protocol type.
By default, no mapping entry is configured.
Format
nat dns-map domain-name { global-address | interface interface-type interface-
number } global-port protocol-name
undo nat dns-map domain-name { global-address | interface interface-type
interface-number } global-port protocol-name

Parameters
domain-name Specifies a valid domain The value is a string of 1

name that can be to 255 case-insensitive
resolved by the DNS characters without
server. spaces. The domain
name of each level
contains a maximum of
63 characters. Domain
names of different levels
are separated by periods
(.) and contain a
maximum of 255
characters. The string
cannot contain the
following characters: / : <
> @ \ | % ' ".
global-address Specifies a valid IP The value is in dotted

address provided for decimal notation.
external access.
interface interface-type Specifies the type and -

global-port Specifies the port The value is an integer

number of the service that ranges from 1 to
provided for external 65535.
access.
protocol-name Specifies the protocol The value can be tcp and

carried over IP. udp.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
You can use this command to configure the mapping from the domain name to
the public IP address, port number, and protocol type for internal hosts. In this
manner, internal hosts can differentiate and access corresponding internal servers
according to domain names when no DNS server is deployed on the private
network.
By default, DNS mapping is not configured. In this case, after the external DNS
server resolves public IP addresses from domain name requests of internal hosts,

the internal hosts can be mapped to only one internal server. In addition, internal
hosts cannot differentiate and access corresponding internal servers according to
domain names.
Follow-up Procedure
Run the nat alg dns enable command to enable the DNS NAT ALG function. The
NAT ALG function allows hosts on a private network to access servers on the
private network through the external DNS server.
Example
# Configure a mapping entry from a domain name to public IP address, port
number, and protocol type.
[HUAWEI] nat dns-map www.test.com 10.1.1.1 2012 tcp
7.9.20 nat filter-mode
Function
The nat filter-mode command sets the NAT filtering mode.
The default NAT filtering mode is endpoint-and-port-dependent.
Format
nat filter-mode { endpoint-dependent | endpoint-independent | endpoint-and-
port-dependent }
Parameters
endpoint-dependent Indicates the NAT -

filtering mode
dependent on the
external address and
independent of the port.
endpoint-independent Indicates the NAT -

filtering mode
independent of the
port.
endpoint-and-port- Indicates the NAT -

dependent filtering mode
dependent on the
port.

Views
System view
Default Level
Usage Guidelines
NAT filtering allows applications using the STUN and TURN technologies to
traverse the NAT server.
NAT is performed on the traffic from the external network to the internal
network:
● If the NAT filtering mode is set to endpoint-independent, the system uses
"destination IP address+destination port number+protocol number" as the key
to search the mapping table. If a corresponding entry is found, the system
generates a reverse mapping entry. The destination address and port in the
entry are the IP address and port number on the internal network.
● If the NAT filtering mode is set to endpoint-dependent, the system uses
"source IP address+destination IP address+destination port number+protocol
number" as the key to search the mapping table. If a corresponding entry is
found, the system generates a reverse mapping entry. The behavior in the
reverse mapping entry is the same as the behavior in the mapping table entry.
● If the NAT filtering mode is set to endpoint-and-port-dependent, the system
uses "source IP address+source port number+destination IP address
+destination port number+protocol number" as the key to search the
mapping table. If a corresponding entry is found, the system generates a
reverse mapping entry. The behavior in the reverse mapping entry is the same
as the behavior in the mapping table entry.
You can change the NAT filtering mode only when no traffic is transmitted
between the external network and internal network.
Example
# Set the NAT filtering mode independent of the external address and port.
[HUAWEI] nat filter-mode endpoint-independent
7.9.21 nat log binary-log host

Function
The nat log binary-log host command sets parameters of a binary NAT session
log server, including the IP addresses and port numbers of the binary log server
and the peer device communicating with the log server.
The undo nat log binary-log host command deletes the parameter settings of a
binary NAT session log server.
By default, no binary NAT session log server is configured.

Format
nat log binary-log host host-ip-address host-port source source-ip-address
source-port
undo nat log binary-log host
Parameters
host-ip-address host-port Specifies the IP address ● host-ip-address: The

and port number of the value is in dotted
NAT session log server. decimal notation.
● host-port: The value is
an integer that ranges
from 1 to 65535.
source source-ip-address Specifies the IP address ● source-ip-address: The

source-port and port number of the value is in dotted
peer device that sends decimal notation.
logs to the log server. ● source-port: The value
is an integer that
ranges from 10240 to
55534.
Views
System view
Default Level
Usage Guidelines
Only one binary NAT session log server can be configured globally. The old binary
NAT session log server is directly replaced by the newly configured binary NAT
session log server.
Example
# Configure a binary NAT session log server whose IP address is 10.10.10.1 and
port number is 3456. Set the IP address of the peer device to 10.10.10.2 and its
port number to 20000.
[HUAWEI] nat log binary-log host 10.10.10.1 3456 source 10.10.10.2 20000

7.9.22 nat log session enable
Function
The nat log session enable command enables the NAT session log function.
The undo nat log session enable command disables the NAT session log
function.
By default, the NAT session log function is disabled.
Format
nat log session enable
undo nat log session enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
You can run this command to enable the NAT session log function. The session
logs record the sessions that match the specified ACL rules and sessions processed
by the NAT server.
Example
# Enable the NAT session log function.
[HUAWEI] nat log session enable
7.9.23 nat log session log-interval
Function
The nat log session log-interval command sets the interval for generating NAT
session logs.
The undo nat log session log-interval command restores the default interval for
generating NAT session logs.
By default, NAT session logs are generated every 30 seconds.

Format
nat log session log-interval interval-time
undo nat log session log-interval
Parameters
interval-time Sets the interval for The value is an integer

generating NAT session that ranges from 1 to
logs. 400, in seconds.
Views
System view
Default Level
Usage Guidelines
NAT session logs are classified into binary logs and text logs. Binary logs are sent
to the binary log server in real time, and text logs are sent to the text log server at
intervals. You can run this command to set the interval for sending text logs.
Example
# Set the interval for generating NAT session logs to 200 seconds.
[HUAWEI] nat log session log-interval 200
7.9.24 nat mapping-mode
Function
The nat mapping-mode command sets the NAT mapping mode.
The undo nat mapping-mode command restores the NAT mapping mode.
The default NAT mapping mode is endpoint-and-port-dependent.
Format
nat mapping-mode endpoint-independent [ protocol-name [ dest-port port-
number ] ]
undo nat mapping-mode endpoint-independent [ protocol-name [ dest-port
port-number ] ]

Parameters
endpoint-independent Indicates the endpoint- -

independent mode.
protocol-name Indicates the protocol The value can be tcp and

type. udp.
dest-port port-number Indicates the destination The value is an integer

port. NAT is performed that ranges from 1 to
on only the packets of 65535.
which destination ports
are this specified port.
Views
System view
Default Level
Usage Guidelines
The NAT function resolves the problem of IPv4 address shortage and improves
network security. NAT implementation of different vendors may be different, so
the applications using the STUN, TURN, and ICE technologies may fail to traverse
the NAT devices of these vendors. NAT mapping enables these applications to
traverse the NAT devices.
NAT mapping has the following modes:
● Endpoint-independent mapping: The NAT reuses the port mapping for

subsequent packets sent from the same internal IP address and port to any
external IP address and port.
● Address and port-dependent mapping: The NAT reuses the port mapping for
subsequent packets sent from the same internal IP address and port to the
same external IP address and port while the mapping is still active.
Example
# Enable the endpoint-and-port-independent mapping mode for TCP packets.
[HUAWEI] nat mapping-mode endpoint-independent tcp
# Enable the endpoint-and-port-independent mapping mode for TCP and UDP

packets.
[HUAWEI] nat mapping-mode endpoint-independent

7.9.25 nat outbound

Function
The nat outbound command associates an ACL with a NAT address pool. In this
manner, the addresses specified in the ACL can be translated using the NAT
address pool.
The undo nat outbound command disables outbound NAT.
By default, outbound NAT is disabled.
Format
nat outbound acl-number address-group group-index [ no-pat ]
undo nat outbound acl-number address-group group-index [ no-pat ]
Parameters
acl-number Specifies the number of The value is an integer

3999.
address-group group- Indicates that the NAT The value is an integer

index address pool is used for that ranges from 0 to 3.
address translation. If no
NAT address pool is
specified, the IP address
of the interface is used
as the translated IP
address. That is, Easy IP
is used.
no-pat Indicates one-to-one -

NAT, that is, only the IP
address in a datagram is
translated and the port
number is not translated.
Views
VLANIF interface view, Dialer interface view
Default Level
Usage Guidelines
Use Scenario

After an ACL is associated with a NAT address pool, NAT translates the source IP
address of a data packet matching the ACL to an IP address in the NAT address
pool.
On the same interface, different IP addresses can be translated and associated.
This interface usually connects to an ISP network and is the egress of the internal
network.
NOTE
This command can only be used on Layer 3 interfaces, except the Loopback and NULL
interfaces.
Example
# Select the addresses from 1.1.1.1 to 1.1.1.3 to form NAT address pool 1, and
configure the hosts in the network segment 10.110.10.0/24 to use the addresses in
address pool 1 for many-to-one address translation (using TCP/UDP port
information).
[HUAWEI] acl number 2001
[HUAWEI-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[HUAWEI] nat address-group 1 1.1.1.1 1.1.1.3
[HUAWEI-Vlanif10] nat outbound 2001 address-group 1
7.9.26 nat outbound (Easy-IP)

Function
The nat outbound command configures Easy IP.
The undo nat outbound command disables outbound NAT.
By default, Easy IP is disabled.
Format
nat outbound acl-number [ interface interface-type interface-number ]
undo nat outbound acl-number [ interface interface-type interface-number ]
Parameters
acl-number Specifies the number of The value is an integer

3999.
interface interface-type Indicates that an -

interface-number interface address is
specified as the
translated address.

Views
Default Level
Usage Guidelines
Easy IP indicates that the IP address of the interface is used as the translated IP
address.
NOTE
This command can only be used on Layer 3 interfaces, except the Loopback, NULL
interfaces.
Example
# Set the IP address of the interface to the translated IP address.
[HUAWEI] acl number 2001
[HUAWEI-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[HUAWEI-Vlanif10] nat outbound 2001
7.9.27 nat server

Function
The nat server command defines a mapping table of internal servers so that
external users can access internal servers through address and port translation.
The undo nat server command cancels the mapping table.
By default, no mapping table is configured.
Format
nat server protocol { tcp | udp } global { global-address | current-interface |
interface interface-type interface-number } global-port [ global-port2 ] inside
host-address [ host-address2 ] [ host-port ] [ acl acl-number ] [ description
description ]
nat server [ protocol { protocol-number | icmp | tcp | udp } ] global { global-
address | current-interface | interface interface-type interface-number } inside
host-address [ acl acl-number ] [ description description ]
undo nat server protocol { tcp | udp } global { global-address | current-
interface | interface interface-type interface-number } global-port [ global-
port2 ] inside host-address [ host-address2 ] [ host-port ]
undo nat server [ protocol { protocol-number | icmp | tcp | udp } ] global
{ global-address | current-interface | interface interface-type interface-number }
inside host-address

Parameters
protocol Indicates the protocol -

type.
protocol-number Specifies the protocol The value is an integer

number. that ranges from 1 to
255.
global Configures external -

NAT server.
icmp Indicates that servers -

communicate with each
other using ICMP.
tcp Indicates that servers -

other using TCP.
udp Indicates that servers -

other using UDP.
global-address Specifies a valid IP The value is in dotted

address provided for decimal notation.
external access.
inside Configures internal -

NAT server.
host-address Specifies an IP address of The value is in dotted

the NAT server. decimal notation.
host-address2 Specifies the ending IP The value is in dotted

address of the private decimal notation.
network.
global-port Specifies the external The value is an integer

service port number. You that ranges from 0 to
can use keywords to 65535.
replace common port
numbers. For example,
the FTP port number is
21, so you can use the
keyword ftp. If this
parameter is not
specified, the value of
this parameter is 0. That
is, any type of service
can be provided.

global-port2 Specifies the external The value is an integer

service ending port that ranges from 0 to
number. You can use 65535.
keywords to replace
common port numbers.
For example, the FTP
port number is 21, so
you can use the keyword
ftp. If this parameter is
not specified, the value
of this parameter is 0.
That is, any type of
service can be provided.
host-port Specifies the service port The value is an integer

number provided by the that ranges from 0 to
NAT server. If this 65535.
parameter is not
this parameter is the
same as the value of
global-port.
3999.
description description Indicates the NAT The value is a string of 1

spaces.
current-interface Indicates a public -

address as the current
interface address.
interface interface-type Indicates a public -

interface-number address as the interface
address.
Views
VLANIF interface view, Tunnel interface view
Default Level

Usage Guidelines
Usage Scenario
You can configure an internal server so that the external network can access the
server in an active manner. When a host on the public network sends a connection
request to the public address (global-address) of the internal NAT server, the NAT
server translates the destination address of the request into a private address
(inside-address). The request is then forwarded to the server on the private
network.
NOTE
● This command can only be used on Layer 3 interfaces, except loopback and NULL
interfaces.
● If you run the undo nat server command, static mapping entries are not deleted within
the aging-time period. To clear static mapping entries, run the reset nat session
command.
Precautions
The specified global-port or host-port cannot be used by other applications.

Otherwise, the configuration does not take effect.
If you need to map the private address of an internal server into the IP address of
the public network interface when configuring this command on the public
network interface, you must set the current-interface parameter to specify a
global address as the current interface address.
Example
# Add a NAT server and translate public address 1.1.1.1 of the TCP service to
private address 192.168.0.1.
[HUAWEI-Vlanif100] nat server protocol tcp global 1.1.1.1 inside 192.168.0.1
7.9.28 nat session aging-time
Function
The nat session aging-time command sets the aging time of the NAT session
table for each protocol.
The undo nat session aging-time command restores the default aging time of
the NAT session table for each protocol.
For the default aging time of the NAT session table for each protocol, see Table
7-84.
Format
nat session protocol-name aging-time time-value
undo nat session { all | protocol-name } aging-time

Parameters
protocol-name Specifies the protocol The value can be dns,

type. ftp, ftp-data,http, icmp,
pptp, pptp-data, rtsp,
rtsp-media, tcp and udp.
time-value Specifies the aging time. The value is an integer

65535, in seconds.
all Restores the default -

aging times of the
session tables for all
protocols.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
You can run the nat session aging-time command to set the aging time of the
protocol session table for each protocol. If an entry in a session table is not used
within the specified period, the entry expires. For example, the user with the IP
address 10.110.10.10 initiates a TCP connection through port 2000. If the TCP
connection is not used within the timeout duration, the system deletes the TCP
connection.
Table 7-84 lists the default aging time of the NAT session table for each protocol.
Table 7-84 Default aging time of the NAT session table for each protocol
Protocol Default Aging Time
dns 120 seconds
ftp 120 seconds
ftp-data 120 seconds
icmp 20 seconds
http 120 seconds
pptp 600 seconds

Protocol Default Aging Time
pptp-data 600 seconds
rtsp 60 seconds
rtsp-media 120 seconds
tcp 600 seconds
udp 120 seconds
Precautions
For some services such as the voice service, you must increase the TCP/UDP
connection aging time to prevent service interruption.
Example
# Set the aging time of DNS sessions to 60 seconds.
[HUAWEI] nat session dns aging-time 60
7.9.29 nat static enable
Function
The nat static enable command enables static NAT on an interface.
The undo nat static enable command disables static NAT on an interface.
By default, static NAT on an interface is disabled.
Format
nat static enable
undo nat static enable
Parameters
None
Views
Default Level

Usage Guidelines
Using the nat static enable command, you can enable static NAT on an interface.
NOTE
This command can only be used on Layer 3 interfaces, except the Loopback and NULL
interfaces.
Example
# Enable static NAT on an interface.
[HUAWEI-Vlanif100] nat static enable
7.9.30 nat static (interface view)
Function
The nat static command configures the static mapping between a private IP
address and a public IP address.
The undo nat static command deletes the static mapping between a private IP
address and a public IP address.
By default, the static mapping between a private IP address and a public IP

address is not configured.
Format
nat static protocol { tcp | udp } global { global-address | current-interface |
interface interface-type interface-number } global-port [ global-port2 ] inside
host-address [ host-address2 ] [ host-port ] [ netmask mask ] [ acl acl-number ]
nat static [ protocol { protocol-number | icmp | tcp | udp } ] global { global-

address | current-interface | interface interface-type interface-number } inside
host-address [ netmask mask ] [ acl acl-number ] [ description description ]
undo nat static protocol { tcp | udp } global { global-address | current-interface

| interface interface-type interface-number } global-port [ global-port2 ] inside
host-address [ host-address2 ] [ host-port ] [ netmask mask ]
undo nat static [ protocol { protocol-number | icmp | tcp | udp } ] global

{ global-address | current-interface | interface interface-type interface-number }
inside host-address [ netmask mask ]
Parameters
Parameter Parameters Value
protocol Indicates the protocol. -

protocol-number Specifies a protocol The value is an integer

255.
icmp Indicates address -

translation for ICMP
packets.
tcp Indicates address -

translation for TCP
packets.
udp Indicates address -

translation for UDP
packets.
global Configures public -

network information.
global-address Specifies a public IP The value is in dotted


service port number. that ranges from 0 to
If this parameter is not 65535.
global-port is 0. That is,
any type of service can
be provided.
global-port2 Specifies a public end The value is an integer

port number. that ranges from 0 to
If this parameter is 65535.
specified, a range of
consecutive port
numbers are translated.
specified, only the port
number global-port is
translated.
inside Configures private -

network information.
host-address Specifies a private IP The value is in dotted


host-address2 Specifies a private end IP The value is in dotted

If this parameter is
specified, a range of
consecutive IP addresses
are translated. If this
parameter is not
specified, only the
private IP address host-
address is translated.
host-port Specifies a service port The value is an integer
number provided by that ranges from 0 to
private network devices. 65535.
host-port is the same as
the value of global-port.
netmask mask Specifies the network The value ranges from

mask for static NAT. 255.255.255.0 to
255.255.255.255.
acl acl-number Specifies the number of The value is an integer

You can use an ACL to 3999.
control NAT
implementation,
ensuring that NAT is
performed only for data
packets that meet rules
in the ACL.
description description Specifies the NAT The value is a string of 1

characters without
question marks (?). It
can contain spaces.
current-interface Specifies a public IP -

address as the IP address
of the current interface.

interface interface-type Specifies a public IP -

interface-number address as the IP address
of an interface.
● interface-type
type.
number.
Views
Default Level
Usage Guidelines
Usage Scenario
If devices on a private network allow access from devices on a public network
through a fixed IP address, for example, a private server provides services to public
network devices, the public network devices can access the server through a fixed
public IP address. You can configure static NAT to translate the private IP address
of the private server into the specified public IP address.
Static NAT also supports IP address translation between network segments, that
is, private IP addresses within a specified range and public IP addresses within a
specified range can be translated into each other.
Precautions
After the undo nat static command is run on the device, static mapping entries
on the device will not be cleared immediately. To clear static mapping entries
immediately, run the reset nat session command.
When the global-port, global-port2, host-port, and host-port2 parameters are
specified to configure mappings between public and private port numbers, the
number of public port numbers must be the same as the number of private port
numbers and the port numbers must be mapped in sequence. For example, when
nat static protocol tcp global 1.1.1.1 11 20 inside 10.10.10.1 21 30 is
configured, the public IP address 1.1.1.1 maps the private IP address 10.10.10.1,
and public port numbers 11 to 20 map private port numbers 21 to 30 in sequence.
When host-address2 is specified, global-port2 and host-port must also be
specified. The number of private addresses must be the same as the number of
public port numbers. That is, the same public address maps different private
addresses, and different public port numbers map the same private port number.
For example, when nat static protocol tcp global 1.1.1.1 11 12 inside 10.10.10.1

10.10.10.2 30 is configured, 1.1.1.1 and public port 11 map 10.10.10.1 and private
port 30, and 1.1.1.1 and public port 12 map 10.10.10.2 and private port 30.
Example
# Translate the combination of the public IP address 1.1.1.1 and port 200 in TCP
packets to the combination of the private IP address 10.10.10.1 and port 300.
[HUAWEI-Vlanif100] nat static protocol tcp global 1.1.1.1 200 inside 10.10.10.1 300
7.9.31 nat static (system view)
Function
The nat static command configures one-to-one NAT between private addresses
and public addresses in the system view.
The undo nat static command deletes one-to-one NAT configured between
private addresses and public addresses in the system view.
By default, no one-to-one NAT is configured.
Format
nat static protocol { tcp | udp } global global-address global-port [ global-
port2 ] inside host-address [ host-address2 ] [ host-port ] [ netmask mask ]
nat static protocol { tcp | udp } global interface loopback interface-number

global-port [ global-port2 ] inside host-address [ host-address2 ] [ host-port ]
[ netmask mask ] [ description description ]
nat static [ protocol { protocol-number | icmp | tcp | udp } ] global { global-

address | interface loopback interface-number } inside host-address [ netmask
mask ] [ description description ]
undo nat static protocol { tcp | udp } global global-address global-port [ global-
port2 ] inside host-address [ host-address2 ] [ host-port ] [ netmask mask ]
undo nat static protocol { tcp | udp } global interface loopback interface-
number global-port [ global-port2 ] inside host-address [ host-address2 ] [ host-
port ] [ netmask mask ] [ description description ]
undo nat static [ protocol { protocol-number | icmp | tcp | udp } ] global
{ global-address | interface loopback interface-number } inside host-address
[ netmask mask ] [ description description ]
Parameters
protocol Indicates a protocol. -

protocol-number Specifies the protocol The value is an integer

255.
global Configures external -

address and port
number.
global-address Specifies the public IP The value is in dotted

address for NAT. decimal notation.
inside Configures internal -

address and port
number.
host-address Specifies the private IP The value is in dotted

address for NAT. decimal notation.
host-address2 Specifies the ending IP -

address of the private
network.

service port number. If that ranges from 0 to
this parameter is not 65535.
this parameter is 0. That
is, any type of service
can be provided.
global-port2 Specifies the external The value is an integer

service ending port that ranges from 0 to
number. 65535.
host-port Specifies the service port The value is an integer

number provided by the that ranges from 0 to
server. If this parameter 65535.
is not specified, the value
of this parameter is the
same as the value of
global-port.
icmp Indicates that servers -
other using ICMP.
tcp Indicates that servers -

other using TCP.
udp Indicates that servers -

other using UDP.

netmask mask Indicates the network The value ranges from

mask for static NAT. 255.255.255.0 to
255.255.255.255.
description description Indicates the NAT The value is a string of 1

description. to 255 characters. The
character string is case
sensitive. It can contain
spaces but cannot
contain the question
mark (?).
interface loopback Indicates a public The value is an integer

interface-number address as the loopback that ranges from 0 to
interface address. 1023.
Views
System view
Default Level
Usage Guidelines
Static NAT indicates that a private address is statically bound to a public address
when NAT is performed. The public IP address in static NAT is only used for
translation of the unique and fixed private IP address of a host.
Static PAT indicates that a combination of the private address of a host, TCP/UDP
protocol number, and internal port number is statically bound to a combination of
the public address, TCP/UDP protocol number, and external port number. The
public IP address in static PAT can be used for translation of multiple private
addresses.
Using static NAT or PAT, hosts on the private network and hosts on the public
network can access each other.

NOTE
● If you run the undo nat static command, static mapping entries are not immediately
deleted. To clear static mapping entries, run the reset nat session command.
● When the global-port, global-port2, host-port, and host-port2 parameters are specified to
configure mappings between public and private port numbers, the number of public port
numbers must be the same as the number of private port numbers and the port numbers
must be mapped in sequence. For example, when nat static protocol tcp global 1.1.1.1 11
20 inside 10.10.10.1 21 30 is configured, the public IP address 1.1.1.1 maps the private IP
address 10.10.10.1, and public port numbers 11 to 20 map private port numbers 21 to 30 in
sequence.
When host-address2 is specified, global-port2 and host-port must also be specified. The
number of private addresses must be the same as the number of public port numbers. That
is, the same public address maps different private addresses, and different public port
numbers map the same private port number. For example, when nat static protocol tcp
global 1.1.1.1 11 12 inside 10.10.10.1 10.10.10.2 30 is configured, 1.1.1.1 and public port 11
map 10.10.10.1 and private port 30, and 1.1.1.1 and public port 12 map 10.10.10.2 and
private port 30.
● nat static protocol { tcp | udp } global interface loopback interface-number global-port
[ global-port2 ] inside host-address [ host-address2 ] [ host-port ] [ netmask mask ]
In the command, the first vpn-instance-name parameter specifies the VPN instance bound to
the loopback interface, and the second vpn-instance-name parameter specifies a private
network-side VPN instance.
● If the ip binding vpn-instance vpn-instance-name command is run in the interface view to
bind a public network-side VPN instance to the interface, the nat static command in the
system view does not take effect. In this case, you need to run the nat static or nat server
command in the interface view.
Example
# Translate the combination of Loopback 4 interface address and port 43 in TCP
packets to private address 192.168.2.55.
[HUAWEI-LoopBack4] ip address 192.168.8.8 24
[HUAWEI-LoopBack4] quit
[HUAWEI] nat static protocol tcp global interface loopback 4 43 inside 192.168.2.55 netmask
255.255.255.255
7.9.32 port-mapping
Function
The port-mapping command configures the mappings between ports and
application-layer protocols.
The undo port-mapping command deletes the mappings between ports and
application-layer protocols.
For the default mapping between application-layer protocols and ports, see Table
7-85.

Table 7-85 Mappings between application-layer protocols and ports

Application-Layer Protocol Port Number
dns 53
ftp 21
rtsp 554
pptp 1723
Format
port-mapping protocol-name port port-number acl acl-number
undo port-mapping { all | protocol-name port port-number acl acl-number }
Parameters
protocol-name Specifies the protocol The value can be dns,

type. ftp, rstp and pptp.
port port-number Specifies the port The value of port-

mapping to a protocol. number is an integer
65535.
acl acl-number Specifies the ACL that The value of acl-number

controls the packets to is an integer that ranges
which port mapping is from 2000 to 2999.
applied.
all Deletes the mappings -

from all ports.
Views
System view
Default Level
Usage Guidelines
Port mapping enables a server to provide various application-layer services for
external systems through non-well-known ports. For example, the well-known
port of the FTP service is port 21. After port mapping is configured on the nat
device, the nat device can use a non-well-known port to provide the FTP service.

Port mapping reduces attacks to a certain service on the server.
Example
# Map the FTP service to port 10 and apply ACL 2000 to control the packets to
which the mapping takes effect.
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit
[HUAWEI] port-mapping ftp port 10 acl 2000
7.9.33 reset app-inspect table statistics

Function
The reset app-inspect table statistics command clears statistics on NAT
application entries.
Format
reset app-inspect { servermap | session } table statistics
Parameters
servermap Clears statistics on -

Servermap entries at the
application layer.
session Clears statistics on -

session entries at the
application layer.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can run this command when you need to collect new NAT application entry
statistics. After you run this command, all statistics on NAT application entries are
cleared.
Precautions

Statistics on NAT application entries cannot be restored after they are cleared.
Exercise caution when you use the command.
Example
# Clear statistics on NAT session entries at the application layer.
[HUAWEI] reset app-inspect session table statistics
7.9.34 reset nat session

Function
The reset nat session command deletes entries from the NAT mapping table.
Format
reset nat session { all | transit interface interface-type interface-number }
Parameters
all Deletes all entries from -

the NAT mapping table.
transit Deletes the entries of -

traffic passing a specified
interface.

Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If the configurations of nat alg, nat server, and nat outbound are changed, the
packets are not forwarded based on new configurations. You can run the reset nat
session command to make the new configurations take effect. This command can
be used to delete all entries or the entries of traffic passing a specified interface
from the NAT mapping table.
Precautions

● After this command is used, entries are deleted from the NAT mapping table
and the NAT configurations are modified immediately.
● After this command is executed, you must wait at least 10 seconds if you
need to run the command again; otherwise, an error message is displayed.
● If all entries are deleted, communication among certain sessions may be
affected for a short period.
Example
# Delete all entries from the NAT mapping table.
[HUAWEI] reset nat session all
Warning:The current all NAT sessions will be deleted.
Are you sure to continue?[Y/N] y
7.9.35 reset session all

Function
The reset session all command deletes entries from all session tables.
Format
reset session all
Parameters
None.
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
This command will delete all entries that are generated during service processing.
Precautions
After this command is executed, entries are deleted from session tables and the
session table configurations are modified immediately. You must wait at least 10
seconds before running the command again; otherwise, an error message is
displayed.
Example
# Display entries from all session tables.

[HUAWEI] reset session all
Warning:The current all sessions will be deleted.
Are you sure to continue?[Y/N]y
7.10 IP Performance Configuration Commands
7.10.1 clear ip df
Function
The clear ip df command enables an interface to fragment outgoing IP packets.
The undo clear ip df command disables an interface from fragmenting outgoing

IP packets.
By default, an interface does not fragment outgoing IP packets.
Format
clear ip df
undo clear ip df
Parameters
None
Views
Default Level
Usage Guidelines
After forcible IP packet fragmentation is enabled on a device, the device sets the
Don't Fragment (DF) field to 0 and fragments IP packets that meet the following
conditions:
● The value of the DF field in the IP packet header is 1.

● The packet length is larger than the MTU value of the interface that sends the
packets.
Example
# Enable forcible fragmentation for outgoing packets on VLANIF100.
[HUAWEI-Vlanif100] clear ip df

7.10.2 discard ra
Function
The discard ra command discards IP packets with route-alert options.
The undo discard ra command restores the default configurations.
By default, packets with route-alert options are processed by the CPU.
Format
discard ra
undo discard ra
Parameters
None
Views
Default Level
Usage Guidelines
When a device receives a huge number of packets with route-alert options that
increase the traffic loads, performance of the device is affected. The discard ra
command is used to discard IP packets with route-alert options, which reduces
pressure on CPU and improves network performance and security.
NOTE
The discard ra command applies to only incoming packets.
Example
# Configure the device to discard the IP packets with route-alert options.
[HUAWEI-Vlanif100] discard ra
7.10.3 discard rr
Function
The discard rr command discards IP packets with record-route options.
The undo discard rr command restores the default configurations.
By default, packets with record-route options are processed by the CPU.

Format
discard rr
undo discard rr
Parameters
None
Views
Default Level
Usage Guidelines
When a device receives a huge number of packets with record-route options that
increase the traffic loads, performance of the device is affected. The discard rr
command is used to discard IP packets with record-route options, which reduces
NOTE
The discard rr command applies to only incoming packets.
Example
# Configure the device to discard the IP packets with record-route options.
[HUAWEI-Vlanif100] discard rr
7.10.4 discard srr

Function
Using the discard srr command, you can enable the function of discarding IP
packets with source-route options.
Using the undo discard srr command, you can disable the function of discarding
the IP packets with source-route options.
By default, the function of discarding IP packets with source-route options is not
enabled. That is, a device processes the IP packets with source-route options.
Format
discard srr
undo discard srr

Parameters
None
Views
Default Level
Usage Guidelines
After the discard srr command is run, the device does not process but discard the
IP packets with source-route options (including the packets to be forwarded and
the packets for itself). This prevents attackers from snooping into the network
structure and enhances network security.
srr indicates the source-route options, which are actually called the source and
record route (SRR) options. During packet routing, the IP address list is updated on
each hop. Therefore, each hop needs to record the routes for sending the response
packet along the reverse path. The SRR options are classified into the Loose
Source and Record Route (LSRR) option and Strict Source and Record Route
(SSRR) option.
NOTE
The discard srr command applies to only incoming packets.
Example
# Configure the device to discard the IP packets with source-route options on
VLANIF100.
[HUAWEI-Vlanif100] discard srr
7.10.5 discard ts
Function
The discard ts command discards IP packets with time-stamp options.
The undo discard ts command restores the default configurations.
By default, packets with time-stamp options are processed by the CPU.
Format
discard ts
undo discard ts

Parameters
None
Views
Default Level
Usage Guidelines
When a device receives a huge number of packets with time-stamp options that
increase the traffic loads, performance of the device is affected. The discard ts
command is used to discard IP packets with time-stamp options, which reduces
NOTE
The discard ts command applies to only incoming packets.
Example
# Configure the device to discard the IP packets with time-stamp options.
[HUAWEI-Vlanif100] discard ts
7.10.6 display icmp statistics
Function
The display icmp statistics command displays ICMP traffic statistics.
Format
display icmp statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
None
Example
# Display ICMP traffic statistics.
<HUAWEI> display icmp statistics
Input: bad formats 0 bad checksum 0
echo 0 destination unreachable 0
source quench 0 redirects 0
echo reply 0 parameter problem 0
timestamp request 0 information request 0
mask requests 0 mask replies 0
time exceeded 0 timestamp reply 0
Output:echo 0 destination unreachable 39735
source quench 0 redirects 0
echo reply 0 parameter problem 0
timestamp request 0 information reply 0
mask requests 0 mask replies 0
time exceeded 0 timestamp reply 0
Table 7-86 Description of the display icmp statistics command output

Item Description
Input Received packets.
Output Sent packets.
bad formats Number of packets in incorrect format.
bad checksum Number of packets with checksum errors.
echo Number of echo request packets.
destination unreachable Number of unreachable packets.
source quench Number of source quench packets.
redirects Number of redirection packets.
echo reply Number of echo reply packets.
parameter problem Number of packets with incorrect

parameters.
timestamp request Number of timestamp request packets.
information request Number of information request packets.
information reply Number of information reply packets.
mask requests Number of mask request packets.
mask replies Number of mask reply packets.
time exceeded Number of expired packets.
timestamp reply Number of timestamp reply packets.

7.10.7 display ip interface

Function
The display ip interface command displays the IP configuration and statistics on
interfaces. The statistics include the number of packets and bytes received and
sent by interfaces, number of multicast packets sent and received by interfaces,
and number of broadcast packets received, sent, forwarded, and discarded by
interfaces.
The display ip interface brief command displays brief information about
interface IP addresses, including the IP address, subnet mask, physical status, link-
layer protocol status, and number of interfaces in different states.
Format
display ip interface [ interface-type interface-number ]
display ip interface brief [ interface-type [ interface-number ] ]
display ip interface brief [ interface-type ] &<1-8>
Parameters
interface-type Specifies the type and number of an interface. If no -
interface-number interface is specified, IP configuration and statistics
about all interfaces are displayed.
brief Displays brief information, including the IP address, -

subnet mask, physical status, link-layer protocol
status, and number of interfaces in different states.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display ip interface brief command to view the following
information:
● IP configurations of all interfaces
● IP configurations of interfaces of the specified type and a specified interface
● IP configurations of interfaces that have IP addresses
This command, however, cannot display the IP configurations of Layer 2 interfaces
or Eth-Trunk member interfaces.

NOTE
● You can run the display interface description command to view the interface
description.
● You can run the display interface command to view detailed information about the
running status and statistics on the interface.
Example
# Display IP information about VLANIF15.
<HUAWEI> display ip interface vlanif 15
Vlanif15 current state : UP
The Maximum Transmit Unit : 1500 bytes
input packets : 766390, bytes : 41540847, multicasts : 681817
output packets : 242239, bytes : 14679482, multicasts : 172333
Directed-broadcast packets:
received packets: 0, sent packets: 0
forwarded packets: 0, dropped packets: 0
Broadcast address : 10.1.1.255
TTL being 1 packet number: 164035
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
Table 7-87 Description of the display ip interface command output

Item Description
current state : Physical status of the interface:

● UP: indicates that the interface is physically
Up.
physically Down.
● Administratively down: indicates that the

Item Description
Line protocol current state : Link layer protocol status of the interface:
● UP: The link layer protocol of the interface
is running properly.
● DOWN: The link layer protocol of the
interface is Down or no IP address is
configured on the interface.
The Maximum Transmit Unit : MTU of the interface. The default MTU of an
Ethernet interface or a serial interface is 1500
bytes. Packets longer than the MTU are
fragmented before being transmitted. If
fragmentation is not allowed, the packets are
discarded.
input packets : 766390, bytes : Total number of packets, bytes, and multicast
41540847, multicasts : 681817 packets received by the interface.
output packets : 242239, Total number of packets, bytes, and multicast

bytes : 14679482, multicasts : packets sent by the interface.
172333
Directed-broadcast packets: Number of packets broadcast on the interface

directly.
received packets: Total number of received packets.
sent packets: Total number of sent packets.
forwarded packets: Total number of forwarded packets.
dropped packets: Total number of discarded packets.
Internet Address is IP address assigned to the interface and mask

length.
Broadcast address : Broadcast address of the interface.
TTL being 1 packet number: Number of packets with TTL 1.
TTL invalid packet number: Number of packets with invalid TTL.
ICMP packet input number: Number of received ICMP packets.
Echo reply: Number of Echo Reply packets.
Unreachable: Number of Destination Unreachable packets.
Source quench: Number of Source Quench packets.
Routing redirect: Number of Redirect packets.
Echo request: Number of Echo Request packets.
Router advert: Number of Router Advertisement packets.
Router solicit: Number of Router Solicitation packets.

Item Description
Time exceed: Number of Time Exceeded packets.
IP header bad: Number of IP header error packets.
Timestamp request: Number of Timestamp Request packets.
Timestamp reply: Number of Timestamp Reply packets.
Information request: Number of Information Request packets.
Information reply: Number of Information Reply packets.
Netmask request: Number of Address Mask Request packets.
Netmask reply: Number of Address Mask Reply packets.
Unknown type: Number of unknown packets.
7.10.8 display ip socket

Function
The display ip socket command displays information about the created IPv4
socket.
Format
display ip socket [ monitor ] [ task-id task-id socket-id socket-id | socket-type
socket-type ]
Parameters
monitor Displays information about the -

socket monitor. Information about
the socket monitor is displayed
together with information about the
socket. If no parameter is specified
in the command, information about
all types of sockets is displayed.
task-id task-id Displays socket information of the The value is an integer

task with a specified ID. that ranges from 1 to
150.
socket-id socket- Displays information about the The value is an integer

id socket with a specified ID. that ranges from 1 to
131072.

socket-type Displays information about a socket The value is an

socket-type of a specified type. integer. Table 7-88
shows the value range.
Table 7-88 Value range of socket-type socket-type

Value Description
1 TCP socket
2 UDP socket
3 RAWIP socket
4 RAWLINK socket
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
A socket monitor monitors and records each connection. A RawLink also monitors
interfaces. The socket monitor records specific protocol events that occur during
operations. In addition, it logs information in the disk space.
The socket monitor is similar to a black box of the system. It records specific
events that happen during system operations. When the system fails, you can use
information recorded by the socket monitor to locate faults.
You can also set the filtering rules, such as the task ID, socket ID, and socket type
so that only the information matching the rules is displayed. This reduces
information output and helps you locate faults accurately and efficiently.
Example
# Display information about the IP socket.
<HUAWEI> display ip socket monitor
SOCK_STREAM:
Task = VTYD(30), socketid = 1, Proto = 6,
LA=0.0.0.0:23, FA=0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEADDR SO_KEEPALIVE SO_LINGER SO_SENDVPNID(2
3553) SO_SETKEEPALIVE SO_SETACL,
socket state = SS_PRIV
Socket Monitor:
Asyn Que status:
read = 0, write = 0, connect = 0, close = 0,
peer close = 0, accept = 0, keep alive down = 0,

cram time = 00H00M00S, lost msg= 0, msg type=0x00000000;

Nothing else has been captured!
Task = _S0f(8), socketid = 1, Proto = 6,

LA=0.0.0.0:23, FA=0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEADDR SO_LINGER SO_SENDVPNID(23553) SO_SETA
CL,
socket state = SS_PRIV SS_NBIO
Socket Monitor:
Asyn Que status:
read = 0, write = 0, connect = 0, close = 0,
peer close = 0, accept = 0, keep alive down = 0,
cram time = 00H00M00S, lost msg= 0, msg type=0x00000000;
Nothing else has been captured!
---- More ----
Table 7-89 Description of the display ip socket command output

Item Description
SOCK_STREAM Socket types:

● SOCK_STREAM
● SOCK_DGRAM
● SOCK_RAWLINK
● SOCK_RAWIP
Task = VTYD(30) Type and ID of the task that invokes the

socket. For example, the task named VTYD
uses the socket, with the task ID being 30.
socketid = 1 Socket ID.
Proto = 6 Protocol number.
LA = 0.0.0.0:23, FA = 0.0.0.0:0, ● LA: Local address/port number.

● FA: Remote address/port number.
sndbuf = 8192, rcvbuf = 8192, ● sndbuf: maximum socket send buffer

sb_cc = 0, rb_cc = 0, size. The value is in bytes.
● rcvbuf: maximum socket receive buffer
size. The value is in bytes.
● sb_cc: number of sent packets. The value
is in bytes and is valid only when TCP
caches data packets.
● rb_cc: number of received packets. The
value is in bytes.

Item Description
socket option = SO_ACCEPTCONN Set socket options:

SO_KEEPALIVE SO_LINGER ● SO_DEBUG: indicates that debugging is
SO_REUSEPORT SO_SENDVPNID enabled.
(23553) SO_SETKEEPALIVE
SO_SETACL, ● SO_ACCEPTCONN: indicates that the
socket is the server and is responsible for
monitoring.
● SO_REUSEADDR: indicates that
addresses are overlapped. After the
option is set, multiple identical
addresses can be bound to an interface.
● SO_KEEPALIVE: indicates that the
keepalive timer starts after a TCP
connection is set up.
● SO_DONTROUTE: indicates that a socket
must choose the direct route to the
destination when setting up a
connection.
● SO_BROADCAST: indicates that an
interface can send broadcast packets.
● SO_REUSEPORT: indicates that interfaces
are overlapped. After the option is set,
multiple identical interfaces can be
bound to the local interface. This option
is often set on servers.
● SO_UDPCHECKSUM: indicates that the
socket calculates the checksum of UDP
packets.
● SO_SENDVPNID: indicates an exclusive
option for VPNs.
● SO_SETKEEPALIVE: indicates that the
keepalive timer starts after a TCP
● SO_SETACL: indicates that an ACL can
be configured on the interface.
● SO_USELOOPBACK: indicates that a
socket can use a loopback interface to
receive or send data.
● SO_LINGER: indicates the time for
closing a TCP connection. If the time is
not set to 0, a TCP connection is closed
after the timer expires. If the time is set
to 0, a TCP connection is closed
immediately.
● SO_OOBINLINE: indicates out-band
data. When receiving data, a socket
processes the out-band data first.

Item Description
● SO_SENDDATAIF: indicates that a socket

uses the specified interface to receive or
send data.
● SO_SENDDATAIF_DONTSETTTL:
indicates that a socket uses the specified
interface to receive or send data but
does not set the TTL value.
● SO_SETSRCADDR: indicates that a socket
sets the source address of outgoing
packets.
● SO_SENDBY_IF_NEXTHOP: indicates that
a socket sets the outbound interface and
next hop address of outgoing packets.
socket state = SS_PRIV SS_ASYNC Socket status:

● SS_NOFDREF: indicates that the socket
ID is deleted.
● SS_ISCONNECTED: indicates that a TCP
● SS_ISCONNECTING: indicates that a TCP
connection is being set up.
● SS_ISDISCONNECTING: indicates that a
TCP connection is being closed.
● SS_CANTSENDMORE: indicates that a
socket cannot send data.
● SS_CANTRCVMORE: indicates that a
socket cannot receive data.
● SS_RCVMARK: indicates that a socket
sets the receiving option in the received
packet.
● SS_NBIO: indicates that the type of a
socket is non-blocking.
● SS_ISCONFIRMING: indicates that the
upper-layer application will complete
processing a connection.
● SS_BLOCKING: indicates that congestion
occurs during packet receiving and
sending.
● SS_RECALL: indicates that the message
notification method is set by an
asynchronous socket.
● SS_PRIV: indicates the option transferred
from the Unix. The option is invalid in
the current socket.
● SS_ASYNC: indicates the status identifier
of an asynchronous socket.

Item Description
Asyn Que status Current asynchronous queue status.
read=0 Number of messages read by the

asynchronous queue is 0.
write=0 Number of messages written by the

connect=0 Number of connection messages in the

close=0 Number of messages about closed

connections in the asynchronous queue is 0.
peer close=0 Number of messages about connections

closed by the remote end in the
asynchronous queue.is 0.
accept=0 Number of messages received by the

keep alive down=0 Number of keepalivedown messages in the

cram time=00H00M00S Time for the asynchronous queue to

become full is 00:00:00.
lost msg=0 Number of asynchronous messages

discarded by the asynchronous queue is 0.
msg type Current asynchronous message type.
7.10.9 display ip socket register-port
Function
The display ip socket register-port command displays non-well-known port
numbers that have been assigned to services on the device.
Format
display ip socket register-port
Parameters
None
Views
All views

Default Level
3: Management level
Usage Guidelines
As defined in RFC standards, port numbers larger than 1024 are non-well-known
port numbers and can be assigned to desired services, such as NQA and SSH
services. However, a non-well-known port number can be assigned to only one
service on the same device. If you assign a non-well-known port number to two or
more services, this port number takes effect for only the latest configured service.
As a result, the other services using this port number will fail.
Before you assign a non-well-known port number to a service, run the display ip
socket register-port command to check non-well-known port numbers that have
been assigned to other services, preventing service failures caused by conflicts of
non-well-known port numbers.
Example
# Display non-well-known port numbers that have been assigned to services on
the device.
<HUAWEI> display ip socket register-port
Port Task Type
3232 mdt UDP4
3503 MPLSFW UDP4
3784 BFD UDP4
4784 BFD UDP4
Table 7-90 Description of the display ip socket register-port command output
Item Description
Port Non-well-known port number that has been assigned to a

service.
Task Name of the task to which a non-well-known port number is

assigned.
Type Port type.
7.10.10 display ip statistics
Function
The display ip statistics command displays IP traffic statistics.
Format
display ip statistics

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
IP traffic statistics include statistics about received packets (including discarded
packets that carry source-route options), sent packets, fragmented packets, and
reassembled packets. If a large number of bad protocol and no route fields is
displayed in the command output, the device receives a large volume of IP packets
of unknown protocol types and IP packets for which no routes can be found. In
this situation, the device may be attacked by the connected devices.
Example
# Display IP traffic statistics.
<HUAWEI> display ip statistics
Input: sum 49617 local 40133
bad protocol 0 bad format 0
bad checksum 0 bad options 0
discard srr 0 discard rr 0
discard ra 0 discard ts 0
TTL exceeded 0
Output: forwarding 0 local 44518
dropped 0 no route 0
Fragment: input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
Table 7-91 Description of the display ip statistics command output
Item Description
Input Received packets.
sum Total number of packets.
local Number of packets sent to the upper-layer

protocol.
bad protocol Number of received IP packets of unknown

protocol types. The protocol field in the IP
header cannot be identified by the upper-
layer protocol.
bad format Number of packets in incorrect format.
bad checksum Number of packets with checksum errors.

Item Description
bad options Number of packets with incorrect options.
discard srr Number of discarded packets with source

route options.
discard rr Indicates the number of packets that are

received and then discarded because of
record-route options.
discard ra Indicates the number of packets that are

alert-route options.
discard ts Indicates the number of packets that are

time stamps options.
TTL exceeded Number of packets discarded because the

TTL expires.
Output Sent packets.
forwarding Number of forwarded packets.
local Number of generated packets.
dropped Number of discarded packets.
no route Number of packets for which no correct

route can be found, including the packets
sent and forwarded by the local device.
Fragment Number of packet fragments.
input Number of received fragments.
output Number of sent fragments.
dropped Number of discarded fragments.
fragmented Number of successfully fragmented

packets.
couldn't fragment Number of packets that cannot be

fragmented.
Reassembling:sum Number of successfully reassembled

fragments.
timeouts Number of expired fragments.

7.10.11 display network status

Function
Running the display network status command, you can check the network status
of a device.
Format
display network status { all | tcp | udp | port port-number }
Parameters
all Displays all the network -
information.
tcp Displays TCP. -
udp Displays UDP. -
port port-number Specifies the number of an The value is an integer
interface. ranging from 1 to 65535.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display network status command is used to check the network status, such
as the running interfaces and services on the network. For example, when you find
that an interface is being used by an unknown module during a security scan, run
the command to check out the module.
Example
# Display the IPv4 RawIP connection status.
<HUAWEI> display network status all
Proto Task/SockId Local Addr&Port Foreign Addr&Port State
TCP VTYD/1 0.0.0.0:23 0.0.0.0:0 Listening
TCP VTYD/3 10.23.23.1:23 10.23.23.201:4332 Established
TCP6 VTYD/2 ::->23 ::->0 Listening
UDP NTPT/1 0.0.0.0:123 0.0.0.0:0
UDP AGNT/1 0.0.0.0:161 0.0.0.0:0
UDP RDS /1 0.0.0.0:1812 0.0.0.0:0
UDP WEB /1 0.0.0.0:2000 0.0.0.0:0
UDP L2_P/1 0.0.0.0:40000 0.0.0.0:0
UDP NAP /1 0.0.0.0:53535 0.0.0.0:0
UDP6 NTPT/2 ::->123 ::->0
UDP6 AGT6/1 ::->161 ::->0

Table 7-92 Description of the display network status command output
Item Description
Proto Task/SockId Protocol Task and Socket ID
Local Addr&Port Local IP address and Port number
Foreign Addr&Port Remote IP address and Port number
State Connection status
7.10.12 display rawip statistics

Function
The display rawip statistics command displays RawIP traffic statistics.
Format
display rawip statistics [ verbose ]
Parameters
verbose Displays detailed RawIP traffic statistics based on the ICMP, -
OSPF, RSVP, and Others protocols.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The statistics about RawIP packets include the number of sent RawIP packets and
the number of received RawIP packets.
RSVP, OSPF, and ICMP packets are encapsulated into RawIP packets to be sent.
During the ping operation, for example, you can run the display rawip statistics
command to view the number of RawIP packets sent by the local device to check
whether the abnormality on the network is caused by abnormal sending and
receiving of RawIP packets.
If you want to diagnose problems and monitor information of specific
applications, configure verbose in the display rawip statistics command to

display application-specific RawIP packet statistics. The applications can be ICMP,

OSPF, RSVP, and others.
Precautions
The number of packets received by a wireless access point includes the number of
forwarded packets, packets sent to the upper layer, and discarded packets.
NOTE
RawIP traffic statistics are collected based on the well-known protocol number. The
protocol number is identified by the protocol field in the IP packet header.
● The protocol number of ICMP statistics is 1.
● The protocol number of OSPF statistics is 89.
● The protocol number of RSVP statistics is 46.
● Statistics about packets with other protocol numbers are collected into the Others field.
Example
# View the statistics about RawIP packets.
<HUAWEI> display rawip statistics
Received packets:
dropped packets because the socket buffer is full : 0
dropped packets because no matching socket is found : 0
Sent packets:
dropped packets : 0
Table 7-93 Description of the display rawip statistics command output

Item Description
Received packets Indicates the number of received packets.
dropped packets because the Indicates the number of RawIP packets that
socket buffer is full are discarded because the socket buffer is
full.
dropped packets because no Indicates the number of RawIP packets that

matching socket is found are discarded because the socket of the
receiver does not match with that of the
sender.
Sent packets Indicates the number of sent packets.
dropped packets Indicates the number of discarded packets.
# Display detailed RawIP traffic statistics.

<HUAWEI> display rawip statistics verbose
Received packets:
------------------------------------------------------------------
Application Overflow No Matching
------------------------------------------------------------------
ICMP 0 0
OSPF 0 0
RSVP 0 0
Others 0 1
------------------------------------------------------------------

Sent packets:
------------------------------------------------------------------
Application Dropped Packets
------------------------------------------------------------------
ICMP 0
OSPF 0
RSVP 0
Others 0
------------------------------------------------------------------
Table 7-94 Description of the display rawip statistics verbose command output
Item Description
Received packets Statistics on received packets.
Application Application type.
Overflow Number of RawIP packets discarded

because the Socket buffer is full.
No Matching Number of RawIP packets discarded

because the receiver's Socket is
mismatching.
ICMP ICMP packets.
OSPF OSPF packets.
RSVP RSVP packets.
Others Other types of packets.
Sent packets Statistics about sent packets.
Dropped Packets Number of discarded packets.
7.10.13 display snmp-agent trap feature-name tcp all

Function
The display snmp-agent trap feature-name tcp all command displays all trap
messages of the TCP module.
Format
display snmp-agent trap feature-name tcp all
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display snmp-agent trap feature-name tcp all command to
view all trap messages of the TCP module.
Example
# Display all trap messages of the TCP module.
<HUAWEI> display snmp-agent trap feature-name tcp all
------------------------------------------------------------------------------
Feature name: TCP
Trap number : 1
------------------------------------------------------------------------------
hwTCPMD5AuthenFail off off
Table 7-95 Description of the display snmp-agent trap feature-name tcp all
command output
Item Description
Feature name Name of the module to which a trap message

belongs.
Trap number Number of trap messages.
Trap name Name of a trap message of the TCP module:

● hwTCPMD5AuthenFail: alarm of the TCP MD5
authentication fails. It is an excessive trap.
Default switch status Status of the default trap switch:

Current switch status Status of the current trap switch:

7.10.14 display tcp statistics

Function
The display tcp statistics command displays TCP traffic statistics.
Format
display tcp statistics

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The command displays TCP traffic statistics including different types of received
and sent packets. For example, duplicate received packets and packets with
checksum errors. In addition, connection-related statistics are displayed, for
example, times of accepted connections, the number of retransmitted packets, and
the number of keepalive packets.
Most of the preceding statistics are expressed in number of packets, and some of
them are expressed in number of bytes.
Example
# Display TCP traffic statistics.
<HUAWEI> display tcp statistics
Received packets:
Total: 0
Total(64bit high-capacity counter): 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes)

out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 0 (0 bytes)

duplicate ACK packets: 0, too much ACK packets: 0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 (including 0 RST)
window probe packets: 0, window update packets: 0
data packets: 0 (0 bytes), data packets retransmitted: 0 (0 bytes)

ACK-only packets: 0 (0 delayed)
Other information:
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
Keep alive timeout: 0, keep alive probe: 0, Keep alive timeout, so connections disconnected : 0
Initiated connections: 0, accepted connections: 0, established connections: 0
Closed connections: 0 ( dropped: 0, initiated dropped: 0)
Packets dropped with MD5 authentication: 0
Packets permitted with MD5 authentication: 0
Send Packets permitted with Keychain authentication: 0
Receive Packets permitted with Keychain authentication: 0
Receive Packets Dropped with Keychain authentication: 0

Table 7-96 Description of the display tcp statistics command output

Item Description
Received packets Statistics about received packets.
Total Total number of packets.
Total (64bit high-capacity Total number of packets, using the 64-bit

counter) counter.
packets in sequence (bytes) Number of bytes in the packets that arrive

in order.
window probe packets Number of window probe packets.
window update packets Number of window update packets.
checksum error Number of packets with checksum errors.
offset error Number of packets with offset errors.
short error Number of packets whose length is too

short.
duplicate packets (bytes) Number of bytes in the duplicate packets.
partially duplicate packets (bytes) Number of bytes in partially duplicate

packets.
out-of-order packets (bytes) Number of bytes in the out-of-order

packets.
packets of data after window Number of bytes in the packets whose size
(bytes) is greater than the window size.
packets received after close Number of packets that arrive after a

connection is closed.
ACK packets (bytes) Number of acknowledged packets, in bytes.
duplicate ACK packets Number of re-acknowledged packets.
too much ACK packets Number of acknowledged packets with no

data sent.
Sent packets Number of sent packets.
urgent packets Number of urgent packets.
control packets (RST) Number of control packets (RST packets).
data packets Number of data packets.
data packets retransmitted (0 Number of bytes in the retransmitted

bytes) packets.
ACK-only packets (delayed) Number of acknowledged packets that are

delayed.

Item Description
ACK-only packets (delayed) Other data statistics.
Retransmitted timeout Timeout interval of the retransmission

timer.
connections dropped in Number of connections discarded because

retransmitted timeout the number of retransmission times
Keep alive timeout Timeout interval of the keepalive timer.
keep alive probe Number of sent keepalive packets.
Keep alive timeout, so Number of connections discarded because

connections disconnected keepalive probe fails.
Initiated connections Number of initiated connections.
accepted connections Number of accepted connections.
established connections Number of established connections.
Closed connections (dropped, Number of closed connections (number of

initiated dropped) discarded packets after a connection is set
up or before a connection is set up).
Packets dropped with MD5 Number of packets that fail to pass MD5
authentication authentication.
Packets permitted with MD5 Number of packets that pass MD5

authentication authentication.
Send Packets permitted with Number of sent packets that carry keychain
Keychain authentication options.
Receive Packets permitted with Number of received packets that pass

Keychain authentication keychain authentication.
Receive Packets Dropped with Number of received packets that fail to

Keychain authentication pass keychain authentication.
7.10.15 display tcp status
Function
The display tcp status command displays current TCP connection status.
Format
display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ip-
address ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port
remote-port-number ] ]

Parameters
task-id task-id Displays the TCP connection The value is an integer
status of the task with a that ranges from 1 to
specified ID. 150.
socket-id socket-id Displays the TCP connection The value is an integer

status of the socket with a that ranges from 1 to
specified ID. 131072.
local-ip ip-address Displays the TCP connection The value is in dotted
status of a specified local IP decimal notation.
address.
local-port local- Displays the TCP connection The value is an integer
port-number status of a specified local port that ranges from 0 to
ID. 65535.
remote-ip ip- Displays the TCP connection The value is in dotted
address status a specified remote IP decimal notation.
address.
remote-port Displays the TCP connection The value is an integer
remote-port-number status of a specified remote that ranges from 0 to
port ID. 65535.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The transmission control protocol defined in RFC 793 ensures high reliability of
transmission between hosts. TCP provides reliable and connection-oriented
services in full duplex mode. Run the display tcp status command to monitor the
TCP connection status. The following information is displayed.
● ID of the TCP task control block.
● ID of the IPv4 TCP task and socket.
● Local IPv4 address and port ID.
● Remote IPv4 address and port ID.
● ID of the VPN instance to which the TCP connection belongs.
● IPv4 TCP connection status.
You can set filtering rules based on the Task ID, socket ID, IP address and port
number of the local device, and IP address and port number of the remote device

so that only the information matching the rules is displayed. This prevents
unnecessary information from being displayed and helps you locate faults
accurately and efficiently.
Precautions
The command output is null if there is no TCP connection.
Example
# Display the TCP connection status on the local device.
<HUAWEI> display tcp status
TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State
0a5d560c 30 /1 0.0.0.0:23 0.0.0.0:0 14849 Listening
# Display the status of the TCP connection originated from the local IP address
0.0.0.0 and port 23.
<HUAWEI> display tcp status local-ip 0.0.0.0 local-port 23
0a5d560c 30 /1 0.0.0.0:23 0.0.0.0:0 14849 Listening
# Display the status of the TCP connection originated from the local IP address
0.0.0.0 and port 24.
<HUAWEI> display tcp status local-ip 0.0.0.0 local-port 24
Table 7-97 Description of the display tcp status command output

Field Description
TCPCB ID of the TCP task control block.
Tid/Soid Task ID and socket ID.
Local Add: port IP address and port number of the local device. If the
value of Local Add is 0.0.0.0, TCP connections of all IP
addresses are monitored. If the value of port is 0, the
TCP connection of all ports is monitored.
Foreign Add: port IP address and port number of the remote device. If the
value of Foreign Add is 0.0.0.0, the TCP connection of all
IP addresses is monitored. If the value of port is 0, TCP
connections of all ports are monitored.
VPNID ID of the VPN instance to which the TCP connection

belongs.
● -1: indicates all VPNs.
● 0: indicates the public VPN.
● Other values: indicates the private VPN. The VPNID is
defined by users.

Field Description
State TCP connection status:

● Closed: indicates that the TCP connection is closed.
● Listening: indicates that the TCP connection is being
monitored.
● Syn_Rcvd: indicates that a packet with the SYN flag is
received.
● Established: indicates that the TCP connection has
been set up.
● Close_Wait: indicates that a user sends a packet with
the FIN flag to the server to close the TCP connection
in Established state. The server then sends an ACK
packet to the user after receiving the packet and
enters the Close_Wait state.
● Fin_Wait1: indicates that a user sends a packet with
the FIN flag to the server to close the TCP connection
and enter this state.
● Fin_Wait2: indicates that a user receives an ACK
packet that responds to the sent packet with the FIN
flag.
● Time_Wait: indicates that TCP enters this state after
the TCP connection is closed. When TCP has been in
Time_Wait state two times the lifetime of the longest
packets, records about the closed connection are
deleted.
● Closing: indicates that the user and server close the
TCP connection simultaneously.
7.10.16 display udp statistics
Function
The display udp statistics command displays UDP traffic statistics.
Format
display udp statistics
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
The command displays UDP traffic statistics including different types of received
and sent packets. For example, packets with checksum errors. In addition,
connection-related statistics are displayed, for example, the number of broadcast
packets. The preceding statistics are expressed in number of packets.
Example
# Display UDP traffic statistics.
<HUAWEI> display udp statistics
Received packets:
Total: 104808
checksum error: 0
shorter than header: 0
data length larger than packet: 0
unicast(no socket on port): 0
broadcast/multicast(no socket on port): 104808
not delivered, input socket full: 0
input packets missing pcb cache: 0
Sent packets:
Total: 4957
Table 7-98 Description of the display udp statistics command output
Item Description
Received packet: Total number of received UDP packets.

Total: Total number of received UDP packets
Total (64bit high-capacity (using the 64-bit counter).
counter):
checksum error: Number of packets with checksum errors.
shorter than header: Number of packets whose length is shorter

than the packet header.
data length larger than packet: Number of packets whose data length is
greater than the packet length.
unicast (no socket on port): Number of unicast packets.
broadcast/multicast (no socket on Number of broadcast and multicast

port): packets.
not delivered, input socket full: Number of packets that are not sent out
because the socket buffer is full.
input packets missing pcb cache: Number of sent packets that are not found
in the PCB cache.

Item Description
Sent packets: Total number of sent UDP packets.

Total: Total number of sent UDP packets (using
Total (64bit high-capacity the 64-bit counter).
counter):
7.10.17 icmp blackhole unreachable send

Function
The icmp blackhole unreachable send command enables the BRAS to send a
Destination Unreachable ICMP packet to an initiator when a tracert packet
matches an IPv4 blackhole route.
The undo icmp blackhole unreachable send command disables the BRAS from
sending a Destination Unreachable ICMP packet to an initiator when a tracert
packet matches an IPv4 blackhole route.
By default, the BRAS is disabled from sending a Destination Unreachable ICMP
packet to an initiator when a tracert packet matches an IPv4 blackhole route.
Format
icmp blackhole unreachable send
undo icmp blackhole unreachable send
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
If static IPv4 blackhole routes are configured on the BRAS and a user goes offline,
only the IPv4 blackhole route corresponding to the user's address segment exists
on the BRAS. When a tracert packet matches the IPv4 blackhole route, the BRAS
discards the packet. As a result, an initiator cannot detect that the user has gone
offline.
After you run the icmp blackhole unreachable send command, the BRAS sends a
Destination Unreachable ICMP packet to an initiator, notifying the initiator that

the user has gone offline if a user goes offline and a tracert packet matches the
IPv4 blackhole route.
Static IPv4 blackhole routes have been configured on the BRAS.
Example
# Enable the BRAS to send a Destination Unreachable ICMP packet to an initiator
when a tracert packet matches an IPv4 blackhole route.
[HUAWEI] icmp blackhole unreachable send
7.10.18 icmp host-unreachable send (interface view)

Function
The icmp host-unreachable send command enables an interface to send ICMP
host unreachable packets.
The undo icmp host-unreachable send command disables an interface from

sending ICMP host unreachable packets.
By default, an interface can send ICMP host unreachable packets.
Format
icmp host-unreachable send
undo icmp host-unreachable send
Parameters
None
Views
Default Level
Usage Guidelines
The command is used on the interface that receives ICMP packets.
Example
# Enable VLANIF10 to send ICMP host unreachable packets.
[HUAWEI-Vlanif10] icmp host-unreachable send

7.10.19 icmp port-unreachable send
Function
The icmp port-unreachable send command enables the device to send ICMP port
unreachable packets.
The undo icmp port-unreachable send command disables the device from
sending ICMP port unreachable packets.
By default, the device sends ICMP port unreachable packets.
Format
icmp port-unreachable send
undo icmp port-unreachable send
Parameters
None
Views
System view
Default Level
Usage Guidelines
After the function of sending ICMP port unreachable packets is disabled, the
device does not send ICMP port unreachable packets. This can reduce the number
of ICMP packets on the network and reduce the workload on the peer device.
Example
# Enable the device to send ICMP port unreachable packets.
[HUAWEI] icmp port-unreachable send
7.10.20 icmp receive
Function
The icmp receive command enables the device to receive ICMP messages.
The undo icmp receive command disables the device from receiving ICMP
messages.
By default, the device receives ICMP messages.

Format
icmp { type icmp-type code icmp-code | name icmp-name | all } receive
undo icmp { type icmp-type code icmp-code | name icmp-name | all } receive
Parameters
type icmp-type Specifies the type number of an ICMP The value is an integer
message. ranging from 0 to 255.
code icmp- Specifies the code of an ICMP message. The value is an integer
code ranging from 0 to 255.
name icmp- Specifies the name of an ICMP The value is a string

name message. The value can be any of the of case-insensitive
following: characters, with
spaces not supported.
● echo The string length
● echo-reply ranges from 1 to 32.
● fragmentneed-DFset
● host-redirect
● host-tos-redirect
● host-unreachable
● information-reply
● information-request
● net-redirect
● net-tos-redirect
● net-unreachable
● parameter-problem
● port-unreachable
● protocol-unreachable
● reassembly-timeout
● source-quench
● source-route-failed
● timestamp-reply
● timestamp-request
● ttl-exceeded
all Specifies all ICMP packets. -
Views
System view

Default Level
Usage Guidelines
Usage Scenario
The undo icmp receive command can be used to disable the device from
receiving ICMP messages for the purpose of improving network performance or
enhancing network security.
● On secure networks, the device can normally receive ICMP messages. In the
case of heavy traffic on the network, if hosts or ports are frequently
unreachable, the device will receive a large number of ICMP packets, which
causes heavier traffic burdens over the network and degrades the
performance of the device.
● On insecure networks, network attackers often make use of ICMP error
messages to spy on the internal structure of the network.
After the undo icmp receive command is run, the device no longer process ICMP
messages of a certain type, causing the host to fail to ping the device.
Precautions
If the network status is normal and the device is required to receive ICMP
messages, you can run the icmp receive command.
Example
# Disable the device from receiving ICMP messages with the type number being 3
and the code number being 1.
[HUAWEI] undo icmp type 3 code 1 receive
7.10.21 icmp redirect send
Function
The icmp redirect send command enables the system to send ICMP redirection
packets.
The undo icmp redirect send command disables the system from sending ICMP
redirection packets.
By default, the system sends ICMP redirection packets.
Format
icmp redirect send
undo icmp redirect send

Parameters
None
Views
Default Level
Usage Guidelines
The command is used on the interface that receives ICMP packets.
ICMP redirection packets are a type of ICMP control packets. When the device
detects that a host uses a non-optimal route, it sends an ICMP redirection packet
to the host, requesting the host to change the route. The device also sends an
ICMP redirection packet to the destination.
Example
# Enable VLANIF100 to send ICMP redirection packets.
[HUAWEI-Vlanif100] icmp redirect send
7.10.22 icmp ttl-exceeded drop
Function
The icmp ttl-exceeded drop command enables the device to discard the ICMP
packets whose TTL values are 1.
The undo icmp ttl-exceeded drop command disables the device from discarding
the ICMP packets whose TTL values are 1.
By default, the device does not discard the ICMP packets whose TTL values are 1.
Format
icmp ttl-exceeded drop
undo icmp ttl-exceeded drop
Parameters
None
Views
System view

Default Level
Usage Guidelines
When the device receives a large number of IGMP packets, the function enables
the device to discard some ICMP packets to reduce the workload on the device.
Example
# Enable the device to discard the ICMP packets whose TTL values are 1.
[HUAWEI] icmp ttl-exceeded drop
7.10.23 icmp ttl-exceeded send

Function
The icmp ttl-exceeded send command enables an interface to send ICMP Time
Exceeded messages.
The undo icmp ttl-exceeded send command disables an interface from sending
ICMP Time Exceeded messages.
By default, an interface is enabled to send ICMP Time Exceeded messages.
Format
icmp ttl-exceeded send
undo icmp ttl-exceeded send
Parameters
None
Views
Default Level
Usage Guidelines
By default, an interface replies with an ICMP Time Exceeded message after it
receives a message with TTL 1. The interface adds its IP address as the source IP
address in the ICMP Time Exceeded message, exposing the interface itself to
attackers. In addition, after being attacked, the interface replies with numerous
ICMP Time Exceeded messages, consuming CPU resources and degrading system
performance. To resolve these problems, run the undo icmp ttl-exceeded send

command to disable the interface from replying with ICMP Time Exceeded
messages.
Example
# Disable VLANIF 10 from sending ICMP Time Exceeded messages.
[HUAWEI-Vlanif10] undo icmp ttl-exceeded send
7.10.24 icmp unreachable drop
Function
The icmp unreachable drop command enables the function of discarding ICMP
destination unreachable packets.
The undo icmp unreachable drop command disables the function of discarding
the ICMP destination unreachable packets.
By default, the function of discarding ICMP destination unreachable packets is

disabled.
Format
icmp unreachable drop
undo icmp unreachable drop
Parameters
None
Views
System view
Default Level
Usage Guidelines
After the function is enabled on the device, the device discards some ICMP
packets. This reduces the workload on the device.
Example
# Enable the function of discarding ICMP destination unreachable packets.
[HUAWEI] icmp unreachable drop

7.10.25 icmp with-options drop

Function
The icmp with-options drop command enables the device to discard ICMP
packets that carry options.
The undo icmp with-options drop command disables the device from discarding
ICMP packets that carry options.
By default, the device does not discard ICMP packets that carry options.
Format
icmp with-options drop
undo icmp with-options drop
Parameters
None
Views
System view
Default Level
Usage Guidelines
When the device receives a large number of ICMP packets, the function enables
the device to discard some ICMP packets to reduce the workload on the device.
Example
# Enable the device to discard the ICMP packets that carry options.
[HUAWEI] icmp with-options drop
7.10.26 icmp-reply fast

Function
The icmp-reply fast command enables the fast ICMP reply function on a wireless
access point.
The undo icmp-reply fast command disables the fast ICMP reply function on a
By default, the fast ICMP reply function is enabled on a wireless access point.
The AD9431DN-24X does not support this command.

Format
icmp-reply fast
undo icmp-reply fast
Parameters
None
Views
System view
Default Level
Usage Guidelines
After the fast ICMP reply function is enabled on a wireless access point, the
wireless access point quickly responds to received ICMP echo request packets
destined for its own address.
After the fast ICMP reply function is enabled on a wireless access point, the
wireless access point responds to ICMP echo packets quickly in the following
situation:
● The wireless access point does not have the ARP entry of the device that
initiates the ping. However, the wireless access point cannot learn the ARP
entries of this device in this case.
Example
# Enable the fast ICMP reply function on a wireless access point.
[HUAWEI] icmp-reply fast
7.10.27 ip forward-broadcast
Function
Using the ip forward-broadcast command, you can enable an interface to
forward broadcast packets.
Using the undo ip forward-broadcast command, you can disable an interface
from forwarding broadcast packets.
By default, disable the interface from forwarding broadcast packets.
Format
ip forward-broadcast [ acl acl-number ]
undo ip forward-broadcast

Parameters
acl acl-number Specifies the number of The value is an integer

3999.
● The number of a basic
ACL ranges from 2000
to 2999.
● The number of an
advanced ACL ranges
from 3000 to 3999.
Views
Default Level
Usage Guidelines
The ip forward-broadcast command can not be used on Layer 2 interfaces.
Example
# Enable VLANIF100 to forward broadcast packets.
[HUAWEI-Vlanif100] ip forward-broadcast
7.10.28 ip soft-forward enhancement disable

Function
The ip soft-forward enhancement disable command disables the enhanced
forwarding function for control packets generated by the device.
The undo ip soft-forward enhancement disable command enables the enhanced
forwarding function for control packets generated by the device.
By default, the enhanced forwarding function is enabled for control packets
generated by the device.
The AD9431DN-24X does not support this command.
Format
ip soft-forward enhancement disable

undo ip soft-forward enhancement disable
Parameters
None.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
You can configure forwarding policies (such as QoS policies) for data packets to
implement differentiated services. In some scenarios, you may need to manage
control packets generated by the device to process different control packets. For
example, carriers have limited the bandwidth of data packets through QoS policies
and also want to limit the bandwidth of control packets. In this situation, QoS
policies take effect only for data packets. You can configure the enhanced
forwarding function to make QoS policies take effect for control packets.
Currently, the enhanced forwarding function is valid only for the control packets
generated by the device but not for the control packets forwarded by other
devices.
You can run the undo ip soft-forward enhancement disable command to enable
the enhanced forwarding function for control packets generated by the device.
Follow-up Procedures
After enabling the enhanced forwarding function on the device, you can perform
some configurations on the control packets generated by the device. For example,
you can configure different QoS policies for different types of packets generated
by the device.
Example
# Disable the enhanced forwarding function for control packets generated by the
device.
[HUAWEI] ip soft-forward enhancement disable
7.10.29 ip verify source-address

Function
The ip verify source-address command enables an interface to check validity of
source IP addresses of received packets.
The undo ip verify source-address command disables an interface from checking
validity of source IP addresses of received packets.

By default, an interface does not check validity of source IP addresses of received

packets.
Format
ip verify source-address
undo ip verify source-address
Parameters
None
Views
Default Level
Usage Guidelines
The following IP addresses are illegal source addresses:
● Addresses with all 0s or 1s
● Multicast addresses (class D addresses)
● Class E addresses
● Loopback addresses that are not generated on local hosts (in 127.x.x.x
format)
● Broadcast addresses of classes A, B, and C
● Subnet broadcast addresses that are on the same network segment as the
address of the inbound interface
Run the display this command in the VLANIF interface view to check
configuration of checking validity of source IP addresses.
The interface only checks validity of source IP addresses of the packets that are
forwarded to the CPU and does not check validity of source IP addresses of the
packets that will be directly forwarded according to the FIB table.
Example
# Enable VLANIF100 to check validity of source addresses of received packets.
[HUAWEI-Vlanif100] ip verify source-address
7.10.30 reset ip socket monitor

Function
The reset ip socket monitor command clears information in a socket monitor.

Format
reset ip socket monitor [ task-id task-id socket-id socket-id ]
Parameters

task-id task-id Clears information about the task The value is an integer
with a specified ID in the socket ranging from 1 to 150
monitor.
socket-id socket-id Clears information about the The value is an integer
socket with a specified ID in the ranging from 1 to
socket monitor. 131072.
Views
User view
Default Level
3: Management level
Usage Guidelines
You can specify the task ID and socket ID for deleting information about the
socket monitor that meets the filtering condition.
Example
# Clear information in a socket monitor.
<HUAWEI> reset ip socket monitor
7.10.31 load-balance (system view)
Function
The load-balance command enables the per-packet load balancing mode of IP
Packet Forwarding.
The undo load-balance command restores the default configuration.
The default load balancing mode of IP Packet Forwarding is per-flow.
Format
load-balance { flow | packet } [ all ]
undo load-balance packet [ all ]

Parameters
flow Indicates flow-based load balancing. -
packet Indicates packet-based load balancing. -
all Configure per-flow load balancing on the local device. -
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The per-flow load balancing mode does not prevent packet loss in some services,
such as a voice service that has fixed source and destination IP addresses.
Therefore, if the per-flow load balancing mode does not meet the service
reliability requirement, run the load-balance packet command to enable the per-
packet load balancing mode.
If packet-based load balancing is used, packets are forwarded through different

links. Packet-based load balancing can only be performed on packets that are sent
to the CPU for software forwarding.
This command takes effect for packets delivered by hosts and those processed by
the CPU.
Example
# Configure packet-based load balancing for IP packet forwarding.
[HUAWEI] load-balance packet
7.10.32 reset ip socket pktsort
Function
The reset ip socket pktsort command resets statistics on the dual receive buffer
of the socket.
Format
reset ip socket pktsort task-id task-id socket-id socket-id

Parameters
task-id task-id Specifies the ID of a task. The value is an integer ranging
from 1 to 150.
socket-id socket-id Specifies the ID of a The value is an integer range
socket. from 1 to 131072.
Views
User view
Default Level
3: Management level
Usage Guidelines
This command resets statistics on the dual receive buffer of the socket and thus
the count restarts. Therefore, confirm the action before you use the command.
Example
# Reset statistics on the dual receive buffer of the socket with the task ID of 2 and
the socket ID of 6.
<HUAWEI> reset ip socket pktsort task-id 2 socket-id 6
7.10.33 reset ip statistics
Function
The reset ip statistics command clears IP traffic statistics on an interface.
Format
reset ip statistics [ interface interface-type interface-number ]
Parameters
interface interface-type Specifies the type and ID of an interface. If no -
interface-number optional parameter is specified, all the IP
statistics will be deleted.
Views
User view

Default Level
3: Management level
Usage Guidelines
To collect IP traffic statistics on an interface in a period of time, you must clear the
existing traffic statistics and collect IP statistics after a period of time. Run the
display ip statistics command to display information.
If no parameter is specified, the command clears IP traffic statistics on all boards.
Example
# Clear IP statistics on all interfaces.
<HUAWEI> reset ip statistics
7.10.34 reset rawip statistics
Function
The reset rawip statistics command clears RawIP packet statistics.
Format
reset rawip statistics
Parameters
None
Views
user view
Default Level
3: Management level
Usage Guidelines
The reset rawip statistics command clears RawIP packet statistics. Confirm your
action before running this command.
Example
# Clear RawIP packet statistics.
<HUAWEI> reset rawip statistics

7.10.35 reset tcp statistics
Function
The reset tcp statistics command deletes TCP traffic statistics.
Format
reset tcp statistics
Parameters
None
Views
User view
Default Level
3: Management level
Usage Guidelines
The reset tcp statistics command deletes TCP traffic statistics. Confirm your
Example
# Delete TCP traffic statistics.
<HUAWEI> reset tcp statistics
7.10.36 reset udp statistics
Function
The reset udp statistics command deletes UDP traffic statistics.
Format
reset udp statistics
Parameters
None
Views
User view

Default Level
3: Management level
Usage Guidelines
The reset udp statistics command deletes UDP traffic statistics. Confirm your
Example
# Delete UDP traffic statistics.
<HUAWEI> reset udp statistics
7.10.37 snmp-agent trap enable feature-name tcp

Function
The snmp-agent trap enable feature-name tcp command enables the trap
function for the TCP module.
The undo snmp-agent trap enable feature-name tcp command disables the
trap function for the TCP module.
By default, the trap function is disabled for the TCP module.
Format
snmp-agent trap enable feature-name tcp [ trap-name hwtcpmd5authenfail ]
undo snmp-agent trap enable feature-name tcp [ trap-name
hwtcpmd5authenfail ]
Parameters
trap-name Enables the traps of TCP events of specified types. -
hwtcpmd5authenfail Indicates that the TCP MD5 authentication fails. It -
is an excessive trap.
Views
System view
Default Level
Usage Guidelines
If you do not specify trap-name, all traps of the TCP module will be enabled.

Example
# Enables the TCP MD5 authentication fails trap of TCP module.
[HUAWEI] snmp-agent trap enable feature-name tcp trap-name hwtcpmd5authenfail
7.10.38 tcp adjust-mss

Function
The tcp adjust-mss command sets the maximum segment size (MSS) of TCP
packets on an interface.
The undo tcp adjust-mss command deletes the configured MSS of TCP packets.
By default, the MSS of TCP packets is not set on the interface.
Format
tcp adjust-mss value
undo tcp adjust-mss
Parameters
value Specifies the MSS of TCP The value is an integer

packets on an interface. that ranges from 128 to
2048, in bytes.
Views
ETH interface view, GE interface view, XGE interface view, MultiGE interface view,
Eth-Trunk interface view, VLANIF interface view, WAN view
Default Level
Usage Guidelines
Usage Scenario
The MSS of TCP packets is an option defined in TCP. It refers to the maximum
length of a TCP packet segment that can be received by the peer device. When
establishing the TCP connection, the local and peer ends negotiate the MSS value
to determine the maximum data length of TCP packets. If the length of a TCP
packet sent by the peer device exceeds the negotiated MSS, the TCP packet is
fragmented.
Precautions

● To prevent TCP packets from being fragmented, you must configure a proper
MSS based on the maximum transmission unit (MTU). The MTU is the option
to determine whether IP packets will be fragmented. If the size of an IP
packet exceeds the MTU, the IP packet will be fragmented. To ensure that a
complete packet is transmitted properly, the MSS value plus all the header
lengths (TCP header and IP header) cannot exceed the MTU. For example, a
CAPWAP-encapsulation TCP packet consists of an outer IP header (20 bytes),
a UDP header (8 bytes), a CAPWAP header (8 bytes), an ETH header (18
bytes), an inner IP header (20 bytes), a TCP header (20 bytes), and TCP data.
If the default MTU is 1500 on the device, the MSS value can be set to a
maximum of 1406 bytes so that the CAPWAP-encapsulated TCP packet is not
fragmented by the device. In case that the CAPWAP header or TCP header
carries option fields, it is recommended that you set the MSS to 1380 bytes.
● The tcp adjust-mss command does not only take effect for the wireless
access point functioning as the client or server used for TCP connections.
When another device functions as the client to perform MSS negotiation
through the wireless access point, the negotiation result is modified based on
the MSS configured on the wireless access point. In addition, the MSS value is
changed to the value configured using the tcp adjust-mss command only
when the MSS value received by the wireless access point is larger than the
value configured using the tcp adjust-mss command executed on the wireless
access point.
● If you run the tcp adjust-mss multiple times in the same interface view, only
the latest configuration takes effect.
Example
# Set the MSS of TCP packets on VLANIF100 to 1200 bytes.
[HUAWEI-Vlanif100] tcp adjust-mss 1200
7.10.39 tcp max-mss

Function
The tcp max-mss command sets the maximum MSS value for a TCP connection.
The undo tcp max-mss command deletes the maximum MSS value of a TCP
connection.
By default, the maximum MSS value is not configured for TCP connections.
Format
tcp max-mss mss-value
undo tcp max-mss

Parameters
mss-value Specifies the maximum MSS The value is an integer ranging
value for a TCP connection. from 32 to 9600, in bytes.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To establish a TCP connection, the MSS value is negotiated, which indicates the
maximum length of packets that the local device can receive. This length is the
TCP payload length, excluding that of the TCP header. If the path MTU is
unavailable on one end of a TCP connection, this end cannot adjust the TCP
packet size based on the MTU. As a result, this end may send TCP packets that are
longer than the MTUs on intermediate devices, which will discard these packets.
To prevent this problem, run the tcp max-mss command on either end of a TCP
connection to set the maximum MSS value of TCP packets. Then the MSS value
negotiated by both ends will not exceed this maximum MSS value, and
accordingly TCP packets sent from both ends will not be longer than this
maximum MSS value and can travel through the intermediate network.
Precautions
The maximum MSS value configured using the tcp max-mss command must be
greater than the minimum MSS value configured using the tcp min-mss
command.
Example
# Set the maximum MSS value for a TCP connection to 1024 bytes.
[HUAWEI] tcp max-mss 1024
7.10.40 tcp min-mss

Function
The tcp min-mss command sets the minimum value of maximum segment size
(MSS) for a TCP connection.
The undo tcp min-mss command restores the default minimum value of the MSS
for a TCP connection.
The default minimum MSS value for a TCP connection is 216 bytes.

Format
tcp min-mss mss-value
undo tcp min-mss
Parameters

mss-value Specifies the minimum MSS The value ranges from 32 byte to
value for a TCP connection. 1500 bytes. By default, the value is
216 bytes.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
To establish a TCP connection, the MSS value is negotiated, which indicates the
maximum length of packets that the local device can receive. The TCP client on a
network may send a request packet for establishing a TCP connection carrying a
small MSS value. For example, the MSS value is 1. After the TCP server receives
the request packet carrying the MSS value, the TCP connection is established. The
TCP client then may send large numbers of requests to the server by an
application, causing the TCP server to generate large numbers of reply packets.
This may burden the TCP server or network, causing denial of service (DoS)
attacks. To resolve this problem, run the tcp min-mss command to set the
minimum MSS value for a TCP connection. This configuration prevents a server
from receiving packets carrying a small MSS value.
Precautions
If the tcp min-mss command is run more than once in the same view, the latest
configuration overrides the previous one.
Configure the parameters under the guidance of the technical personnel.
Example
# Set the minimum MSS value for a TCP connection to 512 bytes.
[HUAWEI] tcp min-mss 512

7.10.41 tcp timer fin-timeout
Function
The tcp timer fin-timeout command configures the value of the TCP FIN-Wait
timer.
The undo tcp timer fin-timeout command restores the default value of the TCP
FIN-Wait timer.
By default, the value of the TCP FIN-Wait timer is 675s.
Format
tcp timer fin-timeout interval
undo tcp timer fin-timeout
Parameters
interval Specifies the value of the The value is an integer that ranges
TCP FIN-Wait timer. from 76 to 3600, in seconds. The
default value is 675s.
Views
System view
Default Level
Usage Guidelines
When a TCP connection changes from FIN_WATI_1 to FIN_WAIT_2, the TCP FIN-
Wait timer is started. If no response packet is received after the TCP FIN-Wait
timer expires, the TCP connection is closed.
If you run this command in the same view for multiple times, only the last
You are advised to configure this parameter under the supervision of technical
support personnel.
Example
# Set the value of the TCP FIN-Wait timer to 400s.
[HUAWEI] tcp timer fin-timeout 400

7.10.42 tcp timer syn-timeout
Function
The tcp timer syn-timeout command configures the value of the TCP SYN-Wait
timer.
The undo tcp timer syn-timeout command restores the default value of the TCP
SYN-Wait timer.
By default, the value of the TCP SYN-Wait timer is 75s.
Format
tcp timer syn-timeout interval
undo tcp timer syn-timeout
Parameters
interval Specifies the value of the The value is an integer ranging from
TCP SYN-Wait timer. 2 to 600, in seconds. The default
value is 75s.
Views
System view
Default Level
Usage Guidelines
When an SYN packet is sent, the TCP SYN-Wait timer is started. If no response
packet is received after the TCP SYN-Wait timer expires, the TCP connection is
closed.
support personnel.
Example
# Set the value of the TCP SYN-Wait timer to 100s.
[HUAWEI] tcp timer syn-timeout 100

7.10.43 tcp window

Function
The tcp window command configures the size of the receive or send buffer of a
connection-oriented socket.
The undo tcp window command restores the default size of the receive or send
buffer of a connection-oriented socket.
By default, the size of the receive or send buffer of a connection-oriented socket is
8K bytes.
Format
tcp window window-size
undo tcp window
Parameters
window-size Specifies the size of the receive The value is an integer that ranges
or send buffer of a connection- from 1 to 32, in K bytes. The
oriented socket. default value is 8K bytes.
Views
System view
Default Level
Usage Guidelines
support personnel.
Example
# Set the size of the receive or send buffer of a connection-oriented socket to 3K
bytes.
[HUAWEI] tcp window 3
7.11 IP Routing Basic Configuration Commands

7.11.1 display fib

Function
The display fib command displays information about the FIB table.
Format
display fib [ slot-id ] [ verbose ]
Parameters
slot-id The value is an integer and the
Displays information about the FIB
value range depends on the
table with a specified slot ID.
device configuration.
verbose Displays detailed information -
about the FIB table.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The display fib command displays information about the FIB table. Each row
represents a route.
NOTE
If there are lots of routes, using wildcard (|, begin, exclude, include, regular-expression) to
display information or details lasts a long time. You can press Ctrl+C to terminate information
display.
Example
# Display brief information about the FIB table.
<HUAWEI> display fib
Route Flags: G - Gateway Route, H - Host Route, U - Up Route
S - Static Route, D - Dynamic Route, B - Black Hole Route
L - Vlink Route
--------------------------------------------------------------------------------
FIB Table:
Total number of Routes : 8
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID

192.168.129.255/32 127.0.0.1 HU t[157] InLoop0 0x0
192.168.129.116/32 127.0.0.1 HU t[157] InLoop0 0x0
255.255.255.255/32 127.0.0.1 HU t[63] InLoop0 0x0
127.255.255.255/32 127.0.0.1 HU t[63] InLoop0 0x0

127.0.0.1/32 127.0.0.1 HU t[63] InLoop0 0x0

127.0.0.0/8 127.0.0.1 U t[63] InLoop0 0x0
192.168.129.0/24 192.168.129.116 U t[157] Vlanif2001 0x0
192.168.0.0/16 192.168.129.1 GSU t[162] Vlanif2001 0x0
# Display detailed information about the FIB table.

<HUAWEI> display fib verbose
Route Flags: G - Gateway Route, H - Host Route, U - Up Route
S - Static Route, D - Dynamic Route, B - Black Hole Route
L - Vlink Route
------------------------------------------------------------------------------
FIB Table:
Total number of Routes : 8
Destination: 192.168.129.255 Mask : 255.255.255.255

Nexthop : 127.0.0.1 OutIf : InLoopBack0
LocalAddr : 127.0.0.1 LocalMask: 0.0.0.0
Flags : HU Age : 243821sec
ATIndex : 0 Slot :0
OriginAs : 0
BGPNextHop : 0.0.0.0 PeerAs : 0
QosInfo : 0x0 OriginQos: 0x0
NexthopBak : 0.0.0.0 OutIfBak : [No Intf]
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0

ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0

ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0

ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0


ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0

Flags :U Age : 243916sec
ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0

Nexthop : 192.168.129.116 OutIf : Vlanif2001
Flags :U Age : 243822sec
ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0

Nexthop : 192.168.129.1 OutIf : Vlanif2001
Flags : GSU Age : 243817sec
ATIndex : 0 Slot :0
OriginAs : 0
EntryRefCount : 0
VlanId : 0x0
BgpKey : 0
BgpKeyBak : 0
Table 7-99 Description of the display fib command output
Item Description
FIB Table FIB table.
Total number of Routes Total number of routes.
Destination/Mask Destination address or mask length.

Item Description
Nexthop Next hop of a route.
Flag Flag of a route, which is the combination of

G, H, U, S, D, and B.
● G: indicates that the next hop is a
gateway.
● H: indicates that the route is a host
route.
● U: indicates that the route status is Up.
● S: indicates a static route.
● D: indicates a dynamic route.
● B: indicates a blackhole route of which
the next hop is a null interface.
● L: indicates a Vlink route.
TimeStamp How long an entry has been in the FIB

table, in seconds.
Interface Outbound interface to the destination

address.
TunnelID Index of a forwarding entry. If the value is

not 0, packets matching the entry are
forwarded by the tunnel. If the value is 0,
packets matching the entry are not
forwarded by the tunnel.
Table 7-100 Description of the display fib verbose command output

Item Description
Destination Destination address.
Mask Mask length.
Nexthop Next hop of a route.
OutIf Outbound interface.
LocalAddr Local IP address.
LocalMask Mask of the local IP address.

Item Description
Flags Flag of a route, which is the

combination of G, H, U, S, D, and B.
● G: indicates that the next hop is a
gateway.
● H: indicates that the route is a host
route.
● U: indicates that the route status is
Up.
● B: indicates a blackhole route of
which the next hop is a null
interface.
● L: indicates a Vlink route.
Age How long a route has been in the FIB

table, in seconds.
ATIndex Index of the virtual link between the

local end and the gateway.
Slot Slot ID of the outbound interface.
OriginAs Original AS number.
BGPNextHop BGP next-hop address.
PeerAs Peer AS number.
QosInfo QoS information.
OriginQos Original QoS information.
NexthopBak Backup next hop.
OutIfBak Backup outbound interface.
EntryRefCount Number of times an entry has been

referenced.
VlanId VLAN ID.
BgpKey Index allocated by BGP.
BgpKeyBak Backup index allocated by BGP.

7.11.2 display fib interface

Function
The display fib interface command displays information about FIB entries with a
specified outbound interface.
Format
display fib interface interface-type interface-number
Parameters
interface-type interface- Specifies the type and number of the outbound -
number interface to a specified destination address.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display FIB entries with a specified outbound interface.
<HUAWEI> display fib interface vlanif10
10.1.1.0/24 10.1.1.2 U t[115] Vlanif10 0x0
Table 7-101 Description of the display fib interface command output

Item Description
Nexthop Next hop.

Item Description
Flag Current flag, which is the combination of G,

H, U, S, D, and B.
● G (gateway route): indicates that the next
hop is a gateway.
● H (host route): indicates that the route is
a host route.
● U (available route): indicates that the
route status is Up.
● B (blackhole route): indicates that the
next hop is a null interface.
TimeStamp Timestamp, which indicates the lifetime of

an entry, in seconds.

address.
TunnelID Index of a forwarding entry. It is used in

packet forwarding between the upstream
and downstream boards. If the value is not 0,
packets matching the entry are forwarded
through the MPLS tunnel. If the value is 0,
forwarded through the MPLS tunnel.
7.11.3 display fib ip-prefix
Function
The display fib ip-prefix command displays information about the FIB table.
Format
display fib ip-prefix prefix-name [ verbose ]
Parameters

prefix-name Specifies the name of an IP prefix The value is a string of 1 to
list. 169 characters.
the FIB table.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The command displays FIB entries that match a specified IP prefix list.
If 0 FIB entries match, the command output displays that zero FIB entries match.
If the name of an IP prefix list is not found, all FIB entries are displayed.
Example
# Display FIB entries matching the IP prefix list abc0.
<HUAWEI> display fib ip-prefix abc0
Route Entry matched by prefix-list abc0
Summary Counts: 4
127.0.0.0/8 127.0.0.1 U t[0] InLoop0 0x0
127.0.0.1/32 127.0.0.1 U t[0] InLoop0 0x0
172.16.0.0/8 10.1.1.1 SU t[0] Vlanif10 0x0
172.16.0.0/15 10.1.1.1 SU t[0] Vlanif10 0x0
Table 7-102 Description of the display fib ip-prefix command output
Item Description
Nexthop Next hop.

H, U, S, D, and B.
hop is a gateway.
a host route.
route status is Up.
TimeStamp Timestamp, which indicates the lifetime of an

entry, in seconds.

address.

Item Description

7.11.4 display fib longer

Function
The display fib longer command displays FIB entries that match a specified
parameter.
The display fib [ slot-id ] destination-address command displays FIB entries that
match a specified destination IP address. If the specified destination IP address
matches an FIB entry in the natural mask range, all the subnets are displayed.
Otherwise, FIB entries are displayed based on the longest matching principle.
The display fib [ slot-id ] destination-address destination-mask command displays
FIB entries that accurately match the destination address and mask.
The display fib [ slot-id ] destination-address longer command displays all FIB
entries that match destination IP addresses in the natural mask range.
The display fib [ slot-id ] destination-address destination-mask longer command
displays all FIB entries that match destination IP addresses in a specified mask
range.
The display fib [ slot-id ] destination-address1 destination-mask1 destination-
address2 destination-mask2 command displays FIB entries that match destination
IP addresses in the range of destination-address1 destination-mask1 to
destination-address2 destination-mask2.
If slot-id is specified, FIB entries on the specified LPU are displayed.
Format
display fib [ slot-id ] destination-address1 [ destination-mask1 ] [ longer ]
[ verbose ]
display fib [ slot-id ] destination-address1 destination-mask1 destination-
address2 destination-mask2 [ verbose ]

Parameters
slot-id Displays information about The value is an integer and the

the FIB table with a value range depends on the
specified slot ID. device configuration.
destination- Indicates destination IP The value is in dotted decimal

address1 address 1. notation.
destination- Indicates subnet mask 1. The value is in dotted decimal

mask1 notation or an integer that
destination- Indicates destination IP The value is in dotted decimal

address2 address 2. notation.
destination- Indicates subnet mask 2. The value is in dotted decimal

mask2 notation or an integer that
longer Displays FIB entries -

matching a specified
network segment or mask.

information about the FIB
table.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display FIB entries that match destination address 172.16.0.0 in the natural
mask range or based on the longest match principle.
<HUAWEI> display fib 172.16.0.0
Route Entry Count: 1
172.16.0.0/16 10.1.1.1 U t[0] Vlanif10 0x0

# Display the FIB entries with the destination addresses in the range of
172.16.0.0/16 to 172.16.0.6/16.
<HUAWEI> display fib 172.16.0.0 255.255.0.0 172.16.0.6 255.255.0.0
Route Entry Count: 1
172.16.0.1/8 10.1.1.1 U t[0] Vlanif10 0x0
Table 7-103 Description of the display fib longer command output

Item Description
Nexthop Next hop.

H, U, S, D, and B.
● G (gateway route): indicates that the
next hop is a gateway.
● H (host route): indicates that the route
is a host route.
route status is Up.
TimeStamp Timestamp, which indicates the lifetime of

an entry, in seconds.

address.

and downstream boards. If the value is not
0, packets matching the entry are
forwarded through the MPLS tunnel. If the
value is 0, packets matching the entry are
not forwarded through the MPLS tunnel.
7.11.5 display fib next-hop

Function
The display fib next-hop command displays FIB entries that match a specified
next-hop IP address.

Format
display fib next-hop ip-address
Parameters
ip-address Specifies the next-hop IP address. The value is in dotted decimal

notation.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display FIB entries that match a specified next-hop IP address.
<HUAWEI> display fib next-hop 10.1.1.1
10.1.1.1/32 10.1.1.1 HU t[115] Vlanif10 0x0
Table 7-104 Description of the display fib next-hop command output
Item Description
Nexthop Next hop.

H, U, S, D, and B.
hop is a gateway.
a host route.
route status is Up.

Item Description
TimeStamp Timestamp, which indicates the lifetime of an

entry, in seconds.

address.

7.11.6 display fib statistics
Function
The display fib statistics command displays the total number of IPv4 FIB entries.
Format
display fib [ slot-id ] statistics [ all ]
Parameters
slot-id Slot ID. The value is an integer and the value
range depends on the device
configuration.
all Displays all FIB entries -

statistics.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None

Example
# Display the total number of FIB entries on the device.
<HUAWEI> display fib statistics
Route Entry Count : 30
Route Prefix Count : 30
# Display statistics about all FIB entries on the SRU.

<HUAWEI> display fib statistics all
IPv4 FIB Total Route Prefix Count : 24; Entry Count : 24
IPv4 FIB Public Route Prefix Count : 22; Entry Count : 22
Table 7-105 Description of the display fib statistics command output

Item Description
Route Entry Count Total number of FIB entries.
Route Prefix Count Total number of route prefix entries.
IPv4 FIB Total Route Prefix Count: Numbers of route prefix entries and FIB
Entry Count: entries.
IPv4 FIB Public Route Prefix Numbers of IP route prefix entries and FIB
Count: Entry Count: entries on a public network.
7.11.7 display ip routing-table

Function
The display ip routing-table command displays information about an IPv4
routing table.
Format
display ip routing-table [ verbose ]
display ip routing-table ip-address [ mask | mask-length ] [ longer-match ]
[ verbose ]
display ip routing-table ip-address { mask | mask-length } nexthop nexthop-
address [ verbose ]
display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2
{ mask2 | mask-length2 } [ verbose ]

Parameters

active routes and inactive routes. If
this keyword is not specified, only
brief information about active routes
is displayed.
ip-address Displays the routes with the specified The value is in dotted
destination address. decimal notation.
nexthop Displays the routes with the specified The value is in dotted
nexthop-address next-hop address. decimal notation.
longer-match Displays the routes with the specified -

destination address and mask.
mask Specifies the mask of the destination The value is in dotted

mask-length Specifies the mask length of the The value is an integer

destination IP address. that ranges from 0 to
32.
ip-address1 Specifies the start IP address in an IP The value is in dotted

address range. ip-address1 and ip- decimal notation.
address2 determine an IP address
range. Only the routes in the IP
address range are displayed.
ip-address2 Specifies the end IP address in an IP The value is in dotted

address range. ip-address1 and ip- decimal notation.
address2 determine an IP address
range. Only the routes in the IP
address range are displayed.
mask1 Specifies the subnet mask of the start The value is in dotted
mask-length1 Specifies the mask length of the start The value is an integer
IP address. that ranges from 0 to
32.
mask2 Specifies the subnet mask of the end The value is in dotted

mask-length2 Specifies the mask length of the end The value is an integer
IP address. that ranges from 0 to
32.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If the verbose keyword is not specified in the display ip routing-table command,
each line in the command output indicates a route, including the destination
address, mask length, protocol, preference, cost, flag, next hop, and outbound
interface of the route.
NOTE
An iterated route is counted as one route regardless of how many outbound interfaces and
next hops the route finds.
Matching rules vary with parameters in the command:

● If the display ip routing-table ip-address command is used, the routes that
longest match the destination address are displayed.
● If the display ip routing-table ip-address mask command is used, the routes
that accurately match the destination address and mask are displayed.
● If the display ip routing-table ip-address longer-match command is used, all
the routes that match the IP address specified by the destination address and
the natural mask are displayed.
● If the display ip routing-table ip-address mask longer-match command is
used, all the routes that match the IP address specified by the destination
address and the input mask are displayed.
● If the display ip routing-table ip-address1 mask1 ip-address2 mask2
command is used, the routes whose destination address ranges from ip-
address1 mask1 to ip-address2 mask2 are displayed.
Example
# Display brief information about the current IPv4 routing table. The command
output shows that there are two static routes with the same destination address
10.1.1.1/32 but different next hops.
<HUAWEI> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public Destinations : 8 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0

Static 60 0 D 10.0.0.2 Vlanif100
10.0.0.0/24 Direct 0 0 D 10.0.0.1 Vlanif100
10.0.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif100
10.0.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif100
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
Table 7-106 Description of the display ip routing-table command output

Item Description
Route Flags Flag of a route:

● R: indicates that the route is an iterated
route.
● D: indicates that the route is delivered to
the FIB table.
Routing Tables: Public The routing table is a public routing table.

If the routing table is a private routing
table, a private network name is displayed,
for example, Routing Tables: ABC.
Destinations Total number of destination networks or

hosts.
Routes Total number of routes.
Destination/Mask Address and mask length of the destination

network or host.
Proto Routing protocol that learns a route:

● Direct: direct route
● Static: static route
Pre Preference of a route.
Cost Cost of a route.
Flags Route flags in the heading of the routing

table.
NextHop Next-hop address of a route.
Interface Outbound interface through which the next

hop of a route is reachable.
# Display brief information about the current routing table. Route 10.2.2.2/32 is a
static route with next hop 10.1.1.1. This route is an iterated route and has two
outbound interfaces because 10.1.1.1 has two outbound interfaces.
<HUAWEI> display ip routing-table
------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 9 Routes : 11
10.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0

Static 60 0 D 10.0.0.2 Vlanif100
10.2.2.2/32 Static 60 0 RD 10.1.1.1 NULL0
Static 60 0 RD 10.1.1.1 Vlanif100
10.10.0.0/24 Direct 0 0 D 10.0.0.1 Vlanif100
10.10.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif100
10.0.0.255/32 Direct 0 0 D 127.0.0.1 Vlanif100
# Display detailed information about the IPv4 routing table.

<HUAWEI> display ip routing-table verbose
------------------------------------------------------------------------------ Routing Tables: Public
Destination: 10.0.0.36/32
Protocol: Direct Process ID: 0
Preference: 0 Cost: 0
NextHop: 127.0.0.1 Neighbour: 0.0.0.0
State: Active Adv Age: 01h03m56s
Tag: 0 Priority: high
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: InLoopBack0
TunnelID: 0x0 Flags: D
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: Vlanif10
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: Vlanif10
Destination: 10.35.36.255/32
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: Vlanif10 TunnelID: 0x0 Flags: D


State: Active NoAdv Age: 3d01h20m39s
IndirectID: 0x0
IndirectID: 0x0
Destination: 127.255.255.255/32
IndirectID: 0x0
Destination: 255.255.255.255/32
IndirectID: 0x0
Table 7-107 Description of the display ip routing-table verbose command output

Item Description

route.
the FIB table.
Destinations Total number of destination networks or

hosts.
Routes Total number of active routes and inactive

routes.
Destination Address and mask length of the destination

network or host.
Protocol Routing protocol of a route.
Process ID Routing protocol process ID of a route.

Item Description
Preference Preference of a route.
NextHop Next-hop address of a route.
Neighbour Neighbor address of a route.
State Status of a route:

● Active: active route
● Invalid: invalid route
● Inactive: inactive route
● NoAdv: route that cannot be advertised
● Adv: route that can be advertised
● Del: route to be deleted
● Relied: route iterated to an outbound
interface and a next hop or route
iterated to a tunnel
● Stale: route that is marked Stale and
used in GR
Age Lifetime of a route.
Tag Routing management tag. The value is an

integer that ranges from 0 to 4294967295.
Priority Convergence priority of route:

● low
● medium
● high
● critical
Label Label allocated by MPLS.
QoSInfo QoS information. The value 0x0 indicates

that QoS information is empty.
IndirectID ID of indirect next hop.
RelayNextHop Iterated next-hop address.
Interface Outbound interface.
Tunnel ID Tunnel ID.

table.

7.11.8 display ip routing-table protocol

Function
The display ip routing-table protocol command displays routing information
about a specified routing protocol.
Format
display ip routing-table protocol protocol [ inactive | verbose ]
display ip routing-table protocol unr [ type unr-type ] [ inactive | verbose ]
Parameters
protocol Displays routing information about the -

specified routing protocol:
● direct: displays direct routes.
● static: displays static routes.
● unr: displays user network routes.
type unr-type Displays the information about user The value of unr-type
network routes of a specified type. can be set only to
aaa-download.
inactive Displays brief information about inactive -

routes only.

active routes and inactive routes.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If neither verbose nor inactive is specified, brief information about all the routes
of each routing protocol is displayed.
Example
# Display brief information about all direct routes.

<HUAWEI> display ip routing-table protocol direct

------------------------------------------------------------------------------
Public routing table : Direct
Direct routing table status : <Active>

10.137.216.0/23 Direct 0 0 D 10.137.217.210 Vlanif100

10.137.217.210/32 Direct 0 0 D 127.0.0.1 Vlanif100
10.137.217.255/32 Direct 0 0 D 127.0.0.1 Vlanif100
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0
0 D 127.0.0.1 InLoopBack0
Direct routing table status : <Inactive>

Table 7-108 Description of the display ip routing-table protocol command output

Item Description

route.
the FIB table.
Public routing table Contents of a public routing table:

● direct: displays direct routes.
● static: displays static routes.
● unr: displays user network routes.
Direct routing table status Status of direct routes:

● Inactive: inactive routes in the routing
table
● Active: active routes in the routing table
Destinations Total number of destination addresses.
Routes Total number of routes in the routing table.
Proto Routing protocol of a route.
Pre Routing protocol preference of a route.

table.
Nexthop Next-hop address of a route.

Item Description
Interface Outbound interface of a route.
7.11.9 display ip routing-table statistics
Function
The display ip routing-table statistics command displays statistics about routes
in an IPv4 routing table.
Format
display ip routing-table statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Route statistics include:
● Total number of routes that are added or deleted through routing protocols
● Number of active or inactive routes that are labeled for deletion but are not
deleted
Example
# Display statistics about routes in an IPv4 routing table.
<HUAWEI> display ip routing-table statistics
Summary Prefixes: 9
Proto total active added deleted freed
routes routes routes routes routes
DIRECT 6 6 42 36 36
STATIC 3 3 21 18 18
UNR 0 0 0 0 0
Total 9 9 63 54 54

Table 7-109 Description of the display ip routing-table statistics command output

Item Description
Total number of prefixes in the current

Summary Prefixes routing table.
Proto Routing protocol type:

● direct: direct route
● static: static route
● unr: user network route
total routes Total number of routes that a routing protocol

learns in the routing table, including active
and inactive routes.
active routes Number of active routes that a routing

protocol learns in the routing table.
added routes Number of active and inactive routes that are

added to the routing table through a routing
protocol.
deleted routes Number of routes to be deleted from the

routing table.
freed routes Number of routes that are permanently

deleted from the routing table.
7.11.10 display ip routing-table time-range

Function
The display ip routing-table time-range command displays information about
routes generated in a specified time range in an IP routing table.
Format
display ip routing-table time-range min-age max-age [ verbose ]

Parameters
min-age Specifies the end The value is in xxdxxhxxmxxs format.
time of the period
when routes are ● d indicates days. The value is an integer
generated. that ranges from 0 to 10000.
● h indicates hours. The value is an integer
that ranges from 0 to 23.
● m indicates minutes. The value is an
● s indicates seconds. The value is an integer
For example, you can enter 5d4h30m20s to
specify 5 days, 4 hours, 30 minutes, and 20
seconds.
NOTE
If the value of d is 10000, the values of h, m, and s
can only be 0.
max-age Specifies the start The value is in xxdxxhxxmxxs format.

time of the period
when routes are ● d indicates days. The value is an integer
generated. that ranges from 0 to 10000.
● h indicates hours. The value is an integer
● m indicates minutes. The value is an
● s indicates seconds. The value is an integer
For example, you can enter 5d4h30m20s to
specify 5 days, 4 hours, 30 minutes, and 20
seconds.
NOTE
If the value of d is 10000, the values of h, m, and s
can only be 0.

information about
active and inactive
routes. If you do not
specify this
parameter, the
display ip routing-
table time-range
command displays
only brief
information about
active routes.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
If route flapping occurs on a network, you can run the display ip routing-table
time-range command and specify a small time range for the command. You can
then find the flapping route rapidly and accelerate fault location.
Precautions
max-age must be larger than min-age. Otherwise, the display ip routing-table

time-range command does not display any information.
If max-age is larger than min-age but no route was generated within this time
range, the display ip routing-table time-range command displays only the table
heading.
Example
# Display information about public network routes generated in the last 20
minutes.
<HUAWEI> display ip routing-table time-range 0 20m
------------------------------------------------------------------------------
3.3.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack1

4.4.4.0/24 Static 60 0 D 0.0.0.0 NULL0
Table 7-110 Description of the display ip routing-table time-range command

output
Item Description
Route Flags Route flags:

● R: The route is an iterated route.
● D: The route is sent to the FIB table.
Routing Tables: Public The routing table is a public routing table.
Destinations Number of destination networks and hosts.
Routes Number of routes.

Item Description
Destination/Mask Address and mask length of the destination

network and host.
Proto Protocol used to learn routes.
Pre Route preference.
Cost Route cost.

table.
NextHop Next hop.
Interface Outbound interface in a route with a

reachable next hop.
# Display detailed information about public network routes generated in the last
20 minutes.
<HUAWEI> display ip routing-table time-range 0 20m verbose
------------------------------------------------------------------------------
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: LoopBack1
Protocol: Static Process ID: 0
Tag: 0 Priority: medium
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: NULL0
Protocol: Static Process ID: 0
State: Invalid Adv Relied Age: 00h01m38s
Tag: 0 Priority: medium
IndirectID: 0x80000002
RelayNextHop: 0.0.0.0 Interface: NULL0
TunnelID: 0x0 Flags: R

Table 7-111 Description of the display ip routing-table time-range verbose

command output
Item Description
Process ID Process ID of the routing protocol.
Preference Route preference.
Cost Route cost.
NextHop Next hop.
Neighbour IP address of a neighbor. 0.0.0.0 indicates

that the route is generated by a local
device.
State Route status:

● Active: an active route
● Invalid: an invalid route
● Inactive: an inactive route
● NoAdv: a route that cannot be
advertised
● Adv: a route that can be advertised
● Del: a route to be deleted
● Relied: a route that is iterated to the
next hop and outbound interface or a
tunnel
● Stale: a route with the Stale flag and
used in GR
Age Time after the route is generated.
Tag Administrative tag of the route. The value is

an integer that ranges from 0 to
4294967295.
Priority Convergence priority of the route:

● low: The convergence priority of a route
is low.
● medium: The convergence priority of a
route is medium.
● high: The convergence priority of a route
is high.
● critical: The convergence priority of a
route is critical.
Label MPLS label.
QoSInfo QoS information. 0x0 indicates QoS

information is empty.
IndirectID ID of the indirect next hop.

Item Description
RelayNextHop Iterated next hop.
Interface Iterated outbound interface.
Tunnel ID Tunnel ID:

● The value 0x0 indicates that the route
does not use a tunnel or the tunnel fails
to be set up.
● If the value is not 0x0, the route is
iterated to a tunnel.

table.
7.11.11 display rm interface
Function
The display rm interface command displays routing management (RM)
information on an interface.
Format
display rm interface [ interface-type interface-number ]
display rm interface [ ip-address ip-address ]
Parameters

interface-type interface- Displays RM information on the -
number specified interface.
ip-address ip-address Displays RM information on the The value is in
interface with the specified dotted decimal
destination address. notation.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can use this command to view IPv4 RM information on an interface, including
information about physical and logical interfaces of the interface. This information
helps locate routing problems.
Example
# Display RM information on interfaces.
<HUAWEI> display rm interface
Name: InLoopBack0
Physical IF Info:
IfnetIndex: 0x1
State: UP LOOP MULT
Slot: 0(Logic Slot: 0)
IntType: 26, PriLog: 1, MTU: 1500, Reference Count 16
Bandwidth: 0, 0
Baudrate: 0, 0
Delay: 0, Reliability: 0, Load: 0
LDP-ISIS sync capability: disabled
LDP-OSPF sync capability: disabled
InstanceID: 0, Instance Name: Public
Age: 20601sec
Logical IF Info:
IfnetIndex: 0x1, PhyIndex: 1 Logical Index : 1,
Dest: 127.0.0.1, Mask: 255.0.0.0
State: UP LOOP PRM MULT , Reference Count 14
Age: 20601sec
......
Table 7-112 Description of the display rm interface command output
Item Description
Name Name of the interface.
Physical IF Info Physical interface information.
IfnetIndex Network segment index of the interface.
State Current interface status.
Hardware Address MAC address of the interface.
Slot Slot ID of the interface.
IntType Type of the interface.
PriLog Index of the primary logical interface.
MTU Maximum transmission unit (MTU) of the

interface.
Reference Count Number of times the interface is

referenced.
Bandwidth Bandwidth of the interface.
Baudrate Baud rate of the interface.

Item Description
Delay Link delay.
Reliability Link reliability.
Load Link load.
LDP-ISIS sync capability Whether synchronization between LDP and

IS-IS is enabled:
● enabled: indicates that synchronization
is enabled.
● disabled: indicates that synchronization
is disabled.
LDP-OSPF sync capability Whether synchronization between LDP and

OSPF is enabled:
● enabled: indicates that synchronization
is enabled.
● disabled: indicates that synchronization
is disabled.
InstanceID Instance ID.
Instance Name Instance name.
Logical IF Info Logical interface information.
PhyIndex Physical interface index.
Logical Index Logical interface index.
Dest Destination address.
Mask Mask of the destination address.
Age Lifetime of the displayed information.
7.11.12 display route resource
Function
The display route resource command displays statistics about IPv4 and IPv6 route
prefixes in the routing table.
Format
display route resource
Parameters
None

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To check statistics about IPv4 and IPv6 route prefixes in the routing table, run the
display route resource command.
Example
# Display statistics about IPv4 and IPv6 route prefixes in the routing table.
<HUAWEI> display route resource
Total number of IPv4 Prefixes: 16
Total number of IPv6 Prefixes: 13
Table 7-113 Description of the display route resource command output
Item Description
Total number of IPv4 Prefixes Current number of IPv4 route prefixes
Total number of IPv6 Prefixes Current number of IPv6 route prefixes
7.11.13 reset ip routing-table statistics protocol
Function
The reset ip routing-table statistics protocol command clears route statistics in
an IPv4 routing table.
Format
reset ip routing-table statistics protocol { all | protocol }
Parameters
all Clears route statistics of all routing protocols in an IPv4 -

routing table.
protocol Clears route statistics of the specified routing protocol in an -

IPv4 routing table. This parameter can be one of the
following: direct, static, and unr.

Views
User view
Default Level
Usage Guidelines
Usage Scenario
You can use this command to clear route statistics in an IPv4 routing table,
including statistics about the routes added, deleted, and released by each routing
protocol. Subsequently, the system can collect route statistics of each routing
protocol again to monitor route changes and locate network faults.
Precautions
IPv4 route statistics cannot be restored after being cleared. Exercise caution when
you use this command.
Example
# Clear route statistics of all routing protocols in an IPv4 routing table.
<HUAWEI> reset ip routing-table statistics protocol all
7.12 Static Route Configuration Commands
7.12.1 ip route-static
Function
The ip route-static command configures a unicast static route.
The undo ip route-static command deletes a unicast static route.
By default, the system does not configure IPv4 unicast static routes.
Format
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-
type interface-number [ nexthop-address ] } [ preference preference | tag tag ] *
[ permanent | inherit-cost ] [ description text ]
undo ip route-static ip-address { mask | mask-length } [ nexthop-address |

interface-type interface-number [ nexthop-address ] ] [ preference preference |
tag tag ] * [ permanent ]
undo ip route-static all

Parameters
ip-address Specifies a destination IP address. The value is in dotted

decimal notation.
mask Specifies the subnet mask. The value is in dotted

decimal notation.
mask-length Specifies the mask length. As 1s in The value is an integer

a 32-bit mask must be that ranges from 0 to 32.
consecutive, the mask in dotted
decimal notation can be replaced
by the mask length.
nexthop-address Specifies the next-hop address. The value is in dotted

decimal notation.
interface-type Specifies the type and number of -

interface-number the interface that forwards
packets.
preference Specifies the preference of a static The value is an integer

preference route. that ranges from 1 to 255.
tag tag Specifies the tag value of a static The value is an integer
route. By configuring different tag that ranges from 1 to
values, you can classify static 4294967295. The default
routes to implement different value is 0.
routing policies. For example,
other routing protocols can
import static routes with specified
tag values through routing
policies.
permanent Configures permanent -

advertisement of static routes.
description text Configures the description of a The value is a string of 1

static route. to 35 characters that can
contain spaces.
all Deletes all IPv4 unicast static -

routes.
inherit-cost Configures static routes to inherit -

the cost of iterated routes.

Views
System view
Default Level
Usage Guidelines
Usage Scenario
On a simple network, you only need to configure static routes to ensure that the
network runs properly. When the wireless access point cannot use dynamic routing
protocols or establish a route to the destination network, configure static routes.
Precautions
When configuring unicast static routes, note the following:
● Only public routes can be used for tunnel iteration.

● If no preference is configured for a static route, the static route uses the
default preference 60.
● When both the destination IP address and the mask are set to 0.0.0.0, a
default route is configured. If the wireless access point cannot find a route in
the routing table to forward packets, the wireless access point uses the
default route to forward packets.
● Setting different preferences can implement different routing management
policies. For example, if multiple routes to the same destination are
configured with the same preference, load balancing can be implemented. If
multiple routes to the same destination are configured with different
preferences, route backup can be implemented.
● You can configure the description text parameter to add the description of
static routes so that the administrator can check and maintain static routes
easily. You can run the display this command in the system view or run the
display current-configuration command to view the descriptions of static
routes.
● When configuring static routes, you can specify outbound interfaces or next-
hop addresses based on the outbound interface type. For example, you can
specify only outbound interfaces for static routes on P2P interfaces and
specify only next hops for static routes on NBMA interfaces, and you must
specify next hops for static routes on broadcast interfaces.
● In some cases, for example, the link layer protocol is PPP and the peer IP
address is unknown, you can also specify outbound interfaces when
configuring a wireless access point. In this manner, you do not need to modify
the wireless access point configuration when the peer IP address changes.
Example
# Set the next-hop address of the default route to 172.16.0.1.
[HUAWEI] ip route-static 0.0.0.0 0.0.0.0 172.16.0.1

7.12.2 ip route-static default-preference
Function
The ip route-static default-preference command sets the default preference for
IPv4 static routes.
The undo ip route-static default-preference command restores the default

preference value of IPv4 static routes.
By default, the default preference of IPv4 static routes is 60.
Format
ip route-static default-preference preference
undo ip route-static default-preference
Parameters
preference Specifies the default preference The value is an integer that
for IPv4 static routes. ranges from 1 to 255.
Views
System view
Default Level
Usage Guidelines
You can change the preference of a static route to change the status of the route.
To change the default preference of a new IPv4 static route, run the ip route-
static default-preference command.
Example
# Set the default preference of IPv4 static routes to 70.
[HUAWEI] ip route-static default-preference 70
7.12.3 ip route-static selection-rule relay-depth
Function
The ip route-static selection-rule relay-depth command enables static routes to
be selected based on the iteration depth.

The undo ip route-static selection-rule relay-depth command disables static

routes from being selected based on the iteration depth.
By default, static routes are not selected based on the iteration depth.
Format
ip route-static selection-rule relay-depth
undo ip route-static selection-rule relay-depth
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
Use the ip route-static selection-rule relay-depth command to enable static
routes to be selected based on the iteration depth.
Precautions
In the system, some static routes have the same prefix and preference but
different iteration depths. After the system enables static routes to be selected
based on the iteration depth, the static route module selects the static route with
the smallest iteration depth as the active route and delivers it to the FIB table.
Other static routes then become inactive.
Example
# Enable static routes to be selected based on the iteration depth.
[HUAWEI] ip route-static selection-rule relay-depth
7.13 IGMP Snooping Configuration Commands
7.13.1 display igmp-snooping configuration

Function
The display igmp-snooping configuration command displays the IGMP snooping
configuration.

Format
display igmp-snooping configuration
Parameters
None.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
This command displays only the IGMP snooping configuration so that you can
check whether the IGMP snooping configuration made in the system is proper.
Prerequisites
The IGMP snooping configuration in a VLAN can be displayed as long as IGMP

snooping parameters have been configured in the VLAN, no matter whether the
VLAN contains interfaces in Up state.
Global IGMP snooping must be enabled using the igmp-snooping enable

(system view) command before any IGMP snooping configuration is performed.
Example
# Display the IGMP snooping configuration in all VLANs.
<HUAWEI> display igmp-snooping configuration
IGMP Snooping Configuration for VLAN 7
igmp-snooping enable
igmp-snooping version 3
igmp-snooping ssm-mapping enable
igmp-snooping ssm-policy 2000
igmp-snooping ssm-mapping 232.1.1.0 255.255.255.0 10.1.2.1
Table 7-114 Description of the display igmp-snooping configuration command

output
Item Description
Global switch IGMP snooping is enabled globally.

By default, IGMP snooping is disabled globally. You can
enable IGMP snooping using the igmp-snooping
enable (system view) command.

Item Description
Enabled VLAN VLAN in in which IGMP snooping is enabled.

By default, IGMP snooping is disabled in all VLANs. You
can enable IGMP snooping in a VLAN using the igmp-
snooping enable (VLAN view) command.
7.13.2 display l2-multicast forwarding-table
Function
The display l2-multicast forwarding-table command displays the Layer 2
multicast forwarding table.
Format
display l2-multicast forwarding-table vlan vlan-id
Parameters
vlan vlan-id Displays Layer 2 The value is an integer

multicast forwarding that ranges from 1 to
entries in a specified 4094.
VLAN.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After completing IGMP snooping configuration, you can use the display l2-
multicast forwarding-table command to view the Layer 2 multicast forwarding
table. This command displays dynamic learned multicast forwarding entries.
Precautions
This command displays Layer 2 multicast forwarding entries in a VLAN only when
at least one interface in the VLAN is in Up state.

Example
# Display Layer 2 multicast forwarding entries in VLAN 10.
<HUAWEI> display l2-multicast forwarding-table vlan 10
VLAN ID: 10
--------------------------------------------------------------------------------
(Source, Group) Interface
--------------------------------------------------------------------------------
(*, 225.1.1.1) GigabitEthernet0/0/0
(*, 225.1.1.2) GigabitEthernet0/0/0
--------------------------------------------------------------------------------
Total Group(s): 2
Table 7-115 Description of the display l2-multicast forwarding-table command

output
Item Description
VLAN ID VLAN ID of the forwarding entries.
(Source, Group) (S, G) entry, specifying the multicast source and

multicast group.
Interface Outbound interface.
Total Group(s) Total number of multicast forwarding entries.
7.13.3 igmp-snooping enable (system view)

Function
The igmp-snooping enable command enables IGMP snooping globally.
The undo igmp-snooping enable command disables IGMP snooping globally.
By default, IGMP snooping is disabled globally.
Format
undo igmp-snooping enable
Parameters
None
Views
System view
Default Level

Usage Guidelines
Usage Scenario
IGMP snooping runs on a Layer 2 device between a Layer 3 multicast device and
hosts. By listening on the multicast protocol packets exchanged between the Layer
3 device and hosts, IGMP snooping maintains a multicast forwarding table to
control Layer 2 multicast forwarding.
Before configuring IGMP snooping parameters, run the igmp-snooping enable

command in the system view to enable IGMP snooping globally. Other IGMP
snooping configuration commands can be used only after IGMP snooping is
enabled globally.
Precautions
When you disable IGMP snooping globally, all the IGMP snooping configurations
are deleted. When you run the igmp-snooping enable command to enable IGMP
snooping globally again, the wireless access point uses the default IGMP snooping
configuration.
Example
# Enable IGMP snooping globally.
[HUAWEI] igmp-snooping enable
7.13.4 igmp-snooping enable (VLAN view)
Function
The igmp-snooping enable command enables IGMP snooping in a VLAN.
The undo igmp-snooping enable command disables IGMP snooping in a VLAN.
By default, IGMP snooping is disabled in a VLAN.
Format
Parameters
None
Views
VLAN view
Default Level

Usage Guidelines
Usage Scenario
By default, IGMP snooping is disabled in a VLAN after IGMP snooping is enabled
in the system view. To enable IGMP snooping in a VLAN, run the igmp-snooping
enable command in the VLAN view.
Prerequisites
IGMP snooping has been enabled globally using the igmp-snooping enable
(system view) command.
After IGMP snooping is enabled in a VLAN, this function takes effect only on
interfaces in this VLAN.
Example
# Enable IGMP snooping in VLAN 2.
[HUAWEI] igmp-snooping enable
[HUAWEI] vlan 2
[HUAWEI-vlan2] igmp-snooping enable

Fat AP and Cloud AP
Command Reference 8 WAN Commands
8 WAN Commands
About This Chapter
8.1 PPPoE Commands
8.1 PPPoE Commands

NOTE
PPPoE is not supported by the AD9431DN-24X, AP9130DN, AP9131DN, or AP9132DN.
8.1.1 dialer queue-length
Function
Using the dialer queue-length command, you can set the buffer queue length on
a dial interface.
Using the undo dialer queue-length command, you can restore the default
queue length.
By default, packets are not buffered on a dialer interface.
Format
dialer queue-length packets
undo dialer queue-length
Parameters
packets Indicates the number of packets The value is an integer that
allowed in the buffer queue. ranges from 1 to 100.

Fat AP and Cloud AP
Views
Dialer interface view
Default Level
Usage Guidelines
Usage Scenario
If a dialer interface receives a packet but the call connection is not established, the
dialer interface discards the packet. However, if a buffer queue is configured on
the dialer interface, the dialer interface stores the packet in the buffer, and sends
the packet after the call connection is established.
Precautions
● If you run the dialer queue-length command multiple times in the same
● If the buffer queue is long, the interface discards less packets, but a lot of
system resources will be occupied. It is recommended that the queue length
value be equal to or smaller than 20.
Example
# Set the buffer queue length on Dialer1 to 10.
[HUAWEI] interface dialer 1
[HUAWEI-Dialer1] dialer queue-length 10
8.1.2 dialer retry limit
Function
The dialer retry limit command sets the quiet duration and retransmission times
in the quiet duration.
The undo dialer retry limit command restores the default settings.
By default, the quiet duration and retransmission times in the quiet duration are
not set on a router.
Format
dialer retry limit counts quiet-period period
undo dialer retry limit

Fat AP and Cloud AP
Parameters

counts Specifies retransmission The value is an integer that
times in the quiet duration. ranges from 1 to 65535.
quiet-period Specifies the quiet The value is an integer that
period duration. ranges from 1 to 65535, in
seconds.
Views
Default Level
Usage Guidelines
Usage Scenario
When a device of other vendors functions as the PPPoE server, it limits the number
of connection attempts of a client in a specified period (quiet duration). When the
number of connection attempts exceeds the threshold, the device no longer
receives connection requests from the client.
When a router functions as a PPPoE client, it continuously sends connection

requests to the PPPoE server until a connection is established. When the number
of connection attempts in the quiet duration exceeds the maximum value allowed
on the PPPoE server, the PPPoE server no longer receives connection requests from
the client until the quiet duration times out. However, the client still sends
connection requests to the PPPoE server in the quiet duration, wasting resources.
To address this problem, set the quiet duration and retransmission times in the
quiet duration. When the number of retransmission times in the quiet duration
exceeds the threshold, the client stops sending connection requests to the server
until the quiet duration times out.
Precautions
If you run the dialer retry limit command multiple times in the same view, only
the latest configuration takes effect.
Example
# Set the quiet duration to 10s and retransmission times in the quiet duration to
20.
[HUAWEI-Dialer1] dialer retry limit 20 quiet-period 10

Fat AP and Cloud AP
8.1.3 dialer timer idle
Function
Using the dialer timer idle command, you can set the maximum link idle time on
an interface. During this period of time, no Interesting packet is transmitted over
the link.
Using the undo dialer timer idle command, you can restore the default link idle
time.
By default, the maximum link idle time is 120 seconds.
Format
dialer timer idle seconds
undo dialer timer idle
Parameters
seconds Specifies the maximum The value is an integer that ranges from
link idle time. 0 to 65535, in seconds. The default value
is 120.
Views
Default Level
Usage Guidelines
Usage Scenario
The dialer timer idle command sets the maximum idle time for links. If no data is
transmitted over a link within the idle time, the link is disconnected. This saves
resources and costs.
Precautions
● If you run the dialer timer idle command multiple times in the same view,
only the latest configuration takes effect.
● This command affects only new calls but not the established calls.
Example
# Set the maximum link idle time on Dialer1 to 100 seconds.

Fat AP and Cloud AP
[HUAWEI-Dialer1] dialer timer idle 100
8.1.4 dialer-rule
Function
The dialer-rule command configures a dialer access control list (ACL) to define
conditions for initiating DCC calls.
The undo dialer-rule command deletes a dialer ACL.
By default, no dialer ACL is configured.
Format
dialer-rule { acl { acl-number | name acl-name } | ip { deny | permit } }
undo dialer-rule [ acl | ip ]
Parameters
acl { acl-number | name Indicates the number or The value of acl-number

acl-name } name of the dialer ACL. is an integer that ranges
from 2000 to 3999. The
value of acl-name is a
string of 1 to 32 case-
sensitive characters
without space. The name
must start with an
English letter and can be
a mixture of English
letters, digits, hyphens
(-), or underscores (_).
ip { deny | permit } Indicates whether the -

dialer ACL allows or
forbids IPv4 packets.
Views
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
A dialer ACL filters all the packets passing a dialer interface.

The DCC dialer ACL must be configured; otherwise, DCC packets cannot be sent.
You can configure filtering rules for a dialer ACL or associate an existing ACL to
the dialer ACL.
Prerequisites
The ACL to be associated to the dialer ACL has been created.
Example
# Create dialer interface 1, which permits all IPv4 packets.
[HUAWEI-Dialer1] dialer-rule ip permit
8.1.5 display interface dialer

Function
The display interface dialer command displays information about dialer
interfaces.
Format
display interface dialer [ main | number ]
Parameters
main Displays information about all -

dialer interfaces.
number Displays information about a The value range of number

dialer interface. If this parameter is depends on the number range
not specified, information about of dialer interfaces. Only the
all dialer interfaces is displayed. numbers of created dialer
interfaces are displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When monitoring the interface status or locating faults on a dialer interface, run
the display interface dialer command on the interface. According to the

Fat AP and Cloud AP
command output, you can collect traffic statistics and locate faults on the
interface.
Example
# Display information about interface dialer 1.
<HUAWEI> display interface dialer 1
Dialer1 current state : UP
Description:HUAWEI, AP Series, Dialer1 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Link layer protocol is PPP
LCP opened
Physical is Dialer
Current system time: 2010-08-24 22:57:27-05:13
Input: 0 bytes
Output:0 bytes
Table 8-1 Description of the display interface dialer command output
Item Description
Dialer1 current Physical status of the dialer interface:

state ● UP: indicates that the physical status of the interface is
Up.
● DOWN: indicates that the interface has a fault.
● Administratively down: indicates that the network
interface.
Line protocol Link-layer protocol status of the dialer interface:

current state ● UP (spoofing): indicates that the link-layer protocol
status of the interface is Up.
spoofing indicates that the link-layer protocol of the
dialer interface is logically Up and dial-up can be
performed.
● DOWN: indicates that the link-layer protocol status of
the interface is Down or no IP address is assigned to
the interface. damping indicates that the interface is
suppressed because of frequent flapping.
The Maximum Maximum transmit unit (MTU) of the interface.

Transmit Unit
Hold timer Heartbeat interval after the PPP LCP negotiation status
becomes Opened.

Fat AP and Cloud AP
Item Description
Internet Address Interface IP address. If no IP address is assigned to the

dialer interface, the system displays "Internet protocol
processing: disabled."
Link layer protocol The link-layer protocol is PPP.

is PPP
LCP LCP negotiation status:

● Initial: indicates that the physical layer is faulty.
● Starting: indicates that the physical layer is starting.
This state lasts for a short time.
● Closed: indicates that the system has sent a Terminate-
Ack packet to terminate the connection after receiving
the Configure-Request packet.
● Stopped: indicates that the system receives the
Configure-Request packet, but does not receive a
Configure-Ack packet from the peer device. The system
then sends a Terminate-Ack packet.
● Closing: indicates that the connection is being closed.
The system enters the Closed state if it receives a
Configure-Ack packet from the peer device or the timer
expires. This state lasts for a short time.
● Stopping: indicates that the connection is being closed
to prevent subsequent traffic. This state lasts for a
short time.
● Req-Sent: indicates an attempt to establish a
connection. The system has sent a Configure-Request
packet, but does not receive a Configure-Ack packet.
● Ack-Rcvd: indicates that the system has sent a
Configure-Request packet and receives a Configure-Ack
packet from the peer device, but does not send a
Configure-Ack packet to the peer device.
● Ack-Sent: indicates that the system has sent a
Configure-Request packet and a Configure-Ack packet
to the peer device, and receives a Configure-Ack packet
from the peer device.
● Opened: indicates that the system has sent a
Configure-Ack packet to the peer device and receives a
Configure-Ack packet from the peer device. This
indicates that the link layer works properly.
Physical is Dialer The interface is a dialer interface.
Current system Current system time.

time

Fat AP and Cloud AP
Item Description
Last 300 seconds Rates of packets sent and received in the last 300 seconds,
input rate 0 bits/ expressed in bits per second and packets per second.
sec, 0 packets/sec
Last 300 seconds
output rate 0 bits/
sec, 0 packets/sec
Realtime 0 seconds Rates of packets sent and received when the display
input rate 0 bits/ interface dialer command is being executed.
sec, 0 packets/sec
Realtime 0 seconds
output rate 0 bits/
sec, 0 packets/sec
Input: 0 bytes Total number of bytes sent and received by the interface.
Output:0 bytes
Input bandwidth Upstream bandwidth usage and downstream bandwidth

utilization : 0% usage on the interface.
Output bandwidth
utilization : 0%
8.1.6 display pppoe-client session

Function
The display pppoe-client session command displays information about PPPoE
sessions on the PPPoE client, including the session status and statistics.
Format
display pppoe-client session { packet | summary } [ dial-bundle-number
number ]
Parameters
packet Displays the packet statistics of PPPoE -
sessions.
summary Displays summary of PPPoE sessions. -

Fat AP and Cloud AP

dial-bundle- Displays statistics about a specified PPPoE The PPPoE
number number session. session must
exist.
If this parameter is not specified, statistics
about all PPPoE sessions are displayed.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To monitor PPPoE sessions on the PPPoE client, use this command to obtain the
session status and statistics. You can locate PPPoE faults according to the
command output.
Example
# Display the summary of all PPPoE sessions on the PPPoE client.
<HUAWEI> display pppoe-client session summary
PPPoE Client Session:
ID Bundle Dialer Intf Client-MAC Server-MAC State
1 1 1 Vlanif1 00e0fc030201 0819a6cd0680 UP
Table 8-2 Description of the display pppoe-client session summary command

output
Item Description
ID ID of a PPPoE session.
Bundle Dialer bundle of the PPPoE session.
Dialer Number of the dialer interface.
Intf Physical interface to which the dialer interface is bound.
Client-MAC MAC address of the PPPoE client.
Server-MAC MAC address of the PPPoE server.

Fat AP and Cloud AP
Item Description
State Status of the PPPoE session.

● IDLE: The PPPoE session is idle.
● PADI: The PPPoE session is at the Discovery stage and
a PPPoE Active Discovery Initiation (PADI) packet has
been sent.
● PADR: The PPPoE session is at the Discovery stage
and a PPPoE Active Discovery Request (PADR) packet
has been sent.
● UP: The PPPoE session has been established
successfully.
# Display packet statistics of all PPPoE sessions on the PPPoE client.

<HUAWEI> display pppoe-client session packet
PPPoE Client Session:
ID InP InO InD OutP OutO OutD
1 36 758 0 50 1222 0
Table 8-3 Description of the display pppoe-client session packet command

output
Item Description
ID ID of a PPPoE session.
InP Number of received packets.
InO Number of received bytes.
InD Number of incoming packets that are discarded.
OutP Number of sent packets.
OutO Number of sent bytes.
OutD Number of outgoing packets that are discarded.
8.1.7 display pppoe fail-reason
Function
The display pppoe fail-reason command displays PPPoE dialup failure reasons.
Format
display pppoe fail-reason

Fat AP and Cloud AP
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
When PPPoE dialup fails, you can run this command to check for PPPoE dialup
failure reasons and locate faults.
Example
# Display PPPoE dialup failure reasons.
<HUAWEI> display pppoe fail-reason
--------------------------------------------------------------------------
Dialer Last fail time Reason
--------------------------------------------------------------------------
1 2017-08-21/16:57:14 Incorrect user name or password
--------------------------------------------------------------------------
Table 8-4 Description of the display pppoe fail-reason command output
Item Description
Dialer Number of the PPPoE dialer interface.
Last fail time Time when PPPoE dialup fails last time.
Reason Reason why PPPoE dialup fails. Table 8-5 lists PPPoE
dialup failure reasons and handling suggestions.
Table 8-5 PPPoE dialup failure reasons and handling suggestions
PPPoE Dialup Description Handling Suggestion

Failure
Reason
Failed to find The device fails to find the Check whether the network
the server PPPoE server. connection between the
active and standby servers is
normal.
Incorrect user The user name or password is Enter the correct user name
name or incorrect. and password. If the fault
password persists, contact technical
support personnel.

Fat AP and Cloud AP
PPPoE Dialup Description Handling Suggestion

Failure
Reason
Failed to set Connection setup fails due to Wait for the device to set up a
up a a session establishment connection again
connection failure. automatically. If the fault
(session persists, contact technical
establishment support personnel.
failure)
Failed to set Connection setup fails due to

up a a link-layer negotiation
connection failure.
(link-layer
negotiation
failure)
Failed to set Connection setup fails due to

up a a network-layer negotiation
connection failure.
(network-layer
negotiation
failure)
8.1.8 interface dialer

Function
The interface dialer command creates a dialer interface and enters the dialer
interface view.
The undo interface dialer command deletes the dialer interface.
By default, no dialer interface exists.
Format
interface dialer number
undo interface dialer number
Parameters
number Specifies the number of The value is an integer

a dialer interface. that ranges from:
● 1 to 4 for common
APs
● 1 to 8 for central APs

Fat AP and Cloud AP
Views
System view
Default Level
Usage Guidelines
A dialer interface is a logical interface for connecting a PPPoE client to a PPPoE
server.
Example
# Create interface dialer 1.
8.1.9 ip address ppp-negotiate

Function
The ip address ppp-negotiate command configures IP address negotiation on an
interface to allow the interface to obtain an IP address from the remote device.
The undo ip address ppp-negotiate command cancels IP address negotiation.
By default, an interface does not obtain an IP address through PPP negotiation.
Format
ip address ppp-negotiate
undo ip address ppp-negotiate
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
If the local interface runs PPP at the link layer but is not assigned an IP address,
and the remote device has IP addresses, you can configure IP address negotiation
on the local interface so that it can obtain an IP address from the remote device.
For example, when the client accesses the Internet through an Internet Server
Provider (ISP) network, it can obtain an IP address from the ISP.
Prerequisites
The address assignment function has been enabled on the remote device.
Example
# Configure IP address negotiation on Dialer1.
[HUAWEI-Dialer1] ip address ppp-negotiate
8.1.10 ppp chap password
Function
The ppp chap password command configures a password for CHAP
authentication.
The undo ppp chap password command deletes the password of CHAP
authentication.
By default, no password is configured for CHAP authentication.
Format
ppp chap password { cipher | simple } password
undo ppp chap password
Parameters
cipher Displays the password in -

cipher text.
simple Displays the password in -

plain text.
NOTE
When you specify simple,
the password is saved in
plain text in the
configuration, which brings
potential security risks. You
are advised to specify
cipher to save the
password in cipher text.

Fat AP and Cloud AP
password Specifies the password The value is a case-

for CHAP authentication. sensitive character string
without spaces. If simple
is specified, the password
is in plain text and
contains 1 to 32
characters. If cipher is
specified, the password is
either in cipher text
containing 24 to 68
characters, for example,
%^
%#9}Ms*h:=3@2+n(K*_t
S+1PlG2gT'48:j!V.pJSW$
%^%#, or in plain text
containing 1 to 32
214357.
Views
Default Level
Usage Guidelines
Usage Scenario
If the authenticating device uses CHAP as PPP authentication, configure the user
name and password for CHAP authentication on the authenticated device.
Precautions
After the ppp chap password and ppp chap user commands are used, the device
sends the configured password and user name to the remote device for
authentication.
The ppp chap password command must be used on the authenticated device,
and the configured password must be the same as that configured on the
authenticating device.
Example
# Configure password test@123 for CHAP authentication on Dialer1.
[HUAWEI-Dialer1] ppp chap password cipher test@123

Fat AP and Cloud AP
8.1.11 ppp chap user

Function
The ppp chap user command configures a user name for CHAP authentication.
The undo ppp chap user command deletes the user name of CHAP
authentication.
By default, no user name is configured for CHAP authentication.
Format
ppp chap user username
undo ppp chap user
Parameters
username Specifies a user name for The value is a string of 1

CHAP authentication. to 64 case-sensitive
characters without
spaces.
Views
Default Level
Usage Guidelines
Usage Scenario
If the authenticating device uses CHAP as PPP authentication, configure the user
name and password for CHAP authentication on the authenticated device.
Precautions
After the ppp chap password and ppp chap user commands are used, the device
sends the configured password and user name to the remote device for
authentication.
The ppp chap user command must be used on the authenticated device, and the
configured user name must be the same as that configured on the authenticating
device.
Example
# Configure user name test for CHAP authentication on Dialer1.

Fat AP and Cloud AP
[HUAWEI-Dialer1] ppp chap user test
8.1.12 ppp keepalive retry-times

Function
The ppp keepalive retry-times command sets the number of times for
retransmitting PPP heartbeat packets.
The undo ppp keepalive retry-times command restores the default setting.
By default, the number of times for retransmitting PPP heartbeat packets is 4.
Format
ppp keepalive retry-times retry-times
undo ppp keepalive retry-times
Parameters
Parameter Description Setting
retry-times Specifies the number of The value is an integer

times for retransmitting that ranges from 1 to 10.
PPP heartbeat packets.
Views
dialer interface view
Default Level
Usage Guidelines
Usage Scenario
The device sends PPP heartbeat packets to detect PPP link quality. When the link
quality is low and the number of times for retransmitting PPP heartbeat packets
reaches the upper limit, the device tears down the PPP connection.
● When services have high PPP link quality requirements and will be greatly
affected by poor link quality, decrease the number of times for retransmitting
PPP heartbeat packets to detect link quality and take measures in a timely
manner.
● When services have low PPP link quality requirements and will be slightly
affected by poor link quality, increase the number of times for retransmitting
PPP heartbeat packets to prevent frequent disconnection of PPP links.
Precautions

Fat AP and Cloud AP
The command configuration on a PPP link takes effect on new online users, but
not existing online users.
Example
# Set the number of times for retransmitting PPP heartbeat packets to 5.
[HUAWEI-Dialer1] ppp keepalive retry-times 5
8.1.13 ppp pap local-user
Function
The ppp pap local-user command configures the user name and password to be
sent from the local device to the remote device in PAP authentication.
The undo ppp pap local-user command deletes the configured user name and
password.
By default, the local device sends a request to the remote device without the user
name and password in PAP authentication.
Format
ppp pap local-user username password { cipher | simple } password
undo ppp pap local-user
Parameters
username Specifies the user name The value is a string of 1

sent from the local to 64 case-sensitive
device to the remote characters without
device in PAP spaces.
authentication.
cipher Displays the password in -

cipher text.
simple Displays the password in -

plain text.
NOTE
When you specify simple,
the password is saved in
plain text in the
configuration, which brings
potential security risks. You
are advised to specify
cipher to save the
password in cipher text.

Fat AP and Cloud AP
password Specifies the password The value is a case-

sent from the local sensitive character string
device to the remote without spaces. If simple
device in PAP is specified, the password
authentication. is in plain text and
contains 1 to 32
characters. If cipher is
specified, the password is
either in cipher text
containing 24 to 68
%^
%#9}Ms*h:=3@2+n(K*_t
S+1PlG2gT'48:j!V.pJSW$
%^%#, or in plain text
containing 1 to 32
214357.
Views
Default Level
Usage Guidelines
Usage Scenario
If the authenticating device uses PAP as PPP authentication, configure the user
name and password for PAP authentication on the authenticated device.
In PAP authentication, the local device needs to send the user name and password
to the remote device. The remote device checks its user table to determine
whether the local device passes the authentication or sends the user name and
password to the remote authentication server.
Precautions
The user name and password configured by using the ppp pap local-user
command must be the same as those configured on the remote device.
NOTE
In PAP authentication, the password is transmitted in plain text on the network no matter
whether you specify cipher or simple, which brings potential security risks.
Example
# Configure user name papuser1 and password test@123 on Dialer1.

Fat AP and Cloud AP
[HUAWEI-Dialer1] ppp pap local-user papuser1 password cipher test@123
8.1.14 ppp timer negotiate
Function
The ppp timer negotiate command sets the timeout period of PPP negotiation.
The undo ppp timer negotiate command restores the default setting.
By default, the timeout period of PPP negotiation is 3 seconds.
Format
ppp timer negotiate seconds
undo ppp timer negotiate
Parameters
seconds Specifies the timeout The value is an integer

period of PPP that ranges from 1 to 10,
negotiation. in seconds.
Views
Default Level
Usage Guidelines
In PPP negotiation, if the local end does not receive any response from the remote
end within the specified timeout period, the local end retransmits the last packet
until it receives a response from the remote end.
Example
# Set the timeout period of PPP negotiation to 4 seconds on Dialer1.
[HUAWEI-Dialer1] ppp timer negotiate 4

Fat AP and Cloud AP
8.1.15 pppoe-client dial-bundle-number

Function
The pppoe-client dial-bundle-number command specifies a dialer bundle of a
PPPoE session on an interface.
The undo pppoe-client dial-bundle-number command unbinds the dialer bundle
from the PPPoE session.
By default, no dialer bundle is specified.
Format
pppoe-client dial-bundle-number number [ on-demand ] [ no-hostuniq ]
[ ppp-max-payload value ] [ service-name name ]
undo pppoe-client dial-bundle-number number
Parameters
number Specifies the dialer bundle of a The value is an integer that

PPPoE session. ranges from:
● 1 to 4 for common APs
● 1 to 8 for central APs
This parameter uniquely
identifies a PPPoE session
and can be used as the ID of
a PPPoE session.
on-demand Configures on-demand dialing on -

the PPPoE client.
no-hostuniq Indicates that the session initiated -

by the PPPoE client does not
contain the Host-Uniq field.
By default, the session initiated by
the PPPoE client contains the
Host-Uniq field.
ppp-max- Specifies the maximum value of The value is an integer that

payload value the MTU of PPP negotiation ranges from 64 to 1976. The
during the establishment of a default value is 1500.
PPPoE session.

Fat AP and Cloud AP
service-name Specifies the value of the Service- The value is a string of 1 to

name Name field in packets sent by a 128 case-sensitive characters
PPPoE client in the Discovery without spaces and special
stage. characters such as asterisk
(*), question mask (?), and
When users want to establish quotation mask (").
sessions with the PPPoE server
providing specific services, specify
service-name in this command.
Views
Default Level
Usage Guidelines
Usage Scenario
When a device serves as a PPPoE client, PPPoE sessions can be configured on a
VLANIF interface.
Prerequisites
A dialer interface has been configured before the PPPoE session configuration.
Precautions
● If on-demand is not specified, the PPPoE session works in permanent online
mode. If this parameter is specified, the PPPoE session works in on-demand
dialing mode. The device supports the packet triggering mode for on-demand
dialing.
– In permanent online mode, the device initiates a PPPoE session
immediately after the physical link becomes Up. The PPPoE session
persists until you use the undo pppoe-client dial-bundle-number
number command to delete it.
– In triggered online mode, the device does not initiate a PPPoE session
immediately after the physical link becomes Up. Instead, the device
initiates a PPPoE session only when data needs to be transmitted on the
link. If the maximum idle time of the PPPoE link expires, the device
terminates the PPPoE session. When data needs to be transmitted on the
PPPoE link, the device sets up the PPPoE session again.

Fat AP and Cloud AP
NOTE
● The undo pppoe-client dial-bundle-number number command deletes a PPPoE

session permanently regardless of the working mode of the session. To establish
the session again, run the pppoe-client dial-bundle-number command.
● A VLANIF interface can be configured with multiple PPPoE sessions. That is, a
VLANIF interface can be associated with multiple dialer bundles, but a dialer
bundle can be associated with only one VLANIF interface. One PPPoE session can
be bound to only one dialer bundle.
● If no-hostuniq is not specified, the PPPoE session initiated by the PPPoE client
contains the Host-Uniq field. The PPPoE client uses this field to associate an
access server response with a particular host request, which ensures strict
check.
Example
# Specify dialer bundle 1 for the PPPoE session on VLANIF 1.
[HUAWEI-Vlanif1] pppoe-client dial-bundle-number 1
8.1.16 reset pppoe-client
Function
The reset pppoe-client command resets all PPPoE sessions or a specified PPPoE
session on the PPPoE client. After a PPPoE session is reset, the PPPoE client will
establish the session later.
Format
reset pppoe-client { all | dial-bundle-number number }
Parameters
all Resets all PPPoE sessions on the -
PPPoE client.
dial-bundle-number The value is an integer

Resets the specified PPPoE
number that ranges from 1 to
session.
255.
Views
User view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
The PPP parameters of a PPPoE session set after a PPP link is created do not take
effect immediately. To make the parameter settings effective, run the reset
pppoe-client command to reset the PPPoE session. The parameter settings take
effect after the PPPoE session is established again.
If all is specified, all the online PPPoE users are disconnected. If dial-bundle-
number is specified, the PPPoE users that dial up from the specified dialer
interface are disconnected.
If a PPPoE session in permanent online mode is reset, the device will establish the
session again after 16 seconds. If a PPPoE session in packet triggered mode is
reset, the device will establish the session again when data needs to be
transmitted using the session.
NOTE
The reset pppoe-client command terminates PPPoE sessions temporarily, and the sessions
will be established later; the undo pppoe-client dial-bundle-number command deletes
PPPoE sessions permanently.
Example
# Reset the PPPoE session created on dialer bundle 1.
<HUAWEI> reset pppoe-client dial-bundle-number 1
8.1.17 timer hold

Function
The timer hold command sets the interval for sending Keepalive packets.
The undo timer hold command restores the default setting.
By default, the interval for sending Keepalive packets is 10s.
Format
timer hold seconds
undo timer hold

Fat AP and Cloud AP
Parameters
seconds Specifies the polling The value is an integer

interval for an interface. that ranges from 0 to
32767, in seconds.
If the interval is set to 0
seconds, no Keepalive
packet is sent.
Views
dialer interface view
Default Level
Usage Guidelines
Usage Scenario
The polling interval of an interface is the interval at which the interface sends
Keepalive packets.
Keepalive packets are used to monitor and maintain the link status. If an interface
does not receive any Keepalive packet after five Keepalive intervals, it considers
that the link fails.
Precautions
On a low-speed link, the seconds parameter cannot be set to a small value
because it may take a long time to transmit oversized packets on the link. If the
interval for sending Keepalive packets is set to a small value, transmission of
Keepalive packets is delayed. If an interface does not receive any Keepalive packet
from the remote interface after five Keepalive intervals, the interface considers
that the link fails.
Example
# Set the interval for sending Keepalive packets to 15 seconds on Dialer1.
[HUAWEI-Dialer1] timer hold 15

Fat AP and Cloud AP 9 WLAN Service Configuration Commands
Command Reference (Common AP)
9 WLAN Service Configuration Commands

(Common AP)
About This Chapter
9.1 active-dull-client enable

9.2 advertise-ap-name enable
9.3 agile-antenna-polarization
9.4 antenna-gain
9.5 association-timeout
9.6 auto-off service
9.7 beacon-2g-rate
9.8 beacon-5g-rate
9.9 beacon-interval
9.10 beamforming enable
9.11 channel
9.12 channel-switch announcement disable
9.13 channel-switch mode
9.14 copy-from
9.15 country-code
9.16 deny-broadcast-probe enable
9.17 dhcp option82 insert enable
9.18 dhcp option82 format (vap profile view)
9.19 display ap
9.20 display ap configurable channel

9.21 display interface wlan-radio

9.22 display radio
9.23 display radio-2g-profile
9.25 display references radio-2g-profile
9.27 display references ssid-profile
9.28 display references vap-profile
9.29 display resource occupancy message
9.30 display ssid-profile
9.31 display station
9.32 display station offline-record
9.33 display station online-fail-record
9.34 display station statistics
9.35 display vap
9.36 display vap-profile
9.37 display wlan config-errors
9.38 display station online-track
9.39 display vap create-fail-record
9.40 display vap-service-backup auth-server-down
9.41 dot11a basic-rate
9.42 dot11a supported-rate
9.43 dot11bg basic-rate
9.44 dot11bg supported-rate
9.45 dtim-interval
9.46 eirp
9.47 fragmentation-threshold
9.48 frequency
9.49 guard-interval-mode
9.50 he mcs-map (SSID Profile)
9.51 ht a-mpdu disable
9.52 ht a-mpdu max-length-exponent
9.53 interface wlan-radio

9.54 legacy-station disable

9.55 max-sta-number (SSID profile view)
9.56 multicast-rate
9.57 mu-mimo disable
9.58 mu-mimo optimize enable
9.59 probe-response-retry
9.60 qbss-load enable
9.61 radio disable
9.62 radio-2g-profile (WLAN view)
9.64 radio-type (2G radio profile view)
9.66 reach-max-sta
9.67 report-sta-assoc enable
9.68 reset channel switch-record
9.69 reset station offline-record
9.70 reset station online-fail-record
9.71 reset station statistics
9.72 rf-ping
9.73 rts-cts-mode
9.74 rts-cts-threshold
9.75 service-mode disable
9.76 service-vlan (VAP profile view)
9.77 short-preamble disable
9.78 single-txchain enable
9.79 snmp-agent trap enable feature-name wlan
9.80 ssid
9.81 ssid-hide enable
9.82 ssid-profile (WLAN view)
9.83 ssid-profile (VAP profile view)
9.84 sta-network-detect disable
9.85 type (VAP profile view)
9.86 u-apsd enable

9.87 utmost-power
9.88 vap-profile (WLAN view)
9.89 vap-profile (radio interface view)
9.90 vap-service-backup auth-server-down
9.91 vht a-mpdu max-length-exponent
9.92 vht a-msdu enable
9.93 vht a-msdu max-frame-num
9.94 vht mcs-map
9.95 vht mcs-map (SSID profile)
9.96 wlan
9.1 active-dull-client enable

Function
The active-dull-client enable command enables the function of preventing
terminals from entering energy-saving mode.
The undo active-dull-client enable command disables the function.
By default, the function of preventing terminals from entering energy-saving
mode is disabled.
Format
active-dull-client enable
undo active-dull-client enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
Due to individual reasons, some terminals may not run services normally when
entering energy-saving mode. You can run the active-dull-client enable

command to enable the function of preventing terminals from entering energy-

saving mode. After that, an AP frequently sends QoS data frames to these
terminals to prevent them from entering energy-saving mode, ensuring normal
services. This function does not take effect for some terminals and cannot prevent
the terminals from entering the power-saving mode. For details, see Test Report
on Terminal Compatibility.
Precautions
After the function is enabled, the terminals consume more power and extra
bandwidth. If no terminal enters an abnormal energy-saving state, you are advised
to disable the function.
Example
# Enable the function of preventing terminals from entering energy-saving mode.
[HUAWEI] wlan
[HUAWEI-wlan-view] ssid-profile name ssid1
[HUAWEI-wlan-ssid-prof-ssid1] active-dull-client enable
9.2 advertise-ap-name enable

Function
The advertise-ap-name enable command enables Beacon frames to carry the AP
name.
The undo advertise-ap-name enable disables Beacon frames from carrying the
AP name.
By default, Beacon frames do not carry the AP name.
Format
advertise-ap-name enable
undo advertise-ap-name enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
In certain scenarios, you can run the advertise-ap-name enable command to
enable Beacon frames to carry the AP name. In this way, you can quickly locate

and identify APs by identifying the AP name carried in an SSID or display the AP
name on STAs that can receive and resolve the host name carried in SSIDs of
multiple APs.
Example
# Enable Beacon frames to carry the AP name in the SSID profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] advertise-ap-name enable
9.3 agile-antenna-polarization
Function
The agile-antenna-polarization enable command enables self-adaptive
polarization for agile antennas.
The undo agile-antenna-polarization enable command disables self-adaptive
polarization for agile antennas.
By default, self-adaptive polarization is disabled for agile antennas.
NOTE
Only the AP8130DN and AP8130DN-W support this function.
Format
agile-antenna-polarization enable
undo agile-antenna-polarization enable
Parameters
None
Views
2G radio profile view, 5G radio profile view
Default Level
Usage Guidelines
Usage Scenario
Self-adaptive polarization for agile antennas can reduce interference between
transmit signals of antennas, and increase the transmit power of antennas and the
demodulation SNR of STAs. When providing wireless coverage, you can enable this
function when the following types of STA exist:

● STA with one transmit antenna and one receive antenna in 1x1 mode
● STA with two transmit antennas and two receive antennas in 2x2 mode
After this function is enabled, the AP uses two mutually orthogonal antennas to
communicate with STAs but not a third antenna.
Prerequisites
Dual-polarized antennas have been connected to radio ports A and B on the same
frequency band.
Example
# Enable self-adaptive polarization for agile antennas in a 2G radio profile.
[HUAWEI] wlan
[HUAWEI-wlan-view] radio-2g-profile name default
[HUAWEI-wlan-radio-2g-prof-default] agile-antenna-polarization enable
9.4 antenna-gain
Function
The antenna-gain command configures the antenna gain of an AP radio.
The undo antenna-gain command restores the default antenna gain of an AP

radio.
By default, the antenna gain of an AP radio is not configured.
Format
antenna-gain antenna-gain
undo antenna-gain
Parameters
antenna-gain Specifies the The value is an integer that ranges from –10 to
antenna gain. 30, in dB.
Views
Radio interface view
Default Level

Usage Guidelines
Usage Scenario
The antenna gain is the ratio of the power density produced by an antenna to the
power density that should be obtained at the same point if the power accepted by
the antenna were radiated equally. It can measure the capability for an antenna to
receive and send signals in a specified direction, which is one of the most
important parameters to select a BTS antenna. In the same condition, if the
antenna gain is high, the wave travels far.
Precautions
● The antenna gain of an AP radio configured using the command must be

consistent with the gain of the antenna connected to the AP.
● The antenna gain of an AP radio configured using the command takes effect
only for external antennas. When an AP uses an external antenna, configure
the antenna gain for the AP radio to be consistent with the gain of the
external antenna connected to the AP.
● The maximum antenna gain should comply with laws and regulations of the
corresponding country. For details, see the Country Code & Channel
Compliance Table. You can obtain this table at Huawei technical support
website.
– Enterprise technical support website: https://support.huawei.com/
enterprise
– Carrier technical support website: https://support.huawei.com
Example
# Set the antenna gain to 4 for the radio interface Wlan-Radio 0/0/0.
[HUAWEI] interface wlan-radio 0/0/0
[HUAWEI-Wlan-Radio0/0/0] antenna-gain 4
9.5 association-timeout
Function
The association-timeout command configures an association aging time for STAs.
The undo association-timeout command restores the default association aging

time.
By default, the association aging time is 5 minutes.
Format
association-timeout association-timeout
undo association-timeout

Parameters
association- Specifies the association aging time of The value is an

timeout STAs. integer that ranges
from 1 to 30, in
minutes.
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
The administrator can run the association-timeout command to set the
association aging time for STAs. If the AP receives no data packet from a STA in a
specified time, the STA goes offline after the association aging time expires.
Precautions
Changing the association aging time of a STA may interrupt the STA services.
Example
# Set the association aging time of STAs to 15 minutes in the SSID profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] association-timeout 15
Warning: This action may cause service interruption. Continue?[Y/N]y
9.6 auto-off service

Function
The auto-off service command enables the scheduled VAP auto-off function and
sets the time range within which the VAP is disabled.
The undo auto-off service command disables the scheduled VAP auto-off
function.
By default, the scheduled VAP auto-off function is disabled.
Format
auto-off service start-time start-time end-time end-time

auto-off service time-range time-range-name

undo auto-off service
Parameters
start-time start-time Specifies the time when The time is in hh:mm:ss

a VAP starts to be format. hh indicates the
disabled. hour that is an integer
ranging from 0 to 23.
mm indicates the minute
that is an integer
ranging from 0 to 59. ss
indicates the second that
is an integer ranging
from 0 to 59.
end-time end-time Specifies the time when The time is in hh:mm:ss

a VAP stops being format. hh indicates the
disabled. hour that is an integer
ranging from 0 to 23.
mm indicates the minute
that is an integer
ranging from 0 to 59. ss
indicates the second that
is an integer ranging
from 0 to 59.
time-range time-range- Specifies the name of a The value is a string of 1

name time range when a VAP to 32 case-sensitive
is disabled. characters and must
begin with a letter. In
addition, the word all
cannot be specified as a
time range name.
Views
VAP profile view, 2G radio profile view, 5G radio profile view
Default Level
Usage Guidelines
Usage Scenario
When an enterprise does not want employees to access the internal WLAN from
01:00 to 05:00, the administrator can run the auto-off service command to
enable the scheduled VAP auto-off function.

Precautions
● After the service mode of a VAP is enabled using the undo service-mode
disable command, you can run the auto-off service command to configure
the scheduled VAP auto-off function. In the scheduled time, the VAP is
disabled and cannot be enabled using the undo service-mode disable
command. To enable the VAP, run the undo auto-off service command.
● The scheduled VAP auto-off function takes effect in the scheduled time only
after the undo service-mode disable command is executed. If the service
mode of a VAP is disabled using the service-mode disable command, the
VAP auto-off function does not take effect.
● You can run the auto-off service time-range time-range-name command to
set the time range when a VAP is disabled.
● The scheduled VAP auto-off function enabled in a VAP profile view takes
effect only on the APs using the VAP profile, and the scheduled VAP auto-off
function enabled in a radio profile view takes effect only on the APs using the
radio profile.
● auto-off service, start-time start-time, end-time end-time, and auto-off
service time-range time-range-name cannot be configured at the same time.
Example
# Configure the scheduled VAP auto-off function in the VAP profile vap1, and
configure the VAP to be disabled from 1:00:00 to 7:00:00.
[HUAWEI] wlan
[HUAWEI-wlan-view] vap-profile name vap1
[HUAWEI-wlan-vap-prof-vap1] auto-off service start-time 1:00:00 end-time 7:00:00
# Configure the scheduled VAP auto-off function in the 2G radio profile default,
and configure the VAP to be disabled from 1:00:00 to 7:00:00.
[HUAWEI] time-range VAP 1:00 to 7:00 daily
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] auto-off service time-range VAP
9.7 beacon-2g-rate
Function
The beacon-2g-rate command sets the transmit rate of management frames
(including Beacon frames, Probe Response frames, Assoc/Reassoc Response
frames, and Auth frames) on a 2.4 GHz radio.
The undo beacon-2g-rate command restores the default transmit rate of 2.4 GHz
management frames.
By default, the transmit rate of 2.4 GHz management frames is 1 Mbit/s.
Format
beacon-2g-rate beacon-2g-rate

undo beacon-2g-rate
Parameters
beacon-2g-rate Specifies the transmit rate of management Enumerated type:

frames. ● 1: 1 Mbit/s
● 2: 2 Mbit/s
● 5.5: 5.5 Mbit/s
● 6: 6 Mbit/s
● 9: 9 Mbit/s
● 11: 11 Mbit/s
● 12: 12 Mbit/s
● 18: 18 Mbit/s
● 24: 24 Mbit/s
● 36: 36 Mbit/s
● 48: 48 Mbit/s
● 54: 54 Mbit/s
Views
SSID profile view, Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
In high-density wireless scenarios, too many management frames occupy a large
number of wireless resources. To reduce wireless resource occupation of
management frames and improve channel usage efficiency, you can run the
beacon-2g-rate command to set a large transmit rate for 2.4 GHz management
frames.
Precautions
Modifying the transmit rate of management frames will cause service interruption
of STAs. Exercise caution when running the command.
The 802.11b protocol supports only 1 Mbit/s, 2 Mbit/s, 5.5 Mbit/s, and 11 Mbit/s.
If you set the transmit rate of management frames to a rate not supported by the
802.11b protocol, STAs supporting only 802.11b cannot connect to the wireless
network.
If you run the radio-type dot11b command in the 2G radio profile view to set the
radio type to dot11b, and the 2G radio profile is applied to an AP, beacon-2g-rate

that takes effect on the 2 GHz radio of the AP is fixed as 1 Mbit/s, and beacon-2g-
rate configured in the SSID profile view does not take effect on the AP.
Example
# Set the transmit rate of 2.4 GHz management frames to 18 Mbit/s in the SSID
profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] beacon-2g-rate 18
9.8 beacon-5g-rate
Function
The beacon-5g-rate command sets the transmit rate of management frames
(including Beacon frames, Probe Response frames, Assoc/Reassoc Response
frames, and Auth frames) on a 5 GHz radio.
The undo beacon-5g-rate command restores the default transmit rate of 5 GHz
management frames.
By default, the transmit rate of 5 GHz management frames is 6 Mbit/s.
Format
beacon-5g-rate beacon-5g-rate
undo beacon-5g-rate
Parameters
beacon-5g-rate Specifies the transmit rate of management Enumerated type:

frames. ● 6: 6 Mbit/s
● 9: 9 Mbit/s
● 12: 12 Mbit/s
● 18: 18 Mbit/s
● 24: 24 Mbit/s
● 36: 36 Mbit/s
● 48: 48 Mbit/s
● 54: 54 Mbit/s
Views
SSID profile view, Mesh profile view

Default Level
Usage Guidelines
Usage Scenario
In high-density wireless scenarios, too many management frames occupy a large
number of wireless resources. To reduce wireless resource occupation of
management frames and improve channel usage efficiency, you can run the
beacon-5g-rate command to set a large transmit rate for 5 GHz management
frames.
Precautions
Modifying the transmit rate of management frames will cause service interruption
of STAs. Exercise caution when running the command.
Example
# Set the transmit rate of 5 GHz management frames to 18 Mbit/s in the SSID
profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] beacon-5g-rate 18
9.9 beacon-interval
Function
The beacon-interval command sets the interval for sending Beacon frames.
The undo beacon-interval restores the default interval for sending Beacon
frames.
By default, the interval for sending Beacon frames is 100 TUs.
Format
beacon-interval beacon-interval
undo beacon-interval

Parameters
beacon- Specifies the interval for sending Beacon The value is an

interval frames. integer that ranges
from 60 TUs to
1000 TUs TU is a
time unit equal to
1024 microseconds.
Views
Default Level
Usage Guidelines
An AP broadcasts Beacon frames at intervals to notify STAs of an existing 802.11
network. After receiving a Beacon frame, a STA can modify parameters used to
connect to the 802.11 network.
A long interval for sending Beacon frames lengthens the dormancy time of STAs,
while a short interval for sending Beacon frames increases air interface costs.
Therefore, you are advised to set the interval for sending Beacon frames for an AP
based on the VAP quantity. The following intervals for sending Beacon frames are
recommended for APs with different VAP quantities on a single radio:
● No more than 4 VAPs: about 100 TUs
● 5 to 8 VAPs: about 200 TUs
Ensure that the air scan interval meets the following condition: scan-interval ≥
beacon-interval + 100 ms
Example
# Set the interval for sending Beacon frames to 200 TUs in the 2G radio profile
default.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] beacon-interval 200

9.10 beamforming enable

Function
The beamforming enable command enables Beamforming.
The undo beamforming enable command disables Beamforming.
By default, Beamforming is disabled.
NOTE
This configuration is valid only for APs of V200R019C00 and earlier versions.
Format
beamforming enable
undo beamforming enable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
Beamforming is a signal processing technique that controls signal transmission
direction, and transmission and reception of radio signals. The transmit end uses
weight to transmit signals. The signals are transmitted to the destination as
narrow beams. Beamforming increases the signal-to-noise ratio (SNR) for the
destination device.
Precautions
Table 9-1 describes the support of Huawei APs for beamforming.

Table 9-1 Support of APs for Beamforming

Explicit Explicit 802.11n
Implicit
802.11ac Beamforming
AP Model Beamformin
Beamformin
2.4 GHz 5 GHz g
g
AP5030DN,
AP5130DN,
AP2030DN,
AP2030DN-S,
AP3030DN,
AP4030DN,
AP4130DN,
AP3010DN-
V2,
AP5030DN-S,
AP9131DN, Y
AP9132DN,
AD9430DN-1 For
2 (with N AP4030TN, N N
R230D, only the radio
R240D), 0 supports
AD9430DN-2 this feature.
4 (with
R230D,
R240D),
AD9431DN-2
4X (with
R230D,
R240D),
AP4030DN-E,
AP4030TN,
AP430-E
AP8030DN,
AP8130DN, N N N N
AP1050DN-S


Implicit
AP Model Beamformin
Beamformin
2.4 GHz 5 GHz g
g
AD9430DN-1
2 (with
R250D,
R251D),
AD9430DN-2
4 (with
R250D,
R251D,
R450D,
R251D-E and
R250D-E),
AD9431DN-2
4X (with
R250D,
R251D,
R450D,
R251D-E and
R250D-E),
AP2050DN,
AP2050DN-S, Y Y
AP2050DN-E,
AP2051DN, For For
AP2051DN-E, AP2051DN-L- AP2051DN-L-
AP2051DN-S, S, only the N N S, only the
AP2051DN-L- 2.4G 2.4G
S, AP4050DN- frequency frequency
E, AP4050DN- band supports band supports
HD, this feature. this feature.
AP5050DN-S,
AP6050DN,
AP6150DN,
AP7050DN-E,
AP7050DE,
AP4050DN,
AP4051DN,
AP4050DN-S,
AP4151DN,
AP4051DN-S,
AP8050DN,
AP8150DN,
AP8050DN-S,
AP6052DN,
AP7052DN,
AP7152DN,
AP7052DE,
AP8050TN-
HD,


Implicit
AP Model Beamformin
Beamformin
2.4 GHz 5 GHz g
g
AP8082DN,
AP8182DN,
AP7060DN,
AP3050DE,
AP4050DE-M,
AP4050DE-M-
S, AP4050DE-
B-S,
AP4051TN,
WA375DD-
CE, AP5510-
W-GP,
AP6750-10T,
AirEngine
5760-10
AP7030DE,
N N N Y
AP9330DN
Example
# Enable Beamforming.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] beamforming enable
9.11 channel
Function
The channel command configures the working bandwidth and channel for a
specified radio.
The undo channel command restores the default working bandwidth and channel
of a radio.
By default, the working bandwidth of a radio is 20 MHz, and no working channel
is configured for a radio.
To check the channel used by a radio, run the display ap config-info command.
Format
channel { 20mhz | 40mhz-minus | 40mhz-plus | 80mhz | 160mhz } channel
channel 80+80mhz channel1 channel2

channel { 20mhz | 40mhz-minus | 40mhz-plus | 80mhz } channel [ index index ]

undo channel [ index index ]
NOTE
The parameter index index is supported only by vehicle-mounted APs.
Parameters
20mhz Sets the working bandwidth of a radio to -

20 MHz.
40mhz- Sets the working bandwidth of a radio to -

minus 40 MHz Minus.
40mhz-plus Sets the working bandwidth of a radio to -

40 MHz Plus.

80 MHz.

160 MHz.
80+80mhz Sets the working bandwidth of a radio to -

80+80 MHz.
channel/ Specifies the working channel of a radio. The parameter is an

channel1/ enumeration value.
channel2 The value range is
determined based
on the country code
and radio mode.
index index Specifies the index of a channel. The value can be 0

or 1. The default
value is 0.
Views
Default Level
Usage Guidelines
Usage Scenario
Different radios use different channels. Channels for radios also vary in different
countries and regions. Select channels based on the actual situations.

The parameter index index needs to be configured only in vehicle-ground

communication scenarios where a train switches between different lines.
Precautions
The channel parameter settings must match the radio frequency band. For details
about mappings between channel parameters and frequency bands, see Country
Codes & Channels Compliance. You can obtain this table at Huawei technical
support website.
● Enterprise technical support website: https://support.huawei.com/enterprise
● Carrier technical support website: https://support.huawei.com
The configured channels must be supported by STAs; otherwise, the STAs cannot
discover radio signals.
If an AP detects radar signals on a channel, the channel cannot be configured as

the radio channel of the AP in 30 minutes.
If an AP works in dual-5G mode, configure the two 5 GHz radios to work on non-
adjacent channels.
For example, a country supports 40 MHz+ 5G channels 36, 44, 52, and 60. When
deploying 5 GHz radio channels, if one radio is deployed to work on channel 36, it
is recommended that channel 52 or 60 be configured for the other radio. Channel
44 is not recommended in this case.
NOTE
● You can configure the 80 MHz, 160 MHz, or 80+80 MHz bandwidth only in the 5G radio
view.
● For details about AP models that support 80 MHz, 160 MHz, and 80+80 MHz, see
Configuration Limitations for Basic WLAN Services in Configuration Guide - WLAN Service
Configuration Guide.
Example
# Set the working bandwidth to 20 MHz and working channel to 6 for the radio
interface Wlan-Radio 0/0/0.
[HUAWEI-Wlan-Radio0/0/0] channel 20mhz 6
9.12 channel-switch announcement disable

Function
The channel-switch announcement disable command disables an AP from
sending an announcement when the channel is switched.
The undo channel-switch announcement disable command enables an AP to

send an announcement when the channel is switched.
By default, an AP sends an announcement when the channel is switched.

Format
channel-switch announcement disable
undo channel-switch announcement disable
Parameters
None
Views
Default Level
Usage Guidelines
When the AP works on a Depth First Select (DFS) channel, a radar detection is
performed. The AP automatically switches to another channel because the DFS
channel frequency may interfere with the radar frequency.
After the undo channel-switch announcement disable command is run, if the
AP channel switches, the AP sends an Action frame to instruct STAs to switch
channels after multiple Beacon intervals. The AP also switches the channel after
the same intervals. The AP and STAs switch channels at the same time to prevent
STA reassociations and ensure rapid service recovery.
NOTE
The channel switching announcement function must be supported by both the AP and STA.
Example
# Disable the AP from sending an announcement after the channel is switched.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] channel-switch announcement disable
9.13 channel-switch mode

Function
The channel-switch mode command configures an announcement mode for
channel switching.
The undo channel-switch mode command restores the default announcement
mode for channel switching.
By default, data transmission from STAs continues on the current channel when
the channel is switched.

Format
channel-switch mode { stop-transmitting | continue-transmitting }
undo channel-switch mode
Parameters
stop- Stops data transmission from STAs on -

transmitting the current channel during channel
switching.
continue- Continues data transmission from STAs -

transmitting on the current channel during channel
switching.
Views
Default Level
Usage Guidelines
During channel switching, STA communication is interrupted. The administrator
can stop an associated STA sending data on the current channel until channel
switching is complete. Alternatively, data transmission from STAs can be continued
on the current channel before channel switching is complete.
Example
# Stop data transmission from STAs on the current channel during channel
switching.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] channel-switch mode stop-transmitting
9.14 copy-from
Function
The copy-from command copies data to the current profile from a profile of the
same type.

Format
copy-from profile-name
Parameters
profile-name Specifies the name of the profile from The profile name
which data is copied. must already exist.
Views
All WLAN profile views except the WIDS profile, WIDS whitelist profile view, WIDS
spoof SSID profile
Default Level
Usage Guidelines
Usage Scenario
You can run the copy-from command to copy data to the current profile from a
profile of the same type. This simplifies profile configuration and improves
configuration efficiency.
● To create a profile that has the same configuration as an existing profile,
enter the view of the profile to be created and run the copy-from command
to copy data from the existing profile.
● To create a profile that has most configurations the same as an existing
profile, enter the view of the new profile, run the copy-from command to
copy data from the existing profile, and modify the different configurations.
Precautions
If the current profile is referenced by another profile, you cannot run the
command to copy data to the current profile.
When the WAPI certificate or private key configuration exists in the security
profile, you must manually perform the configuration instead of using this
command to copy data.
Example
# Create the VAP profile huawei and copy data from the profile sample.
[HUAWEI] wlan
[HUAWEI-wlan-view] vap-profile name huawei
[HUAWEI-wlan-vap-prof-huawei] copy-from sample

9.15 country-code
Function
The country-code command configures a country code.
The undo country-code command restores the default country code.
By default, the country code CN is configured.
Format
country-code country-code
undo country-code
Parameters
country-code Specifies a country code. The value is a string

of characters in
enumerated type.
For specific values,
see Table 9-2.
Views
WLAN view
Default Level
Usage Guidelines
Table 9-2 Country codes supported by APs
Country Code Country/Region
AE United Arab Emirates
AM Armenia
AR Argentina
AT Austria
AU Australia
AZ Azerbaijan

BE Belgium
BG Bulgaria
BH Bahrain
BN Brunei Darussalam
BO Bolivia
BR Brazil
BY Belarus
BZ Belize
CA Canada
CH Switzerland
CL Chile
CN China (default)
CO Colombia
CR Costa Rica
CY Cyprus
CZ Czech Republic
DE Germany
DK Denmark
DO Dominican Republic
EC Ecuador
EE Estonia
EG Egypt
ES Spain
FI Finland
FR France
GB United Kingdom
GE Georgia
GR Greece
GT Guatemala

HK Hong Kong, Special Administrative

Region of China
HN Honduras
HR Croatia
HU Hungary
ID Indonesia
IE Ireland
IL Israel
IN India
IQ Iraq
IR Iran
IS Iceland
IT Italy
JO Jordan
JP Japan
KP Democratic People's Republic of Korea
KR Republic of Korea
KW Kuwait
KZ Kazakhstan
LB Lebanon
LI Liechtenstein
LK Sri Lanka
LT Lithuania
LU Luxembourg
LV Latvia
MA Morocco
MC Monaco
MK Macedonia
MO Macao, Special Administrative Region

of China
MT Malta

MX Mexico
MY Malaysia
NG Nigeria
NL Netherlands
NO Norway
NZ New Zealand
OM Oman
PA Panama
PE Peru
PH Philippines
PK Pakistan
PL Poland
PR Puerto Rico
PT Portugal
QA Qatar
RO Romania
RS Serbia
RU Russia
SA Saudi Arabia
SE Sweden
SG Singapore
SI Slovenia
SK Slovakia
SV El Salvador
SY Syria
TH Thailand
TN Tunisia
TR Turkey
TT Trinidad & Tobago
TW Taiwan, Province of China

UA Ukraine
US United States
UY Uruguay
UZ Uzbekistan
VE Venezuela
VN Vietnam
YE Yemen
ZA South Africa
ZW Zimbabwe
Usage Scenario
You can configure country codes for devices to satisfy different radio features in
different countries or regions, such as power and channel codes.
After the AP country code is modified, all STAs get offline.
According to specific requirements in some sales regions, the country code of

some models is fixed. For example, if an AP model name has a suffix of -US, the
country code of this mode is US.
Example
# Set the country code to US.
[HUAWEI] wlan
[HUAWEI-wlan-view] country-code us
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the
radio. Continue?[Y/N]:y
9.16 deny-broadcast-probe enable

Function
The deny-broadcast-probe enable command configures an AP not to respond to
broadcast Probe Request frames.
The undo deny-broadcast-probe enable command configures an AP to respond

to broadcast Probe Request frames.
By default, an AP responds to broadcast Probe Request frames.

Format
deny-broadcast-probe enable
undo deny-broadcast-probe enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
In high-density wireless scenarios, too many Probe Response frames occupy a

large number of wireless resources. To reduce wireless resource occupation of the
frames and improve channel usage efficiency, you can run the deny-broadcast-
probe enable command to configure an AP not to respond to broadcast Probe
Request frames.
Precautions
Configuring an AP not to respond to broadcast Probe Request frames may reduce

channel scan efficiency of some STAs.
Example
# Configure an AP not to respond to broadcast Probe Request frames.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] deny-broadcast-probe enable
9.17 dhcp option82 insert enable
Function
The dhcp option82 insert enable command enables the function of adding the
Option 82 field to DHCP packets sent by STAs.
The undo dhcp option82 insert enable command disables the function of adding
the Option 82 field to DHCP packets sent by STAs.
By default, the function of adding the Option 82 field to DHCP packets sent by
STAs is disabled.

Format
dhcp option82 insert enable
undo dhcp option82 insert enable
Parameters
None
Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
After going online, a STA obtains the IP address through DHCP. When the DHCP
Request packet from the STA reaches an AP, the AP adds the Option 82 field to
the packet and sends the packet to the DHCP server. The Option 82 field contains
the MAC address or SSID of the associated AP. Therefore, the DHCP server knows
the AP on which the STA goes online.
Prerequisites
Before enabling the function of adding the Option 82 field to DHCP packets sent
by STAs, run the undo learn-client-address disable command to enable the STA
IP address learning. By default, STA IP address learning is enabled.
Example
# Enable the function of adding the Option 82 field to DHCP packets sent by STAs.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] dhcp option82 insert enable
9.18 dhcp option82 format (vap profile view)

Function
The dhcp option82 format command configures the format of the Option 82
field in DHCP packets sent by STAs.
The undo dhcp option82 format command restores the default format of the
Option 82 field in DHCP packets sent by STAs.
By default, the format of the Option 82 field inserted in DHCP packets sent by
STAs is ap-mac.

Format
dhcp option82 { circuit-id | remote-id } format { ap-mac [ mac-format
{ normal | compact | hex } ] | ap-mac-ssid [ mac-format { normal | compact } ]
| user-defined text | ap-name | ap-name-ssid }
undo dhcp option82 { circuit-id | remote-id } format
Parameters
circuit-id Specifies the circuit-ID (CID) in the Option -

82 field.
remote-id Specifies the remote-ID (RID) in the -

Option 82 field.
ap-mac Indicates that Option 82 contains the AP's -

MAC address.
ap-mac-ssid Indicates that Option 82 contains the AP's -

MAC address and SSID.
mac-format Specifies the format of the AP's MAC -

address in Option 82.
normal Sets the MAC address format to xx-xx-xx- -

xx-xx-xx.
compact Sets the MAC address format to xxxx-xxxx- -

xxxx.
hex Sets the MAC address format to -

XXXXXXXXXXXX in hexadecimal notation.
colon Sets the MAC address format to -

xx:xx:xx:xx:xx:xx.
user-defined text Sets the format of Option 82 to the user- The value is a
defined format. string of 1 to 255
characters.
ap-name Specifies the AP name in the Option 82 -

field.
ap-name-ssid Specifies the AP name and SSID in the -

Option 82 field.

Views
VAP profile view
Default Level
Usage Guidelines
After an AP is enabled to insert the Option 82 field in DHCP packets sent from a
STA, you can run the dhcp option82 format command to configure the format of
the Option 82 field.
You can use the following keywords to define the Option 82 field.
● ap-mac: MAC address of the AP. After DHCP packets from a STA reach an AP,
the AP inserts its MAC address into the Option 82 field of the DHCP packets.
● ap-mac-ssid: MAC address and SSID of the AP. After DHCP packets from a
STA reach an AP, the AP inserts its MAC address and SSID associated with the
STA into the Option 82 field of the DHCP packets.
● ap-name: AP name. After DHCP packets from a STA reach an AP, the AP
inserts its name into the Option 82 field of the DHCP packets.
● ap-name-ssid: AP name and SSID. After DHCP packets from a STA reach an
AP, the AP inserts its name and associated SSID into the Option 82 field of the
DHCP packets.
If mac-format is not specified in the dhcp option82 { circuit-id | remote-id }

format { ap-mac | ap-mac-ssid } command, the AP MAC address in the Option 82
field is XXXXXXXXXXXX in ASCII format.
When you define the format of the Option 82 field, the total length of the circuit-
id and remote-id options in the Option 82 field cannot exceed 255 bytes.
Otherwise, some Option 82 information may be lost. Note that a Chinese
character may occupy 2 or 3 bytes.
Example
# Set the format of remote-id in Option 82 carried in DHCP packets sent by STAs
to ap-mac-ssid.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] dhcp option82 remote-id format ap-mac-ssid
9.19 display ap
Function
The display ap command displays AP information.

Format
display ap
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To view information about APs, run this command.
Example
# Display AP information.
<HUAWEI> display ap
AP detail information:
--------------------------------------------------------------------------------
AP type: AP8130DN
AP MAC: 00e0-fc3f-e900
State: normal
AP high temperature threshold(degree C) : 83
AP low temperature threshold(degree C) : -43
--------------------------------------------------------------------------------
Table 9-3 Description of the display ap command output
Item Description
AP type Type of an AP.
AP MAC MAC address of an AP.
State Working status of an AP.
AP high temperature threshold(degree Upper temperature alarm threshold of

C) an AP.
To configure the parameter, run the
high-temperature threshold
command.
AP low temperature threshold(degree Lower temperature alarm threshold of

C) an AP.
low-temperature threshold
command.

9.20 display ap configurable channel

Function
The display ap configurable channel command displays the configurable
channels supported by a specified AP.
Format
display ap configurable channel
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Different countries or regions use different wireless channels and powers. Setting
country and area codes can specify channels that can be used on WLANs of
different countries. The display ap configurable channel command displays the
configurable channels supported by a specified AP.
Example
# Display configurable channels supported by AP.
<HUAWEI> display ap configurable channel
2.4G 20M : 1,2,3,4,5,6,7,8,9,10,11,12,13.
2.4G 40M+: 1,2,3,4,5,6,7.
2.4G 40M-: 5,6,7,8,9,10,11.
5G 20M : 36,40,44,48,52,56,60,64,149,153,157,161,165.
5G 40M+: 36,44,52,60,149,157.
5G 40M-: 40,48,56,64,153,161.
5G 80M : 36,40,44,48,52,56,60,64,149,153,157,161.
Table 9-4 Description of the display ap configurable channel command output
Item Description
2.4G 20M Configurable 20 MHz channels supported by the

AP on the 2.4 GHz frequency band.
2.4G 40M+ Configurable 40 MHz Plus channels supported by

the AP on the 2.4 GHz frequency band.

Item Description
2.4G 40M- Configurable 40 MHz Minus channels supported

by the AP on the 2.4 GHz frequency band.
5G 20M Configurable 20 MHz channels supported by the

AP on the 5 GHz frequency band.
5G 40M+ Configurable 40 MHz Plus channels supported by

the AP on the 5 GHz frequency band.
5G 40M- Configurable 40 MHz Minus channels supported

by the AP on the 5 GHz frequency band.
5G 80M Configurable 80 MHz channels supported by the

AP on the 5 GHz frequency band.
9.21 display interface wlan-radio

Function
The display interface wlan-radio command displays the status and configuration
of radio interfaces.
Format
display interface wlan-radio [ wlan-radio-number | main ]
Parameters
wlan-radio-number Displays the status and The value can be:

configuration of a radio ● 0/0/0
interface with a specified
number. ● 0/0/1
● 0/0/2
NOTE
All types of APs support
2.4 GHz and 5 GHz radio
interfaces.
On APs supporting radio
switching between the 2.4
GHz and 5 GHz frequency
bands, some radios
support both the two
bands. However, such
radios can work on one
band at a time.You can run
the frequency command
to change the working
frequency band of Radio 0.

main Displays the status and -

configuration of a radio
interface.
A radio interface has no
sub-interface. The
command displays the
status and configuration
of a radio interface
regardless of whether
main is specified.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
To check the status of a radio interface or locate an interface fault, you can run
the display interface wlan-radio command to obtain the status and
configuration of the radio interface. The information can help you locate interface
faults.
Precautions
If [ wlan-radio-number | main ] is not specified, the display interface wlan-radio
command displays the status and configuration of all radio interfaces in the
system.
Example
# Display the status and configuration of the specified radio interface.
<HUAWEI> display interface wlan-radio 0/0/0
Wlan-Radio0/0/0 current state : UPLine protocol current state : UP
Description:HUAWEI, AP Series, Wlan-Radio0/0/0 Interface
Switch Port, TPID : 8100(Hex), The Maximum Transmit Unit is 1500
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00bc-da3f-e900
Last physical up time : 2005-07-31 15:12:29 UTC+08:00
Last physical down time : 2005-07-31 15:12:24 UTC+08:00
Input bandwidth utilization : --
Output bandwidth utilization : --

Table 9-5 Description of the display interface wlan-radio command output

Item Description
current state Status of a radio interface.

● DOWN: indicates that the radio interface is Down.
● UP: indicates that the radio interface is Up.
Line protocol current Status of the link-layer protocol on a radio interface.

state ● DOWN: indicates that the link-layer protocol is
disabled on the radio interface.
● UP: indicates that the link-layer protocol is enabled
on the radio interface.
Description Description of a wlan-radio interface.
Switch Port Indicates that the interface is a Layer 2 interface.
TPID Type of frames that are supported on the interface.

By default, this field displays 0x8100, indicating an
802.1Q frame. If the device does not support 802.1Q
frames, the interface discards the 802.1Q frames
immediately after receiving them.
This field is displayed only for a Layer 2 interface.
The Maximum Specifies the MTU of a wlan-radio interface.

Transmit Unit
IP Sending Frames' Encapsulation format of IP packets, which can be

Format PKTFMT_ETHNT_2, Ethernet_802.3, or Ethernet_SNAP.
Hardware address MAC address of the wlan-radio interface.
change.
does not change.

If the system is configured with a time zone and is in
the summer time, the time is displayed in the format of
YYYY/MM/DD hh:mm:ss UTC±hh:mm DST.
Input/Output Inbound/outbound bandwidth utilization on an

bandwidth utilization interface.

9.22 display radio

Function
The display radio command displays AP radio information.
Format
display radio all
Parameters
all Displays information about all radios. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view the working status of AP radios.
Example
# Display the working status of AP radios.
<HUAWEI> display radio all
CH/BW:Channel/Bandwidth
CE:Current EIRP (dBm)
ME:Max EIRP (dBm)
CU:Channel utilization
ST:Status
WM:Working Mode (normal/monitor/monitor dual-band-scan)
-------------------------------------------------------------------
RfID Band Type ST CH/BW CE/ME STA CU WM
-------------------------------------------------------------------
0 2.4G bgn on 6/20M 24/24 0 55% normal
1 5G an on 56/20M 25/25 0 3% normal
--------------------------------------------------------------------
Total:2
Table 9-6 Description of the display radio command output
Item Description
RfID Radio ID.

Item Description
Band frequency band of an AP radio.
Type Protocol type of an AP radio.

● b: 802.11b radio type
● bg: 802.11b/g radio type
● bgn: 802.11b/g/n radio type
● a: 802.11a radio type
● an: 802.11a/n radio type
● an11ac: 802.11a/n/ac radio type
● 11ax: 802.11b/g/n/ax for 2.4 GHz
radios, 802.11a/n/ac/ax for 5 GHz
radios
ST Working status of an AP radio.
CH/BW Channel/Bandwidth of an AP radio. If

no VAP profile is bound to the radio, a
hyphen (-) is displayed.
CE/ME Current power of an AP radio/

Maximum power of an AP radio. If no
VAP profile is bound to the radio, a
hyphen (-) is displayed.
NOTE
The value is calculated based on the
typical gain of the antenna used by the AP.
STA Number of STAs connected to an AP

radio.
CU Channel utilization.
When an AP radio works in monitor
mode, this parameter is displayed as -.
WM Working mode of an AP radio.

● normal
● monitor
● monitor dual-band-scan: inter-band
scanning mode

Function
The display radio-2g-profile command displays configuration and reference
information about a 2G radio profile.

Format
display radio-2g-profile { all | name profile-name }
Parameters
all Displays information about all 2G radio -

profiles.
name profile- Displays information about a specified The 2G radio profile

name 2G radio profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view configuration and reference information about
a 2G radio profile.
Example
# Display information about all 2G radio profiles.
<HUAWEI> display radio-2g-profile all
----------------------------------------------------------
Profile name Reference
----------------------------------------------------------
default 1
----------------------------------------------------------
Total: 1
Table 9-7 Description of the display radio-2g-profile all command output
Item Description
Profile name Name of a 2G radio profile.
Reference Number of times a 2G radio profile is

referenced.
# Display information of the 2G radio profile default.

<HUAWEI> display radio-2g-profile name default
------------------------------------------------------------
Radio type : 802.11n

Power auto adjust : disable

Beacon interval(TUs) : 100
Beamforming switch : disable
Support short preamble : support
Fragmentation threshold(Byte) : 2346
Channel switch announcement : enable
Channel switch mode : continue
Guard interval mode : normal
802.11ax Guard interval mode : dot8
HT A-MPDU switch : enable
HT A-MPDU length limit :3
RTS-CTS-mode : cts-to-self
RTS-CTS-threshold : 2347
802.11bg basic rate :12
802.11bg support rate : 1 2 5 6 9 11 12 18 24 36 48 54
Multicast rate 2.4G : 11
Interference detect switch : disable
Co-channel frequency interference threshold(%) : 50
Adjacent-channel frequency interference threshold(%) : 50
Station interference threshold : 32
WMM switch : enable
Mandatory switch : disable
Auto-off start time :-
Auto-off end time :-
Auto-off time-range :-
Wifi-light mode : signal-strength
Utmost power switch : enable
Rrm-profile : default
Air-scan-profile : default
Smart-antenna : disable
Agile-antenna-polarization : disable
CCA threshold(dBm) :-
High PER threshold(%) : 80
Low PER threshold(%) : 20
Training interval(s) : auto
Training mpdu num : 640
Throughput trigger training threshold (%) : 10
------------------------------------------------------------
AP EDCA parameters:
------------------------------------------------------------
ECWmax ECWmin AIFSN TXOPLimit(32us) Ack-Policy
AC_VO 3 2 1 47 normal
AC_VI 4 3 1 94 normal
AC_BE 6 4 3 0 normal
AC_BK 10 4 7 0 normal
------------------------------------------------------------
Table 9-8 Description of the display radio-2g-profile name command output

Item Description
Radio type Radio type.

radio-type (2G radio profile view)
command.
Power auto adjust Whether automatic per packet power

adjustment is enabled.
power auto-adjust enable command.

Item Description
Beacon interval(TUs) Interval at which an AP sends Beacon

frames, in TUs.
beacon-interval command.
Beamforming switch Whether the beamforming function is

enabled.
beamforming enable command.
Support short preamble Whether the short preamble is

supported.
short-preamble disable command.
Fragmentation threshold(Byte) Packet fragmentation threshold, in

bytes.
fragmentation-threshold command.
Channel switch announcement Whether channel switch

announcement is enabled.
channel-switch announcement
disable command.
Channel switch mode Channel switch announcement mode.

channel-switch mode command.
Guard interval mode 802.11n/ac GI mode.

guard-interval-mode command.
802.11ax Guard interval mode 802.11ax GI mode.

● dot8: 0.8us
● 1dot6: 1.6us
● 3dot2: 3.2us
HT A-MPDU switch Whether the MPDU aggregation

function is enabled.
To configure this parameter, run the ht
a-mpdu disable command.

Item Description
HT A-MPDU length limit Maximum length of the aggregated

MPDU frame.
a-mpdu max-length-exponent
command.
RTS-CTS-mode RTS/CTS mode.

rts-cts-mode command.
RTS-CTS-threshold RTS/CTS threshold.

rts-cts-threshold command.
802.11bg basic rate 802.11bg basic rate set.

dot11bg basic-rate command.
802.11bg support rate 802.11bg supported rate set.

dot11bg supported-rate command.
Multicast rate 2.4G Multicast rate of wireless packets on

the 2.4GHz radio.
multicast-rate command.
Interference detect switch Whether interference detection is

enabled.
interference detect-enable
command.
Co-channel frequency interference Alarm threshold for co-channel

threshold(%) interference.
interference co-channel threshold
command.
Adjacent-channel frequency Alarm threshold for adjacent-channel

interference threshold(%) interference.
interference adjacent-channel
threshold command.
Station interference threshold Alarm threshold for STA interference.

interference station threshold
command.

Item Description
WMM switch Whether the WMM function is

enabled.
wmm disable command.
Mandatory switch Whether to allow STAs that do not

support WMM to connect to a WMM-
enabled AP.
wmm mandatory enable command.
Auto-off start time Start time for scheduled VAP auto-off.

auto-off service command.
Auto-off end time End time for scheduled VAP auto-off.

Auto-off time-range Time range for scheduled VAP auto-

off.
Wifi-light mode Information reflected by the blinking

frequency of the Wireless LED.
Rrm-profile Name of the RRM profile referenced

by a radio profile.
rrm-profile (radio profile view)
command.
Air-scan-profile Name of the air scan profile

referenced by a radio profile.
air-scan-profile (radio profile view)
command.
Smart-antenna Status of the smart antenna function.

smart-antenna { enable | disable }
command.

command.

Item Description
Agile-antenna-polarization Status of the self-adaptive polarization

for agile antennas.
agile-antenna-polarization
command.
CCA threshold(dBm) CCA threshold for APs.

cca-threshold command.
High PER threshold(%) Upper valid PER threshold in the smart

antenna algorithm.
smart-antenna valid-per-scope
command.

antenna algorithm.
command.
Low PER threshold(%) Lower valid PER threshold in the smart

antenna algorithm.
command.
Training interval(s) Smart antenna training interval.

smart-antenna training-interval
command.
Training mpdu num Number of MPDUs sent by an AP to a

STA during smart antenna training.
smart-antenna training-mpdu-
number command.
Throughput trigger training threshold Sudden performance change threshold

(%) that triggers smart antenna training.
smart-antenna throughput-
triggered-training command.
Utmost power switch Whether a radio is enabled to send

packets at maximum power.
utmost-power command.

Item Description
AP EDCA parameters EDCA parameters and ACK policy on

an AP.
wmm edca-ap command.
AC_VO AC_VO packets.

AC_VI AC_VI packets.

AC_BE AC_BE packets.

AC_BK AC_BK packets.

ECWmax Exponent form of the maximum

contention window. ECWmin and
ECWmax determine the average
backoff time.
ECWmin Exponent form of the minimum

backoff time.
AIFSN Arbitration inter frame spacing

number (AIFSN), which determines the
channel idle time.
TXOPLimit(32us) Transmission opportunity limit

(TXOPLimit), which determines the
maximum duration in which a STA can
occupy a channel. A larger value
indicates a longer duration.

Item Description
Ack-Policy ACK policy. It includes:

● normal: During 802.11 packet
exchange, the receiver sends an
ACK packet to confirm the receiving
of a packet from the sender.
● noack: The receiver sends no ACK
packet to confirm the receiving of a
packet from the sender. It applies to
scenarios where communication
quality is good and interference is
low.

Function
The display radio-5g-profile command displays configuration and reference
Format
display radio-5g-profile { all | name profile-name }
Parameters
all Displays information about all 5G radio -

profiles.
name profile- Displays information about a specified The 5G radio profile

name 5G radio profile. must exist.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
a 5G radio profile.
Example
# Display information about all 5G radio profiles.
<HUAWEI> display radio-5g-profile all
----------------------------------------------------------
----------------------------------------------------------
default 1
----------------------------------------------------------
Total: 1
Table 9-9 Description of the display radio-5g-profile all command output

Item Description
Profile name Name of a 5G radio profile.
Reference Number of times a 5G radio profile is

referenced.
# Display information of the 5G radio profile default.

<HUAWEI> display radio-5g-profile name default
------------------------------------------------------------
Radio type : 802.11ac
Power auto adjust : disable
Beacon interval(TUs) : 100
Beamforming switch : disable
Fragmentation threshold(Byte) : 2346
Channel switch announcement : support
Channel switch mode : continue
Guard interval mode : normal
802.11ax guard interval mode : dot8
HT A-MPDU switch : enable
HT A-MPDU length limit :3
VHT A-MPDU length limit :7
VHT A-MSDU switch : disable
VHT A-MSDU Max frame number :2
RTS-CTS-mode : RTS-CTS
RTS-CTS-threshold : 2347
802.11a basic rate : 6 12 24
802.11a support rate : 6 9 12 18 24 36 48 54
Multicast rate 5G :6
VHT mcs :99999999
Interference detect switch : disable
Co-channel frequency interference threshold(%) : 50
Adjacent-channel frequency interference threshold(%) : 50
Station interference threshold :32
WMM switch : enable
Mandatory switch : disable
Auto-off start time :-
Auto-off end time :-
Auto-off time-range :-
WiFi-light mode : signal-strength
Utmost power switch : enable
Rrm-profile : default
Air-scan-profile : default

Smart-antenna : disable
Agile-antenna-polarization : disable
CCA threshold(dBm) :-
High PER threshold(%) : 80
Low PER threshold(%) : 20
Training interval(s) : auto
Training mpdu num : 640
Throughput trigger training threshold (%) : 10
------------------------------------------------------------
AP EDCA parameters:
------------------------------------------------------------
ECWmax ECWmin AIFSN TXOPLimit(32us) Ack-Policy
AC_VO 3 2 1 47 normal
AC_VI 4 3 1 94 normal
AC_BE 6 4 3 0 normal
AC_BK 10 4 7 0 normal
------------------------------------------------------------
Table 9-10 Description of the display radio-5g-profile name command output

Item Description
Radio type Radio type.

radio-type (5G radio profile view)
command.
Power auto adjust Whether automatic per packet power

adjustment is enabled.
power auto-adjust enable command.
Beacon interval(TUs) Interval at which an AP sends Beacon

frames, in TU.
Beamforming switch Whether the beamforming function is

enabled.
beamforming enable command.
Fragmentation threshold(Byte) Packet fragmentation threshold, in

bytes.
fragmentation-threshold command.
Channel switch announcement Whether channel switch

announcement is enabled.
channel-switch announcement
disable command.
Channel switch mode Channel switch announcement mode.

channel-switch mode command.

Item Description
Guard interval mode 802.11n/ac GI mode.

802.11ax guard interval mode 802.11ax GI mode.

● dot8: 0.8us
● 1dot6: 1.6us
● 3dot2: 3.2us
HT A-MPDU switch Whether the MPDU aggregation

a-mpdu disable command.
HT A-MPDU length limit Maximum length of the aggregated

MPDU frame.
a-mpdu max-length-exponent
command.
VHT A-MPDU length limit Maximum length of the frame

aggregated in A-MPDU mode.
vht a-mpdu max-length-exponent
command.
NOTE
Only 802.11ac APs support the parameter.
VHT A-MSDU switch Whether to enable the function of

sending 802.11 packets in A-MSDU
mode.
vht a-msdu enable command.
NOTE
VHT A-MSDU Max frame number Maximum number of subframes that

can be aggregated into an A-MSDU.
vht a-msdu max-frame-num
command.
NOTE
RTS-CTS-mode RTS/CTS mode.

rts-cts-mode command.

Item Description
RTS-CTS-threshold RTS/CTS threshold.

rts-cts-threshold command.
802.11a basic rate 802.11a basic rate set.

dot11a basic-rate command.
802.11a support rate 802.11a supported rate set.

dot11a supported-rate command.
Multicast rate 5G Multicast rate of wireless packets on

the 5 GHz radio.
multicast-rate command.
VHT mcs Maximum MCS value corresponding to

a specific number of 802.11ac spatial
streams.
vht mcs-map command.
NOTE
Interference detect switch Whether interference detection is

enabled.
command.
Co-channel frequency interference Alarm threshold for co-channel

threshold(%) interference.
interference co-channel threshold
command.
Adjacent-channel frequency Alarm threshold for adjacent-channel

interference threshold(%) interference.
interference adjacent-channel
threshold command.
Station interference threshold Alarm threshold for STA interference.

interference station threshold
command.

Item Description
WMM switch Whether the WMM function is

enabled.
wmm disable command.
Mandatory switch Whether to allow STAs that do not

support WMM to connect to a WMM-
enabled AP.
wmm mandatory enable command.
Auto-off start time Start time for scheduled VAP auto-off.

Auto-off end time End time for scheduled VAP auto-off.

Auto-off time-range Time range for scheduled VAP auto-

off.
WiFi-light mode Information reflected by the blinking

frequency of the Wireless LED.
Rrm-profile Name of the RRM profile referenced

by a radio profile.
rrm-profile (radio profile view)
command.
Air-scan-profile Name of the air scan profile

referenced by a radio profile.
air-scan-profile (radio profile view)
command.
Utmost power switch Whether a radio is enabled to send

packets at maximum power.
utmost-power command.

command.

Item Description
Agile-antenna-polarization Status of the self-adaptive polarization

for agile antennas.
agile-antenna-polarization
command.
CCA threshold(dBm) CCA threshold for APs.

cca-threshold command.

antenna algorithm.
command.
Low PER threshold(%) Lower valid PER threshold in the smart

antenna algorithm.
command.
Training interval(s) Smart antenna training interval.

smart-antenna training-interval
command.
Training mpdu num Number of MPDUs sent by an AP to a

STA during smart antenna training.
smart-antenna training-mpdu-
number command.
Throughput trigger training threshold Sudden performance change threshold

(%) that triggers smart antenna training.
smart-antenna throughput-
triggered-training command.
AP EDCA parameters EDCA parameters and ACK policy on

an AP.


Item Description




backoff time.

backoff time.

channel idle time.


Item Description
Ack-Policy ACK policy. It includes:

● normal: During 802.11 packet
exchange, the receiver sends an
ACK packet to confirm the receiving
of a packet from the sender.
● noack: The receiver sends no ACK
packet to confirm the receiving of a
packet from the sender. It applies to
scenarios where communication
quality is good and interference is
low.

Function
The display references radio-2g-profile command displays reference information
about a 2G radio profile.
Format
display references radio-2g-profile name profile-name
Parameters
name profile- Displays reference information about a The 2G radio profile

name specified 2G radio profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references radio-2g-profile command to view reference

Example
# Display reference information about the 2G radio profile default.
<HUAWEI> display references radio-2g-profile name default
----------------------------------------------------------------------
Reference type Reference name Reference radio
----------------------------------------------------------------------
AP-group Wlan-Radio0/0/0 Radio-0
----------------------------------------------------------------------
Total:1
Table 9-11 Description of the display references radio-2g-profile command

output
Item Description
Reference type Interface to which the 2G radio profile

is applied.
Reference name Name of the interface by which a 2G

radio profile is referenced.
Reference radio Radio to which a 2G radio profile is

referenced.

Function
The display references radio-5g-profile command displays reference information
about a 5G radio profile.
Format
display references radio-5g-profile name profile-name
Parameters
name profile- Displays reference information about a The 5G radio profile

name specified 5G radio profile. must exist.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can run the display references radio-5g-profile command to view reference
Example
# Display reference information about the 5G radio profile default.
<HUAWEI> display references radio-5g-profile name default
----------------------------------------------------------------------
Reference type Reference name Reference radio
----------------------------------------------------------------------
AP-group Wlan-Radio0/0/0 Radio-0
----------------------------------------------------------------------
Total:1
Table 9-12 Description of the display references radio-5g-profile command

output
Item Description
Reference type Interface to which the 5G radio profile

is applied.
Reference name Name of the interface by which a 5G

radio profile is referenced.
Reference radio Radio to which a 5G radio profile is

referenced.
9.27 display references ssid-profile

Function
The display references ssid-profile command displays reference information
about an SSID profile.
Format
display references ssid-profile name profile-name
Parameters
name profile- Displays reference information about a The SSID profile

name specified SSID profile. must exist.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display references ssid-profile command to view reference
information about an SSID profile.
Example
# Display reference information about the SSID profile default.
<HUAWEI> display references ssid-profile name default
-------------------------------------------------------------------
Reference type Reference name
-------------------------------------------------------------------
VAP profile vap-profile1
-------------------------------------------------------------------
Total:1
Table 9-13 Description of the display references ssid-profile command output

Item Description
Reference type Type of the profile by which an SSID

profile is referenced.
Reference name Name of the profile by which an SSID

9.28 display references vap-profile

Function
The display references vap-profile command displays reference information
about a VAP profile.
Format
display references vap-profile name profile-name
Parameters
name profile- Displays reference information about a The VAP profile

name specified VAP profile. must exist.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display references vap-profile command to view reference
information about a VAP profile.
Example
# Display reference information about the VAP profile default.
<HUAWEI> display references vap-profile name default
--------------------------------------------------------------------------------
Reference type Reference name WLAN ID
--------------------------------------------------------------------------------
Interface Wlan-Radio0/0/0 1
--------------------------------------------------------------------------------
Total: 1
Table 9-14 Description of the display references vap-profile command output
Item Description
Reference type Interface to which the VAP profile is

applied.
Reference name Name of the interface by which a VAP

WLAN ID WLAN ID of a VAP.
9.29 display resource occupancy message

Function
The display resource occupancy message command displays average usage of
the Dopra message unit within the latest 10 minutes.
Format
display resource occupancy message
Parameters
None
Views
All views

Default Level
Usage Guidelines
None
Example
# Display average usage of the Dopra message unit within the latest 10 minutes.
<HUAWEI> display resource occupancy message
Average usage rate of system message in 10 minutes: 0%
9.30 display ssid-profile

Function
The display ssid-profile command displays configuration and reference
information about SSID profiles.
Format
display ssid-profile { all | name profile-name }
Parameters
all Displays information about all SSID -

profiles.
name profile- Displays information about a specified The SSID profile

name SSID profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display ssid-profile command to check configuration and
reference information about SSID profiles.

Example
# Display information about all SSID profiles.
<HUAWEI> display ssid-profile all
---------------------------------------------------------------
Profile name Beacon 2.4G/5G rate(Mbps) Reference SSID
---------------------------------------------------------------
default 1/6 2 HUAWEI-WLAN
---------------------------------------------------------------
Total: 1
Table 9-15 Description of the display ssid-profile all command output

Item Description
Profile name SSID profile name.
Beacon 2.4G/5G rate(Mbps) Rate at which 2.4 GHz or 5 GHz

management frames are sent.
Reference Number of times an SSID profile is

referenced.
SSID SSID name.
# Display information about the SSID profile default.

<HUAWEI> display ssid-profile name default
-------------------------------------------------------------------
Profile ID :0
SSID : HUAWEI-WLAN
SSID hide : disable
Association timeout(min) :5
Max STA number : 64
Action upon reaching the max STA number : SSID broadcast
Legacy station : enable
DTIM interval :1
Beacon 2.4G rate(Mbps) :1
Beacon 5G rate(Mbps) :6
Deny-broadcast-probe : disable
Probe-response-retry num :1
802.11r : disable
802.11r authentication :-
U-APSD : enable
Active dull client : disable
MU-MIMO : disable
MU-MIMO optimize : disable
QBSS load : disable
Single txchain : disable
Advertise AP name : disable
Service guarantee : performance first
VHT tx mcs-map nss value :-
VHT tx mcs-map map value :-
VHT rx mcs-map nss value :-
VHT rx mcs-map map value :-
HE tx mcs-map nss value :8
HE tx mcs-map map value : 11
HE rx mcs-map nss value :8
HE rx mcs-map map value : 11
-------------------------------------------------------------------
WMM EDCA client parameters:
-------------------------------------------------------------------
ECWmax ECWmin AIFSN TXOPLimit(32us)

AC_VO 3 2 2 47
AC_VI 4 3 2 94
AC_BE 10 4 3 0
AC_BK 10 4 7 0
-------------------------------------------------------------------
Table 9-16 Description of the display ssid-profile name command output
Item Description
Profile ID ID of an SSID profile.
SSID SSID name.

ssid command.
SSID hide SSID hiding.

ssid-hide enable command.
Association timeout(min) Association timeout period.

association-timeout command.
Max STA number Maximum number of users.

max-sta-number (SSID profile view)
command.
Action upon reaching the max STA Action to take when the number of
number access users reaches the maximum.
● SSID hide: hiding the SSID
● SSID broadcast: broadcasting the
SSID
● priority-based STA replacement:
allowing access of VIP users instead
of non-VIP users based on priorities
reach-max-sta command.
Legacy station Whether to permit access of non-HT

STAs.
legacy-station disable command.
DTIM interval DTIM interval.

dtim-interval command.
Beacon 2.4G rate(Mbps) Rate at which 2.4 GHz management

frames are sent.
beacon-2g-rate command.

Item Description
Beacon 5G rate(Mbps) Rate at which 5 GHz management

frames are sent.
Deny-broadcast-probe Whether an AP is configured not to

respond to broadcast Probe Request
frames.
deny-broadcast-probe enable
command.
Probe-response-retry num Number of times Probe Response

packets are retransmitted.
probe-response-retry command.
802.11r 802.11r roaming.

dot11r enable command.
802.11r authentication 802.11r authentication mode.
U-APSD Whether the U-APSD function is

enabled.
To configure this parameter, run the u-
apsd enable command.
Active dull client Whether the function of preventing

terminals from entering energy-saving
mode is enabled.
active-dull-client enable command.
MU-MIMO Whether MU-MIMO is enabled.

mu-mimo disable command.
MU-MIMO optimize Whether the MU-MIMO optimization

mu-mimo optimize enable
command.
QBSS load Whether the QBSS load function is

enabled.
qbss-load enable command.

Item Description
Single txchain Whether to enable the single-antenna

transmission mode.
single-txchain enable command.
Advertise AP name Whether Beacon frames are enabled

to carry the AP name.
advertise-ap-name enable command.
Service guarantee Service guarantee mode.

service-guarantee command.
VHT tx mcs-map nss value Maximum number of spatial streams

sent in 802.11ac.
vht mcs-map (SSID profile view)
command.
VHT tx mcs-map map value Maximum MCS value of spatial

streams sent in 802.11ac.
command.
VHT rx mcs-map nss value Maximum number of spatial streams

received in 802.11ac.
command.
VHT rx mcs-map map value Maximum MCS value of spatial

streams received in 802.11ac.
command.
HE tx mcs-map nss value Maximum number of spatial streams

sent in 802.11ax.
he mcs-map (SSID profile view)
command.
HE tx mcs-map map value Maximum MCS value of spatial

streams sent in 802.11ax.
command.

Item Description
HE rx mcs-map nss value Maximum number of spatial streams

received in 802.11ax.
command.
HE rx mcs-map map value Maximum MCS value of spatial

streams received in 802.11ax.
command.

wmm edca-client (SSID profile view)
command.

command.

command.

command.

backoff time.
command.

backoff time.
command.

Item Description

channel idle time.
command.

command.
9.31 display station

Function
The display station command displays access information about STAs.
Format
display station { sta-mac sta-mac-address | all | interface interface }
Parameters
sta-mac sta- Displays access information about a STA The STA's MAC
mac-address with the specified MAC address. address must exist.
STA information can
be displayed only
when the AP
associated with the
STA is in normal
state.
all Displays access information about all -

STAs.
interface Displays access information about STAs The radio interface

interface on a specified radio interface. must exist.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display station command to view access information about STAs.
You can run the display access-user command to view access information about
online wired and wireless users. The information includes users' authentication,
authorization, and accounting information.
Capabilities of a STA displayed in the display station sta-mac sta-mac-address

command output are negotiated between the STA and AP and are affected by
both their capabilities, which may be different from the actual STA capabilities.
Example
# Display access information about all STAs.
<HUAWEI> display station all
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
-----------------------------------------------------------------------------------------------------------
STA MAC Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID Status
-----------------------------------------------------------------------------------------------------------
00e0-fc12-3456 1047-8007-6f80 0/2 2.4G 11n 3/8 -70 10 10.10.10.253 tap1 Normal
-----------------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0
Table 9-17 Description of the display station all command output
Item Description
STA MAC MAC address of a STA.
Ap name AP name.
Rf/WLAN Radio ID/VAP ID.
Band Frequency band of a radio.
Type Protocol type of a radio.
Rx/Tx Rate at which the AP receives packets

from the STA/Rate at which the AP
sends packets to the STA.
RSSI RSSI of signals received by an AP from

a STA.
VLAN VLAN ID of a STA.

Item Description
IP address IP address of a STA.

This item is displayed only when the
IPv6 function of the STA is disabled.
IPv4 address IPv4 address of a STA.

IPv6 function of the STA is enabled. To
enable the IPv6 function of the STA,
run the sta-ipv6-service enable
command.
IPv6 address IPv6 address of a STA.

IPv6 function of the STA is enabled. To
enable the IPv6 function of the STA,
run the sta-ipv6-service enable
command.
SSID SSID name.
Status Status of a STA. Normal indicates that

the STA is in normal state, and Delay
indicates that the STA is in offline
delay state.
This parameter is available only for
cloud APs.
# Display access information about a specified STA.

<HUAWEI> display station sta-mac b878-2eb4-2689
------------------------------------------------------------------------------
Station MAC-address : 00e0-fc12-3456
Station IP-address : 10.2.2.254
: FE80::20E:8EFF:FE04:2DEB
Station gateway : 10.2.2.2
: FE80::2E97:B1FF:FEB0:6A48
Associated SSID : test
Station online time(ddd:hh:mm:ss) : 000:00:03:14
The upstream SNR(dB) : 80.0
The upstream aggregate receive power(dBm) : -28.0
Station connect rate(Mbps) : 61
Station connect channel : 36
Station inactivity time(ddd:hh:mm:ss) : 000:00:00:00
Station current state
Authorized for data transfer : Yes
QoS enabled : Yes
HT rates enabled : Yes
Power save mode enabled : Yes
Auth reference held : No
UAPSD enabled : No
UAPSD triggerable : No
UAPSD SP in progress : No
This is an ATH node : No
WDS workaround req : No
WDS link : No
PMF negotiation : No

Station's HT capability : WQ
Station capabilities :E
Station PMF capabilities : PMFC=0,PMFR=0
Station VHT capabilities
256QAM capabilities : Yes
VHT explicit beamforming capabilities : Yes
MU-MIMO capabilities : Yes
Station HE capabilities
OFDMA capabilities : No
BSS color capabilities : No
Station's RM capabilities
Neighbor Report : Yes
Beacon Passive Measurement : Yes
Beacon Active Measurement : Yes
Beacon Table Measurement : Yes
Station's RSSI(dBm) : -28
Station's radio mode : 11n
Station's AP ID :0
Station's AP Name : area_3
Station's Radio ID :1
Station's Authentication Method : Open
Station's Cipher Type : NO CIPHER
Station's User Name : b8782eb42689
Station's Vlan ID : 22
Station's Channel Band-width : 20MHz
Station's asso BSSID : 00e0-fc12-3457
Station's state : Asso with auth
Station's QoS Mode : WMM
Station's HT Mode : HT20
Station's MCS value :9
Station's NSS value :2
Station's Short GI : nonsupport
Station's roam state : No
HAC CAPWAP IP :-
HAP CAPWAP IP : 10.23.100.1
Supported band : 2.4G/5G
Supported 2.4G channels :-
Supported 5G channels : 36,40,44,48,52,56,60,64
: 149,153,157,161,165
802.11k support : Yes
802.11r support : Yes
802.11v support : No
Station device type : windows
U-APSD list:
-------------------------------------------------------
AC-VI AC-VO AC-BE AC-BK
-------------------------------------------------------
not-support not-support not-support not-support
-------------------------------------------------------
------------------------------------------------------------------------------
Table 9-18 Description of the display station sta-mac sta-mac-address command

output
Item Description
Station MAC-address MAC address of a STA.
Station IP-address IP address of a STA.

Item Description
Station gateway Gateway address of a STA.

NOTE
If the device obtains the STA's gateway
address through DHCP, the parameter
displays as the obtained gateway address;
otherwise, the parameter displays as
0.0.0.0.
Associated SSID SSID of a service set with which a STA

is associated.
Station online time(ddd:hh:mm:ss) Online duration of a STA, in the format

of ddd:hh:mm:ss.
The upstream SNR(dB) SNR of a STA received by an AP, in dB.
The upstream aggregate receive Transmit power of a STA received by

power(dBm) an AP, in dBm.
Station connect rate(Mbps) Connection rate of a STA, in Mbit/s.

Affected by wireless environments,
antenna angles, and other factors, the
actual connection rate of a STA cannot
reach the upper limit.
Station connect channel Channel used by a STA.
Station inactivity time(ddd:hh:mm:ss) Idle duration of a STA, in the format of

ddd:hh:mm:ss.
Station current state Current status of a STA.
Authorized for data transfer Whether a STA is authenticated.
QoS enabled Whether QoS is enabled on a STA.
HT rates enabled Whether 802.11n is enabled on a STA.
Power save mode enabled Whether the power saving mode is

enabled on a STA.
Auth reference held Whether the authentication reference

flag is set.
UAPSD enabled Whether UAPSD is enabled.
UAPSD triggerable UAPSD can be triggered, waiting for a

STA to send a trigger frame to the AP.
UAPSD SP in progress Whether the UAPSD mode is in the

service period (SP).
This is an ATH node Whether the wireless network adapter

uses the Atheros chip.

Item Description
WDS workaround req Whether the AP uses a patch used to

fix bugs of Atheros Owl series chips in
WDS scenarios. This item indicates
whether the AP uses the patch.
WDS link STA that is a node on the WDS link.
PMF negotiation Whether a STA implements the PMF

negotiation.
Station's HT capability HT capability of a STA.

● A: Advanced coding
● W: HT40 channel width
● P: MIMO power save disabled
● Q: Static MIMO power save
● R: Dynamic MIMO power save
● G: Greenfield preamble
● S: Short GI enabled (HT40)
● D: Delayed block ACK
● M: Max A-MSDU size
Station capabilities Capabilities of a STA.

● E: ESS
● I: IBSS
● c: CF Pollable
● C: CF-Poll Request
● P: Privacy
● S: Short Preamble
● B: PBCC
● A: Channel Agility
● s: Short Slot Time
● D: DSSS-OFDM
Station PMF capabilities PMF capability of a STA.
Station VHT capabilities Whether a STA supports 802.11ac.
256QAM capabilities Whether a STA supports 256-QAM.
VHT explicit beamforming capabilities Whether a STA supports 802.11ac

explicit beamforming.
MU-MIMO capabilities Whether a STA supports MU-MIMO.
Station HE capabilities Whether a STA supports 802.11ax.
OFDMA capabilities Whether a STA supports OFDMA.

Item Description
BSS color capabilities Whether a STA supports BSS Color.
Station's RM capabilities Radio management capability of a

STA.
Neighbor Report Whether a STA can obtain information

about neighboring APs.
Beacon Passive Measurement Whether a STA can report information

about neighboring APs in passive
mode.
Beacon Active Measurement Whether a STA can report information

about neighboring APs in active mode.
Beacon Table Measurement Whether a STA can report information

about neighboring APs in Beacon table
mode.
Station's RSSI(dBm) RSSI of signals received by an AP from

a STA, in dBm.
Station's radio mode Radio mode of a STA.
Station's AP ID AP ID associated with a STA.
Station's AP Name Name of the AP which a STA

associates with.
Station's Radio ID Radio ID of a STA.
Station's Authentication Method Authentication mode of a STA.
Station's Cipher Type Encryption mode of a STA.
Station's User Name User name of a STA.
Station's Vlan ID VLAN ID of a STA.
Station's Channel Band-width Channel bandwidth of a STA.
Station's asso BSSID BSSID with which a STA is associated.
Station's state Status of the STA.
Station's QoS Mode QoS mode of the STA.
Station's HT Mode HT mode of the STA.

● HE: 802.11ax
● VHT: 802.11ac
● HT: 802.11n
● -: 802.11a/b/g
Station's MCS value The maximum MCS value of the STA.

Item Description
Station's NSS value NSS value of the STA.

NOTE
The NSS value is displayed for STAs
working only in 802.11ac mode or STAs
working in 802.11n mode and supporting
256-QAM.
Station's Short GI Whether the STA supports the short

GI.
Station's roam state Roaming state of a STA.
HAC CAPWAP IP CAPWAP IP address for inter-AC

communication.
HAP CAPWAP IP CAPWAP IP address for AP access.
Supported band Frequency bands supported by the

STA.
Supported 2.4G channels 2.4 GHz/5 GHz channel set supported

Supported 5G channels by a STA.
NOTE
If - is displayed, possible causes include:
● The AP version is too early to report
channels supported by STAs.
● The STA cannot report the support
channels IE field.
802.11k support Whether a STA supports 802.11k.

Only cloud APs support this parameter.
802.11r support Whether a STA supports 802.11r.

802.11v support Whether a STA supports 802.11v.

Station device type Identified STA type.
U-APSD list U-APSD list.
AC-VI Whether U-APSD takes effect on AC_VI

packets.
AC-VO Whether U-APSD takes effect on

AC_VO packets.
AC-BE Whether U-APSD takes effect on

AC_BE packets.
AC-BK Whether U-APSD takes effect on

AC_BK packets.

9.32 display station offline-record

Function
The display station offline-record command displays STAs' going-offline records.
Format
display station offline-record { all | sta-mac sta-mac }
Parameters
all Displays all STAs' going-offline -

records.
sta-mac sta-mac Displays the going-offline records of a The STA's MAC

specified STA. address must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After a STA goes offline, you can use this command to check the reason why the
STA goes offline.
Example
# Display all STAs' going-offline records.
<HUAWEI> display station offline-record all
Reason distribution
----------------------------------------------------------------------------------------
Reason Count Percent
----------------------------------------------------------------------------------------
The STA ages out. 1 14.29%
Other Reasons. 6 85.71%
----------------------------------------------------------------------------------------
Total Count: 7
Recent records
------------------------------------------------------------------------------
STA MAC Ap name Rf/WLAN Last record time
Reason
------------------------------------------------------------------------------

00e0-fc3f-3db9 00e0-fc99-9880 1/3 2018-04-18/12:10:26

The STA is deauthenticated.
00e0-fc8e-8fa0 00e0-fc99-9880 0/2 2018-04-18/07:17:40
The STA disassociates with the network.
00e0-fcd2-efc4 00e0-fc99-9880 1/3 2018-04-19/02:34:03
00e0-fc99-9880 1/4 2018-04-18/08:36:35
00e0-fc99-9880 1/4 2018-04-18/08:35:30
AAA cut command
00e0-fcc9-8a72 00e0-fc99-9880 0/2 2018-04-18/06:47:30
00e0-fcb4-1750 00e0-fc99-9880 0/2 2018-04-18/14:06:41
The STA ages out.
------------------------------------------------------------------------------
Total stations: 5 Total records: 7
Table 9-19 Description of the display station offline-record command output

Item Description
Reason distribution Distribution of reasons of STAs going

offline.
Count Number of times that a reason is

displayed.
Percent Percentage of a reason.
Recent records Recent reason records of STAs' going-

offline.
Ap name Name of the AP from which STAs go

offline.
Radio ID/WLAN ID ID of the radio or WLAN ID of the VAP

from which a STA goes offline.
Last record time Time when the STA went offline last
time.
Reason Reason why the STA went offline.

For troubleshooting methods, see A
STA Goes Offline Unexpectedly in the
Troubleshooting Insights.
Total stations Total number of STAs.
Total records Total number of STA offline records.
9.33 display station online-fail-record

Function
The display station online-fail-record command displays records of STAs' failures
to go online.

Format
display station online-fail-record { all | sta-mac sta-mac-address }
Parameters
all Displays going-online failure records of -

all STAs.
sta-mac sta- Displays online failure records of the STA The STA's MAC
mac-address with the specified MAC address. address must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If a STA fails to go online, you can run the command to check the failure reason,
which helps locate the fault.
After the number of records of STAs' failures to go online reaches the maximum
that can be stored, new records overwrite existing ones.
Example
# Display online failure records of all STAs.
<HUAWEI> display station online-fail-record all
Reason distribution
----------------------------------------------------------------------------------------
Reason Count Percent
----------------------------------------------------------------------------------------
The key is incorrect or the STA uses the cached PMK. 1 100.00%
----------------------------------------------------------------------------------------
Total Count: 1
Recent records
------------------------------------------------------------------------------
STA MAC Ap name Rf/WLAN Last record time
Reason
------------------------------------------------------------------------------
00e0-fc12-3456 area_11 0/1 2018-04-11/15:53:18
The key is incorrect or the STA uses the cached PMK.
------------------------------------------------------------------------------
Total stations: 1 Total records: 1

Table 9-20 Description of the display station online-fail-record command output

Item Description
Reason distribution Distribution of STA going-online

failure reasons.
Count Number of times that a reason is

displayed.
Percent Percentage of a reason.
Recent records Recent records of reasons for the STA's

failures to go online.
Radio ID/WLAN ID Radio/VAP to which the STA fails to

connect.
STA MAC MAC address of the STA that fails to

go online.
Ap name Name of the AP on which the STA fails

to go online.
Last record time Last time when the STA failed to go

online.
Reason Reason for the STA's failure to go

online. For details about STA online
failure reasons and handling
suggestions, see Table 9-21.
For troubleshooting methods, see STAs
Fail to Associate with a WLAN.
Table 9-21 STAs' going-online failure reasons and handling suggestions

Reason Why a STA Fails to Go Handling Suggestion
Online
STA authentication times out. Reassociate the STA with the network.
If this fault persists, contact technical
support personnel.
Invalid association request packet. Reassociate the STA with the network.
If this fault persists, the STA may be
incompatible. Contact technical
support personnel.
The encryption mode is inconsistent Check whether the encryption mode is

on the STA and AP. consistent on the STA and AP.
Authentication fails in the association Reassociate the STA with the network.
stage. If this fault persists, contact technical
support personnel.


Online
The STA is not authenticated. Reassociate the STA with the network.
support personnel.
The AP does not support the rate set Reassociate the STA with the network
specified in the association request or modify the basic rate set in the
packet of the STA. radio profile.
The encryption algorithm is Check whether the encryption

inconsistent on the STA and AP. algorithm is consistent on the STA and
AP.
Failed to decrypt the challenge packet. Reassociate the STA with the network
or check whether the STA works
properly. If this fault persists, contact
technical support personnel.
Access from legacy STAs is denied. Check whether the configuration for
denying access of legacy STAs is
required. To modify this configuration,
run the undo legacy-station disable
command to permit access of legacy
STAs.
The number of STAs exceeds the Expand the network capacity or retain
physical specifications allowed by the the current configuration as required.
AP.
The WMM capability of the STA and Check whether WMM is forcibly
VAP does not match. enabled in the radio profile or check
the specified configuration of the STA.
STAs have a compatibility Check whether the STA works properly.

issue(Incorrect network type flag If so, reassociate the terminal with the
carried by STAs) . network. If this fault persists, contact
STAs have a compatibility issue(STAs Check whether the STA supports the
do not support short timeslots). 802.11g protocol.
STAs have a compatibility issue(STAs Check whether the STA supports the
do not support DFS.) 802.11h protocol.
The number of associated STAs Expand the WLAN capacity.

exceeds the maximum allowed by the
AC.
The STA is not in the global whitelist. Check whether the STA needs to be
added to the global whitelist.
The STA is in the global blacklist. Check whether the STA needs to be
added to the global blacklist.


Online
The STA is not in the VAP's whitelist. Check whether the STA needs to be
added to the VAP's whitelist.
The STA is in the VAP's blacklist. Check whether the STA needs to be
added to the VAP's blacklist.
The STA associates with a heavily Check whether the load balancing
loaded radio. configuration is proper.
The STA is in the dynamic blacklist. View the attack record to check
whether the STA is an attacker.
The association or reassociation Reassociate the STA with the network.

packet check fails. If this fault persists, contact technical
support personnel.
The number of users exceeds the Expand the network capacity or run
maximum allowed on the VAP defined the max-sta-number command to
by the AC. increase the maximum number of STAs
associated with the VAP.
The Navi AC status is abnormal. Check the configuration and the

network to Navi AC.
VAP configurations on the Local AC Check the VAP configurations on the

and Navi AC are different. Local AC and Navi AC. Check items are
as follows:
● STA authentication access mode.
● SSID.
The number of associated STAs Expand the WLAN capacity.

exceeds the maximum specifications
of the Navi AC.
Failed to check the configuration Please contact technical support

during STA association. personnel.
Batch backup is in progress. STA access Reassociate the STA with the network.
is denied. If this fault persists, contact technical
support personnel.
STA access failed due to other reasons. Reassociate the STA with the network.
support personnel.
Reassociation denied. No action is required.
During roaming association, the SSID Check whether the SSID is the same
is inconsistent with that before before and after roaming. If this fault
roaming. persists, contact technical support
personnel.


Online
During roaming association, the Check whether the authentication

authentication mode is inconsistent mode is the same before and after
with that before roaming. roaming. If this fault persists, contact
During roaming association, the STA Reassociate the STA with the network.
status is abnormal. If this fault persists, contact technical
support personnel.
The STA fails the roaming check due Reassociate the STA with the network.
to other reasons. If this fault persists, contact technical
support personnel.
The STA uses a static IP address. Check whether the static IP address is
configured by the user. If so, configure
the STA to dynamically obtain an IP
address.
The STA's SNR is below the user CAC Check whether the SNR-based user
threshold. CAC threshold is properly set. To
modify this threshold, run the uac
client-snr threshold command and
reassociate the STA with the WLAN.
Alternatively, determine the STA
location and provide coverage to the
location.
The number of STAs exceeds the UAC Check whether the CAC threshold
threshold of the radio. based on the number of users is
properly set. To modify this threshold,
run the uac client-number threshold
command and reassociate the STA
with the WLAN.
The channel utilization of the radio Check whether the user CAC threshold
has reached the upper threshold. based on the channel utilization is
properly set. To modify this threshold,
run the uac channel-utilization
threshold command and reassociate
the STA with the WLAN.
The number of STAs exceeds the Configure load balancing or expand

maximum allowed by the AP. the network capacity.
The number of STAs exceeds the Increase the maximum number of

maximum allowed in the VAP reported users on the VAP or expand the WLAN
by the AP. capacity.
The STA does not send an Reassociate the STA with the network.
authentication request before If this fault persists, contact technical
associating with the network. support personnel.


Online
Exceeded the maximum number of Expand the WLAN capacity.

users on the central AP.
Authentication fails. Reassociate the STA with the network.

support personnel.
The encryption mode used by STAs is Check the encryption modes used by
different from that used by the VAP. STAs and the VAP.
The possible cause is that the STA Reassociate the STA with the network.
configuration is incorrect, the signal If this fault persists, contact technical
quality on the air interface is low, or support personnel.
the AC forces the STA to reassociate
with the network to ensure
uninterrupted STA services.
The client capability does not match. The client capability does not meet the
requirements. Upgrade the client
version or Wi-Fi version.
Compatibility problems exist on the Upgrade the STA version or Wi-Fi

wireless client. (The HT capability module version, or run the undo
carried by the client is incorrect). legacy-station disable command to
permit access of non-HT STAs.
The client access is restricted To allow a wireless client to access a

temporarily. better AP, temporarily restrict the client
to access this AP. It is normal if the
terminal can connect to a better AP. If
a client fails to connect to an AP for
multiple consecutive times, check
whether APs need to be added.
Received an Authentication frame with Reassociate the STA with the network.
authentication transaction sequence If this fault persists, contact technical
number out of expected sequence. support personnel.
Invalid RSNE capabilities. Forget the network and reassociate the

STA with the network. If this fault
persists, contact technical support
personnel.
Cipher suite rejected because of Check whether the encryption mode

security policy. and key configurations on the wireless
terminal are correct. If this fault
personnel.


Online
Invalid pairwise master key Forget the network and reassociate the
identifier(PMKID). STA with the network. If this fault
personnel.
Invalid group cipher. Forget the network and reassociate the

personnel.
Invalid pairwise cipher. Forget the network and reassociate the

personnel.
Invalid MDE. Forget the network and reassociate the

personnel.
Invalid FTE. Forget the network and reassociate the

personnel.
Others reason. Contact technical support personnel.
The key is incorrect or the STA uses Check whether the key is correct or
the cached PMK. reassociate the STA with the network.
support personnel.
Failed to receive the handshake packet Check whether the key is correct or
(2/4) from the STA. reassociate the STA with the network.
support personnel.
Failed to receive the handshake packet Check whether the key is correct or
(4/4) from the STA. reassociate the STA with the network.
support personnel.
802.11r EAPOL Msg 2/4 did not Check whether the station has some
contain R1 name. compatibility problems and please
disable dot1x reauthenticate when
enable 802.11r. If this fault persists,
contact technical support personnel.
Key negotiation fails(the length of the Verify that the correct password is
key data is invalid). entered on the STA. If this fault
personnel.


Online
key data(2/4) is invalid). entered on the STA. If this fault
personnel.
key data(4/4) is invalid). entered on the STA. If this fault
personnel.
Key negotiation fails(fail to send the Verify that the correct password is
handshake packet). entered on the STA. If this fault
personnel.
The MAC address of the access user is Run the display wlan ppsk-user all
different from that configured for the command to check whether a PPSK
PPSK account. account allows the access from this
MAC address. If so, use this PPSK
account for access. If not, configure a
PPSK account mapping this MAC
address and use the new PPSK account
for access.
The PPSK account does not exist. Run the display wlan ppsk-user all
command to check whether any PPSK
account maps the access SSID. If not,
create the PPSK account and bind it to
the SSID.
The number of PPSK users exceeds the Run the display wlan ppsk-user all
maximum value. command to query the maximum
number of access users supported by
the PPSK account, and then modify the
maximum number of access users as
required.
The PPSK account expires. Run the display wlan ppsk-user all
command to check the timeout period
of the PPSK account, and change it to
a valid time.
Key negotiation fails (message 2/4 Check whether the key is correct or
processing error). reassociate the STA with the network.
support personnel.
support personnel.


Online
support personnel.
Key negotiation fails (start unicast Check whether the key is correct or
negotiation fails because of incorrect reassociate the STA with the network.
input parameters). If this fault persists, contact technical
support personnel.
Key negotiation fails (start multicast Check whether the key is correct or
negotiation fails because of incorrect reassociate the STA with the network.
input parameters). If this fault persists, contact technical
support personnel.
authentication mode or encryption reassociate the STA with the network.
type mismatch). If this fault persists, contact technical
support personnel.
authentication mode or encryption reassociate the STA with the network.
type mismatch). If this fault persists, contact technical
support personnel.
Key negotiation fails (invalid length of Check whether the key is correct or
the message 2/2). reassociate the STA with the network.
support personnel.
WPA data packets). reassociate the STA with the network.
support personnel.
support personnel.
support personnel.
Key negotiation fails (mismatched Check whether the key is correct or

packet descriptor of the message 2/4). reassociate the STA with the network.
support personnel.


Online

support personnel.

support personnel.
the message 4/4 packet key). reassociate the STA with the network.
support personnel.
the message 2/2 packet key). reassociate the STA with the network.
support personnel.
Key negotiation fails (invalid key Check whether the key is correct or
information in the message 2/4 reassociate the STA with the network.
packet). If this fault persists, contact technical
support personnel.
support personnel.
support personnel.
handshake status mismatch). reassociate the STA with the network.
support personnel.
support personnel.
support personnel.


Online
Key negotiation fails (invalid number Check whether the key is correct or
of message 2/4 replay times). reassociate the STA with the network.
support personnel.
support personnel.
support personnel.
MIC verification failure). reassociate the STA with the network.
support personnel.
MIC verification failure). reassociate the STA with the network.
support personnel.
Key negotiation fails (packet length Check whether the key is correct or
calculation failure). reassociate the STA with the network.
support personnel.
Key negotiation fails (the EAP packet Check whether the key is correct or
length is 0). reassociate the STA with the network.
support personnel.
Key negotiation fails (the EAP packet Check whether the key is correct or
is too long). reassociate the STA with the network.
support personnel.
Key negotiation fails (the key body Check whether the key is correct or
length of EAP packets is 0). reassociate the STA with the network.
support personnel.
the EAP packet key). reassociate the STA with the network.
support personnel.


Online
Key negotiation fails (incorrect EAP Check whether the key is correct or
packet descriptor). reassociate the STA with the network.
support personnel.
Key negotiation fails (invalid EAP Check whether the key is correct or
packet type). reassociate the STA with the network.
support personnel.
Key negotiation fails (PMK parse Check whether the key is correct or
failure). reassociate the STA with the network.
support personnel.
Key negotiation fails (mismatch Check whether the key is correct or

between the PMK and PMKR1Name). reassociate the STA with the network.
support personnel.
Key negotiation fails (the type is not Check whether the key is correct or
FTIE). reassociate the STA with the network.
support personnel.
Key negotiation fails (invalid FTIE Check whether the key is correct or
length). reassociate the STA with the network.
support personnel.

between Anonce and FTIE). reassociate the STA with the network.
support personnel.

between Snonce and FTIE). reassociate the STA with the network.
support personnel.
Key negotiation fails (MIC generation Check whether the key is correct or
failure). reassociate the STA with the network.
support personnel.
Key negotiation fails (failure to modify Check whether the key is correct or
the rsnie field). reassociate the STA with the network.
support personnel.


Online
Key negotiation fails (failure to fill Check whether the key is correct or
FTIE data). reassociate the STA with the network.
support personnel.
WAPI authentication times out. Check the network quality or

reassociate the STA with the network.
support personnel.
WAPI authentication fails. Reassociate the STA with the network.

support personnel.
Re-authentication fails (re- Check the intermediate network

authentication failure). between the AP and AC or reassociate
the STA with the network. If this fault
personnel.
Re-authentication fails (failure to fill Reassociate the STA with the network.
the start negotiation message). If this fault persists, contact technical
support personnel.
Re-authentication fails (start Reassociate the STA with the network.

negotiation failure). If this fault persists, contact technical
support personnel.
Authentication fails (authentication Reassociate the STA with the network.

failure). If this fault persists, contact technical
support personnel.
Authentication fails (failure to fill the Reassociate the STA with the network.
start negotiation message). If this fault persists, contact technical
support personnel.
Authentication fails (start negotiation Reassociate the STA with the network.
failure). If this fault persists, contact technical
support personnel.
Authentication fails (failure to receive Reassociate the STA with the network.
EAP key packets). If this fault persists, contact technical
support personnel.
Authentication fails (MAC address Reassociate the STA with the network.
authentication processing error). If this fault persists, contact technical
support personnel.
Authentication fails (MAC address Reassociate the STA with the network.
authentication failure). If this fault persists, contact technical
support personnel.


Online
The authentication request times out. Reassociate the STA with the network.
support personnel.
Key negotiation fails (WPA key Verify that the correct password is
negotiation failure). entered on the STA. If this fault
personnel.
Key negotiation fails (access security Verify that the correct password is
processing failure). entered on the STA. If this fault
personnel.
Key negotiation fails. Reassociate the STA with the network.

support personnel.
9.34 display station statistics

Function
The display station statistics command displays statistics information about
STAs.
Format
display station statistics [ sta-mac sta-mac-address ]
Parameters
sta-mac sta- Displays statistics information about a The STA's MAC

mac-address STA with a specified MAC address. address must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario

When you run the display station statistics command to check statistics
information about STAs,
● If no parameter is specified, statistics information about all STAs associated
with the device is displayed.
● If sta-mac is specified, the number of packets exchanged between the
specified STA and device and the corresponding rate are displayed.
Prerequisites
To view statistics information about STAs based on sta-mac, ensure that the STA
has been associated with an AP.
Example
# Display statistics information about all STAs.
<HUAWEI> display station statistics
------------------------------------------------------------------------------
Successful associations on the AC :0
AC authentication failures due to a password error :0
AC authentication failures due to an invalid algorithm :0
AC authentication failures due to timeout :0
AC authentication failures due to rejection :0
AC authentication failures due to other reasons :0
STAs supporting neighbor report :0
STAs supporting beacon report :0
Beacon passive measurement :0
Beacon active measurement :0
Beacon table measurement :0
2.4G-only STAs :0
5G-only STAs :0
Dual-band STAs :0
Online STAs :0
STAs associated with 2.4G band :0
STAs associated with 5G band :0
------------------------------------------------------------------------------
Table 9-22 Description of the display station statistics command output
Item Description
Successful associations on the AC Total number of successful link

authentications on the AC. Every time
a STA initiates a link authentication
request and passes the authentication,
the counter is incremented by 1. If the
same STA initiates multiple
authentication requests and passes all
authentications, the counter is
incremented cumulatively.
AC authentication failures due to a Number of authentication failures due

password error to the incorrect password.
AC authentication failures due to an Number of authentication failures due

invalid algorithm to the invalid authentication
algorithm.
AC authentication failures due to Number of authentication failures due

timeout to timeout.

Item Description
AC authentication failures due to Number of authentication failures due

rejection to rejected access to the AC.
AC authentication failures due to other Number of authentication failures due

reasons to other reasons.
STAs supporting neighbor report Number of STAs that can obtain

information about neighboring APs.
STAs supporting beacon report Number of STAs that can report

information about neighboring APs
through the Beacon Report
mechanism.
Beacon passive measurement Number of STAs that can report

information about neighboring APs in
passive mode.
Beacon active measurement Number of STAs that can report

active mode.
Beacon table measurement Number of STAs that can report

Beacon table mode.
2.4G-only STAs Number of STAs that support only the

2.4 GHz band.
5G-only STAs Number of STAs that support only the

5 GHz band.
Dual-band STAs Number of STAs that support dual

bands.
Online STAs Number of online STAs.
STAs associated with 2.4G band Number of STAs associated with the
2.4 GHz band. The number of STAs of
different types is displayed, including
802.11b, 802.11g, 802.11n 20 MHz,
and 802.11n 40 MHz STAs.
STAs associated with 5G band Number of STAs associated with the 5

GHz band. The number of STAs of
different types is displayed, including
802.11a, 802.11n 20 MHz, 802.11n 40
MHz, 802.11ac 20 MHz, 802.11ac 40
MHz, 802.11ac 80 MHz, and 802.11ac
160 MHz STAs.
# Display statistics information about a STA with MAC address 0011-2233-4455.

<HUAWEI> display station statistics sta-mac 0011-2233-4455
-----------------------------------------------------------------

Packets sent to the station :7

Packets received from the station : 40
Bytes sent to the station : 1170
Bytes received from the station : 3911
Wireless data rate sent to the station(kbps) :0
Wireless data rate received from the station(kbps) : 0
Trigger roam total :0
Trigger roam failed :0
STA power save percent : 0%
------------------------------------------------------------------------------
Table 9-23 Description of the display station statistics sta-mac sta-mac-address

command output
Item Description
Packets sent to the station Number of packets sent to the STA.
Packets received from the station Number of packets sent by the STA.
Bytes sent to the station Number of bytes sent to the STA.
Bytes received from the station Number of bytes sent by the STA.
Wireless data rate sent to the Rate at which packets are sent to the
station(kbps) STA, in kbit/s.
Wireless data rate received from the Rate at which packets are received
station(kbps) from the STA, in kbit/s.
Trigger roam total Total number of smart roaming times.
Trigger roam failed Number of smart roaming failures.
STA power save percent Percentage of power saved on the STA.
9.35 display vap

Function
The display vap command displays information about service VAPs.
Format
display vap { all | ssid ssid }
Parameters
ssid ssid Displays information about service VAPs The SSID must exist.
of a specified SSID.
all Displays information about all service -

VAPs.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display vap command to view information about service VAPs.
Example
# Display information about all service VAPs.
<HUAWEI> display vap all
WID : WLAN ID
---------------------------------------------------------------------
AP MAC RfID WID BSSID Status Auth type STA SSID
---------------------------------------------------------------------
00bc-da3f-e900 0 3 00BC-DA3F-E902 ON Open 0 GUEST-WLAN
---------------------------------------------------------------------
Total: 1
Table 9-24 Description of the display vap command output

Item Description
AP MAC MAC address of the AP.
RfID Radio ID.
WID WLAN ID of a VAP.
SSID SSID name.
BSSID MAC address of a VAP.
Status Current status of a VAP.

● ON: The VAP service is enabled.
● OFF: The VAP service is disabled.
Auth type Authentication mode of a VAP.
STA Number of terminals connected to a

VAP.

9.36 display vap-profile

Function
The display vap-profile command displays configuration and reference
information about VAP profiles.
Format
display vap-profile { all | name profile-name }
Parameters
all Displays information about all VAP -

profiles.
name profile- Displays information about a specified The VAP profile

name VAP profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check configuration and reference information
about VAP profiles.
Example
# Display information about all VAP profiles.
<HUAWEI> display vap-profile all
STA U/D : Rate limit client up/down
VAP U/D : Rate limit VAP up/down
BR2G/5G : Beacon 2.4G/5G rate
------------------------------------------------------------------------------------------------------------
Name Type VLAN AuthType STA U/D(Kbps) VAP U/D(Kbps) BR2G/5G(Mbps) Reference
SSID
------------------------------------------------------------------------------------------------------------
default service VLAN 1 Open -/- -/- 1/6 0 HUAWEI-WLAN
vap-profile1 service VLAN 1 Open -/- -/- 1/6 0 HUAWEI-WLAN
------------------------------------------------------------------------------------------------------------
Total: 2

Table 9-25 Description of the display vap-profile all command output
Item Description
Name VAP profile name.
Type VAP profile type.

● service
● service-backup auth-server-down
VLAN Service VLAN ID.
AuthType User authentication mode.
STA U/D(Kbps) Uplink/downlink rate limit of a single

STA.
VAP U/D(Kbps) Uplink/downlink rate limit of all STAs

on a specified VAP.
BR2G/5G(Mbps) Rate at which 2.4 GHz or 5 GHz

Beacon frames are sent.
Reference Number of times a VAP profile is

referenced.
SSID SSID profile referenced by a VAP

profile.
# Display information about the VAP profile default.

<HUAWEI> display vap-profile name default
--------------------------------------------------------------------------------
Profile ID :-
Service mode : enable
Type : service
Service VLAN ID :1
Permit VLAN ID :-
Auto off service switch : disable
Auto off starttime :-
Auto off endtime :-
Auto off time-range :-
Auto off track link : disable
STA access mode : disable
STA blacklist profile :
STA whitelist profile :
Band steer : enable
Sta network detect : enable
Learn client IPv4 address : enable
Learn client DHCP strict : disable
Learn client DHCP blacklist : disable
IP source check : disable
ARP anti-attack check : disable
DHCP option82 insert : disable
DHCP option82 remote id format : insert AP-MAC
MAC format : default
DHCP option82 circuit id format : insert AP-MAC
MAC format : default
Anti attack flood
ARP flood switch : enable
ARP flood STA rate threshold :4

ARP flood blacklist : disable

ND flood switch : enable
ND flood STA rate threshold :8
ND flood blacklist : disable
IGMP flood switch : enable
IGMP flood STA rate threshold :4
IGMP flood blacklist : disable
DHCP flood switch : enable
DHCP flood STA rate threshold :4
DHCP flood blacklist : disable
DHCPv6 flood switch : enable
DHCPv6 flood STA rate threshold :4
DHCPv6 flood blacklist : disable
mDNS flood switch : enable
mDNS flood STA rate threshold :4
mDNS flood blacklist : disable
Other broadcast flood switch : enable
Other broadcast flood STA rate threshold : 10
Other broadcast flood blacklist : disable
Other multicast flood switch : enable
Other multicast flood STA rate threshold : 10
Other multicast flood blacklist : disable
SSID profile : default
Security profile : default
Traffic profile : default
Authentication profile :
Hotspot2.0 profile :
User profile :
Keep service : disable
Keep service allow new access : disable
Keep service allow new access no auth : disable
Defence profile :
-------------------------------------------------------
Table 9-26 Description of the display vap-profile name command output

Item Description
Profile ID VAP profile ID.
Service mode Whether the VAP service is enabled.

service-mode disable command.
Type VAP type.

● service: service type
● auth-server-down: authentication-
server-down backup service type
type (VAP profile view) command.
Service VLAN ID Service VLAN ID.

service-vlan (VAP profile view)
command.
Permit VLAN ID VLAN from which packets are allowed

to pass through when the
authorization VLAN verification

Item Description
Auto off service switch Whether the scheduled VAP auto-off

Auto off starttime Start time for scheduled VAP auto-off.

Auto off endtime End time for scheduled VAP auto-off.

Auto off time-range Time range for scheduled VAP auto-

off.
Auto off track link Whether to automatically disable VAPs

upon disconnection of the uplink of a
cloud AP. After this function is enabled
through the SDN controller, the SSID is
automatically disabled when the
uplink of the cloud AP is disconnected.
STA access mode STA access control mode.

sta-access-mode command.
STA blacklist profile STA blacklist profile.

STA whitelist profile STA whitelist profile.

Band steer Whether the band steering function is

enabled.
band-steer disable command.
Sta network detect Whether to forcibly disconnect STAs

without traffic.
sta-network-detect disable
command.

Item Description
Learn client IPv4 address Whether STA IPv4 address learning is

enabled.
learn-client-address disable (VAP
profile view) command.
Learn client DHCP strict Whether strict STA IP address learning

through DHCP is enabled.
learn-client-address dhcp-strict
command.
Learn client DHCP blacklist Whether to add STAs with bogus IP

addresses to a dynamic blacklist.
learn-client-address dhcp-strict
command.
IP source check Whether IPSG is enabled.

To configure this parameter, run the ip
source check user-bind enable
command.
ARP anti-attack check Whether DAI is enabled.

arp anti-attack check user-bind
enable command.
DHCP option82 insert Whether to enable APs to add the

Option 82 field to DHCP packets sent
by STAs.
dhcp option82 insert enable
command.
DHCP option82 remote id format Format of the remote-ID in the Option

82 field added to DHCP packets sent
by STAs.
dhcp option82 format (VAP profile
view) command.
DHCP option82 circuit id format Format of the circuit-ID in the Option

82 field added to DHCP packets sent
by STAs.
view) command.

Item Description
MAC format Format of the AP MAC address in the

Option 82 field.
view) command.
User defined text User-defined format of Option 82's

suboptions in DHCP packets sent by
STAs.
view) command.
Anti attack flood Flood detection and prevention.
ARP flood switch Whether ARP flood detection is

enabled.
● enable
● disable
anti-attack flood disable command.
ARP flood STA rate threshold Rate threshold for ARP flood detection.
anti-attack flood sta-rate-threshold
command.
ARP flood blacklist Whether the ARP flood blacklist

● enable
● disable
anti-attack flood blacklist enable
command.
ND flood switch Whether ND flood detection is

enabled.
● enable
● disable
ND flood STA rate threshold Rate threshold for ND flood detection.

command.

Item Description
ND flood blacklist Whether the ND flood blacklist

● enable
● disable
command.
IGMP flood switch Whether IGMP flood detection is

enabled.
● enable
● disable
IGMP flood STA rate threshold Rate threshold for IGMP flood
detection.
command.
IGMP flood blacklist Whether the IGMP flood blacklist

● enable
● disable
command.
DHCP flood switch Whether DHCP flood detection is

enabled.
● enable
● disable
DHCP flood STA rate threshold Rate threshold for DHCP flood
detection.
command.

Item Description
DHCP flood blacklist Whether the DHCP flood blacklist

command.
● enable
● disable
DHCPv6 flood switch Whether DHCPv6 flood detection is

enabled.
● enable
● disable
DHCPv6 flood STA rate threshold Rate threshold for DHCPv6 flood
detection.
command.
DHCPv6 flood blacklist Whether the DHCPv6 flood blacklist

● enable
● disable
command.
mDNS flood switch Whether mDNS flood detection is

enabled.
● enable
● disable
mDNS flood STA rate threshold Rate threshold for mDNS flood
detection.
command.

Item Description
mDNS flood blacklist Whether the mDNS flood blacklist

● enable
● disable
command.
Other broadcast flood switch Whether the flood detection function

is enabled for broadcast packets other
than ARP, DHCP, DHCPv6, and ND
packets.
● enable
● disable
Other broadcast flood STA rate Rate threshold for flood detection of
threshold broadcast packets other than ARP,
DHCP, DHCPv6, and ND packets.
command.
Other broadcast flood blacklist Whether the flood blacklist function is

enabled for broadcast packets other
than ARP, DHCP, DHCPv6, and ND
packets.
● enable
● disable
command.
Other multicast flood switch Whether the flood detection function

is enabled for multicast packets other
than IGMP and mDNS packets.
● enable
● disable
Other multicast flood STA rate Rate threshold for flood detection of
threshold multicast packets other than IGMP
and mDNS packets.
command.

Item Description
Other multicast flood blacklist Whether the flood blacklist function is

enabled for multicast packets other
than IGMP and mDNS packets.
● enable
● disable
command.
SSID profile Name of the SSID profile referenced by

a VAP profile.
ssid-profile (VAP profile view)
command.
Security profile Name of the security profile

referenced by a VAP profile.
security-profile (VAP profile view)
command.
Traffic profile Name of the traffic profile referenced

by a VAP profile.
traffic-profile (VAP profile view)
command.
Authentication profile Name of the authentication profile

authentication-profile (VAP profile
view) command.
Hotspot2.0 profile Name of the Hotspot2.0 profile

hotspot2-profile (VAP profile view)
command.
User profile Name of the user profile referenced by

a VAP profile.
user-profile (VAP profile view)
command.
Defence profile Name of the attack defense profile

referenced by an AP profile.

Item Description
Bonjour through Whether Bonjour transparent

transmission is enabled.
Navi-AC service vlan check Whether service VLAN check on the

Navi AC is enabled.
navi-ac service-vlan-check enable
command.
9.37 display wlan config-errors

Function
The display wlan config-errors command displays WLAN configuration errors.
Format
display wlan config-errors
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check WLAN configuration errors.
Example
# Display WLAN configuration errors.
<HUAWEI> display wlan config-errors
--------------------------------------------------------------------------------
Profile Error
--------------------------------------------------------------------------------
vap-profile 1 The authentication type specifie
d in the authentication-profile 1 does not match that in the security-profile 1.
--------------------------------------------------------------------------------
Total: 1

Table 9-27 Description of the display wlan config-errors command output

Item Description
Profile Profile name.
Error Cause of a configuration error.
9.38 display station online-track

Function
The display station online-track command displays online time information
about a STA.
Format
display station online-track sta-mac-address
Parameters
sta-mac- Displays online time information about The specified MAC

address the STA with a specified MAC address. address must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view online time information about a STA.
Example
# Display online time information about a specified STA.
<HUAWEI> display station online-track 00e0-fc08-9abf
------------------------------------------------------------------------------
Event Event Start(hh:mm:ss) Event End(hh:mm:ss) Cost(ms)
------------------------------------------------------------------------------
Association 14:20:28 14:20:28 10
Auth 14:20:28 14:20:30 2240
WPA 14:20:30 14:20:31 330
DHCP 14:20:31 14:20:31 10
------------------------------------------------------------------------------
Total cost: 2590ms

Table 9-28 Description of the display station online-track sta-mac-address

command output
Item Description
Event Event type. The values are as follows:

● Association: STA association
● Auth: STA authentication
● WPA: WAPI key negotiation
● DHCP: STAs obtaining IP addresses
through DHCP
Event Start(hh:mm:ss) Time when the event starts.
Event End(hh:mm:ss) Time when the event ends.
Cost(ms) Duration of the event.
Total cost Total duration of all events.
9.39 display vap create-fail-record

Function
The display vap create-fail-record command displays records about VAP creation
failures.
Format
display vap create-fail-record { ap-mac ap-mac | all }
Parameters
ap-mac ap- Displays records about VAP creation The AP's MAC
mac failures on an AP with the specified MAC address must exist.
address.
all Displays records about VAP creation -

failures on all APs.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can run the display vap create-fail-record command to check records about
VAP creation failures.
Example
# Display all records about VAP creation failures.
<HUAWEI> display vap create-fail-record all
-------------------------------------------------------------------------------
AP MAC Rf/WLAN Profile Name
VAP Type Reason
-------------------------------------------------------------------------------
00e0-fc76-e360 0/4 1
Service Preshared key is not configured.
00e0-fc76-e370 1/4 1
00e0-fc76-e360 0/6 1
00e0-fc76-e370 1/6 1
-------------------------------------------------------------------------------
Total records: 4
Table 9-29 Description of the display vap create-fail-record all command output
Item Description
Rf/WLAN Radio ID/WLAN ID.
Profile Name VAP profile name.
VAP Type VAP type, including:

● Service: Service VAP
● Mesh: Mesh VAP
Reason Reason why the VAP fails to be

created. Table 9-30 describes detailed
reasons.
Table 9-30 Reasons for VAP creation failures

Reason for VAP Remarks Suggestion
Creation Failures
The VAPs using WEP - Check the configuration

encryption on an AP of the VAP profile or
cannot use the same key security profile.
ID.


Creation Failures
Invalid WEP key index. - Check whether the

security profile is
configured correctly.
Preshared key is not - Configure a pre-shared

configured. key.
Only one management - Delete the management

VAP profile can be VAP that has been
bound. configured.
The bridge is enabled. WLAN IDs 13 and 14 are Select another WLAN ID
Please undo first. used to set up a WDS or delete the WDS
bridge. Select other configuration.
WLAN IDs or delete the
WDS configuration.
WLAN ID(16) is used. WLAN ID 16 is used to Select another WLAN ID

Please undo first. set up a Mesh link. or delete the Mesh
Select another WLAN ID configuration.
or delete the Mesh
configuration.
Only one temporary - Delete the offline

management vap-profile management VAP that
can be bound to an AP. has been configured.
The current country code - Change the country

does not support 5GHz code, or do not create a
frequency band. 5 GHz VAP.
The current country code - Change the country

does not support 2.4GHz code, or do not create a
frequency band. 2.4 GHz VAP.
The AP type does not - Delete unused VAPs.

support the wlan id.
This AP type does not - Replace the AP with one

support WDS function. supporting WDS.
This AP type does not - Replace the AP with one

support Mesh function. supporting Mesh.
The number of VAPs has - Delete excess VAPs.

reached the upper limit.
The AP does not support - Change the AP, or do not

5GHz frequency band. create a 5 GHz VAP.
The AP does not support - Change the AP, or do not

2.4GHz frequency band. create a 2.4 GHz VAP.


Creation Failures
The AP does not support - Replace the AP with one

802.1X+WEP. in compliance with
802.11ac Wave 2.
The number of VAPs has - Reduce the number of

reached the card specific. VAPs on a card, or
enable the AP to go
online on another card
of the switch and create
VAPs.
The AP in this version - Upgrade the AP to

does not support PPSK V200R010C00 or later.
authentication.
The AP in this version - Upgrade the AP to

does not support Navi- V200R010C00 or later.
AC VAPs.
Unknown reason, error - Contact technical

code is 0x%x. support personnel.
The number of WDS - Delete redundant WDS

VAPs has reached the VAPs.
upper limit.
The number of Mesh - Delete redundant Mesh

VAPs has reached the VAPs.
upper limit.
The frequency band of - Change the country

this radio is inconsistent code, or do not create a
with that supported by VAP for the current
the current country code. radio.
9.40 display vap-service-backup auth-server-down

Function
The display vap-service-backup auth-server-down command displays the status
of an authentication-server-down backup service VAP.
Format
display vap-service-backup auth-server-down [ vap-profile profile-name ]

Parameters
vap-profile profile- Specifies the name of a VAP The VAP profile name
name profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the status of an authentication-server-down
backup service VAP.
Example
# Display the status of an authentication-server-down backup service VAP.
<HUAWEI> display vap-service-backup auth-server-down
----------------------------------------------------------------------------------------------------
Vap-profile VapSwitch Mode Radius-template RadiusState
----------------------------------------------------------------------------------------------------
vap-1 ON Auto Radius-1 Down
vap-2 ON Manual Radius-2 Down
vap-3 OFF Manual Radius-3 Up
----------------------------------------------------------------------------------------------------
Total:3
Table 9-31 Description of the display vap-service-backup auth-server-down

command output
Item Description
Vap-profile Name of a VAP profile.
VapSwitch Status of the authentication-server-

down backup service VAP.
Mode Trigger mode of the authentication-

server-down backup service VAP.
Radius-template Name of a RADIUS server template.
RadiusState Status of the RADIUS server.

9.41 dot11a basic-rate

Function
The dot11a basic-rate command configures a basic rate set of the 802.11a
protocol in a 5G radio profile.
The undo dot11a basic-rate command restores the default basic rate set of the
802.11a protocol in a 5G radio profile.
By default, a basic rate set of the 802.11a protocol in a 5G radio profile includes
rates 6 Mbps, 12 Mbps, and 24 Mbps.
Format
dot11a basic-rate { dot11a-rate-value &<1-8> | all }
undo dot11a basic-rate
Parameters
dot11a-rate-value Specifies an 802.11a Enumerated type:

basic rate set. ● 6: 6 Mbps
● 9: 9 Mbps
● 12: 12 Mbps
● 18: 18 Mbps
● 24: 24 Mbps
● 36: 36 Mbps
● 48: 48 Mbps
● 54: 54 Mbps
all Supports all basic rates. -
Views
5G radio profile view
Default Level
Usage Guidelines
Usage Scenario
The rates specified in the basic rate set must be supported by both the AP and
STA; otherwise, the STA cannot associate with the AP. For example, if you

configure the basic rate set to contain rates 6 Mbps and 9 Mbps and deliver the
configuration to an AP, only STAs supporting the two rates can associate with the
AP. The AP and STA select a rate from the basic rate set or the supported rate set
to transmit packets.
After you run this command to configure a basic rate set in a radio profile, bind
the radio profile to an AP radio interface. If a STA associates with the AP in
802.11a mode, the STA must support all rates specified by the basic rate set;
otherwise, the STA cannot associate with the AP.
Precautions
This configuration applies only to STAs associated with an AP in 802.11a mode but
does not take effect on STAs associated with the AP in other modes.
The basic rate set and supported rate set cannot be empty simultaneously.
Example
# Configure the 802.11a basic rate set to contain rates 6 Mbps and 9 Mbps in the
5G radio profile default.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] dot11a basic-rate 6 9
9.42 dot11a supported-rate

Function
The dot11a supported-rate command configures a supported rate set of the
802.11a protocol in a 5G radio profile.
The undo dot11a supported-rate command restores the default supported rate
set of the 802.11a protocol in a 5G radio profile.
By default, the supported rate set of the 802.11a protocol in a 5G radio profile
includes rates 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps,
and 54 Mbps.
Format
dot11a supported-rate { dot11a-rate-value &<1-8> | all }
undo dot11a supported-rate

Parameters
dot11a-rate-value Specifies an 802.11a Enumerated type:

supported rate set. ● 6: 6 Mbps
● 9: 9 Mbps
● 12: 12 Mbps
● 18: 18 Mbps
● 24: 24 Mbps
● 36: 36 Mbps
● 48: 48 Mbps
● 54: 54 Mbps
all Supports all rates. -
Views
Default Level
Usage Guidelines
Usage Scenario
The supported rate set contains rates supported by the AP except the basic rates.
The AP and STA can transmit data at all rates specified by the supported rate set.
The AP and STA select a rate from the basic rate set or the supported rate set to
transmit packets.
When a STA supports rates specified in the basic rate set, the STA can associate
with the AP regardless of whether the STA supports rates specified in the
supported rate set. In this case, the AP and STA can only select a rate from the
basic rate set to transmit packets. For example, assume that you configure the
basic rate set to contain rates 6 Mbps and 9 Mbps and the supported rate set to
contain rates 48 Mbps and 54 Mbps. After you deliver the configurations to an AP,
the STA supporting 6 Mbps and 9 Mbps can associate with the AP, and select
either of the two rates to transmit packets with the AP. However, if the STA
supports 6 Mbps, 9 Mbps, and 54 Mbps, the STA and AP select any of the three
rates to transmit packets after the STA associates with the AP.
After you run this command to configure a supported rate set in a radio profile,
bind the radio profile to an AP radio interface. If a STA associates with the AP in
802.11a mode, the AP and STA select a rate from the basic rate set or supported
rate set to transmit packets.
Precautions

This configuration applies only to STAs associated with an AP in 802.11a mode but
does not take effect on STAs associated with the AP in other modes.
Example
# Configure the 802.11a supported rate set to contain rates 6 Mbps and 9 Mbps in
the 5G radio profile default.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] dot11a supported-rate 6 9
9.43 dot11bg basic-rate

Function
The dot11bg basic-rate command configures a basic rate set of the 802.11bg
protocol in a 2G radio profile.
The undo dot11bg basic-rate command restores the default basic rate set of the
802.11bg protocol in a 2G radio profile.
By default, the basic rate set of the 802.11bg protocol includes rates 1 Mbps and 2
Mbps in a 2G radio profile.
Format
dot11bg basic-rate { dot11bg-rate-value &<1-12> | all }
undo dot11bg basic-rate

Parameters
dot11bg-rate-value Specifies an 802.11bg Enumerated type:

basic rate set. ● 1: 1 Mbps
● 2: 2 Mbps
● 5: 5.5 Mbps
● 6: 6 Mbps
● 9: 9 Mbps
● 11: 11 Mbps
● 12: 12 Mbps
● 18: 18 Mbps
● 24: 24 Mbps
● 36: 36 Mbps
● 48: 48 Mbps
● 54: 54 Mbps
all Supports all basic rates. -
Views
Default Level
Usage Guidelines
Usage Scenario
The rates specified in the basic rate set must be supported by both the AP and
STA; otherwise, the STA cannot associate with the AP. For example, if you
configure the basic rate set to contain rates 6 Mbps and 9 Mbps and deliver the
configuration to an AP, only STAs supporting the two rates can associate with the
AP. The AP and STA select a rate from the basic rate set or the supported rate set
to transmit packets.
After you run this command to configure a basic rate set in a radio profile, bind
the radio profile to an AP radio interface. If a STA associates with the AP in
802.11bg mode, the STA must support all rates specified by the basic rate set;
otherwise, the STA cannot associate with the AP.
Precautions
This configuration applies only to STAs associated with an AP in 802.11bg mode
but does not take effect on STAs associated with the AP in other modes.

Example
# Configure the 802.11bg basic rate set to contain rates 6 Mbps and 9 Mbps in the
2G radio profile default.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] dot11bg basic-rate 6 9
9.44 dot11bg supported-rate

Function
The dot11bg supported-rate command configures a supported rate set of the
802.11bg protocol in a 2G radio profile.
The undo dot11bg supported-rate command restores the default supported rate
set of the 802.11bg protocol in a 2G radio profile.
By default, the supported rate set of the 802.11bg protocol in a 2G radio profile
includes rates 1 Mbps, 2 Mbps, 5.5 Mbps, 6 Mbps, 9 Mbps, 11 Mbps, 12 Mbps, 18
Mbps, 24 Mbps, 36 Mbps, 48 Mbps, and 54 Mbps.
Format
dot11bg supported-rate { dot11bg-rate-value &<1-12> | all }
undo dot11bg supported-rate
Parameters
dot11bg-rate-value Specifies an 802.11bg Enumerated type:

supported rate set. ● 1: 1 Mbps
● 2: 2 Mbps
● 5: 5.5 Mbps
● 6: 6 Mbps
● 9: 9 Mbps
● 11: 11 Mbps
● 12: 12 Mbps
● 18: 18 Mbps
● 24: 24 Mbps
● 36: 36 Mbps
● 48: 48 Mbps
● 54: 54 Mbps
all Supports all rates. -

Views
Default Level
Usage Guidelines
Usage Scenario
The supported rate set contains rates supported by the AP except the basic rates.
The AP and STA can transmit data at all rates specified by the supported rate set.
The AP and STA select a rate from the basic rate set or the supported rate set to
transmit packets.
When a STA supports rates specified in the basic rate set, the STA can associate
with the AP regardless of whether the STA supports rates specified in the
supported rate set. In this case, the AP and STA can only select a rate from the
basic rate set to transmit packets. For example, assume that you configure the
basic rate set to contain rates 6 Mbps and 9 Mbps and the supported rate set to
contain rates 48 Mbps and 54 Mbps. After you deliver the configurations to an AP,
the STA supporting 6 Mbps and 9 Mbps can associate with the AP, and select
either of the two rates to transmit packets with the AP. However, if the STA
supports 6 Mbps, 9 Mbps, and 54 Mbps, the STA and AP select any of the three
rates to transmit packets after the STA associates with the AP.
After you run this command to configure a supported rate set in a radio profile,
bind the radio profile to an AP radio interface. If a STA associates with the AP in
802.11bg mode, the AP and STA select a rate from the basic rate set or supported
rate set to transmit packets.
Precautions
This configuration applies only to STAs associated with an AP in 802.11bg mode
but does not take effect on STAs associated with the AP in other modes.
Example
# Configure the 802.11bg supported rate set to contain rates 6 Mbps and 9 Mbps
in the 2G radio profile default.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] dot11bg supported-rate 6 9
9.45 dtim-interval
Function
The dtim-interval command sets the delivery traffic indication map (DTIM)
interval in an SSID profile.

The undo dtim-interval command restores the default DTIM interval in an SSID
profile.
By default, the DTIM interval is 1.
Format
dtim-interval dtim-interval
undo dtim-interval
Parameters
dtim-interval Specifies the DTIM interval. The value is an

integer that ranges
from 1 to 255, in
Beacons.
Views
SSID profile view
Default Level
Usage Guidelines
DTIM refers to delivery traffic indication map. After a STA enters the dormancy
mode, the associated AP saves the broadcast and multicast frames for the STA.
When a Beacon frame sent to the STA by the AP contains DTIM, the saved
broadcast and multicast frames will be transmitted to the STA. The DTIM interval
refers to the number of Beacon frames sent before the Beacon frame that contains
the DTIM. To set the interval for sending Beacon frames in an SSID profile, run the
● When the STA is in the dormancy status, the AP saves data transmitted to the
STA and notifies the STA with a bit in broadcast Beacon frames. The STA
receives data according to this bit. You can run this command to set the DTIM
interval in the specified SSID profile.
● The DTIM interval specifies how many Beacon frames are sent before the
Beacon frame that contains the DTIM. A long DTIM interval lengthens the
dormancy time of the STA and saves power, but degrades the transmission
capability of the STA. A short interval helps transmitting data in a timely
manner, but the STA is waken up frequently, causing high power consumption.
Example
# Set the DTIM interval to 5 in the SSID profile ssid1.
[HUAWEI] wlan


[HUAWEI-wlan-ssid-prof-ssid1] dtim-interval 5
9.46 eirp
Function
The eirp command configures the transmit power for a radio.
The undo eirp command restores the transmit power for a radio.
By default, the transmit power of a radio is 127 dBm. The transmit power that
takes effect on APs is related to the AP type, country code, channel, and channel
bandwidth. It is the maximum transmit power supported by the AP radio under
the current configuration.
Format
eirp eirp
undo eirp
Parameters
eirp Specifies the transmit power. The value is an

integer that ranges
from 1 to 127, in
dBm.
Views
Default Level
Usage Guidelines
Usage Scenario
You can configure the transmit power for a radio based on actual network
environments, enabling radios to provide the required signal strength and
improving signal quality on WLANs.
Precautions
The value of antenna-gain in the antenna-gain antenna-gain command must be
consistent with the gain of the antenna connected to an AP.
If automatic transmit power selection is enabled by running the calibrate auto-
txpower-select enable command, the transmit power configured by running the

eirp command does not take effect. The automatically selected transmit power
prevails.
If automatic transmit power selection is disabled by running the calibrate auto-

txpower-select disable command, the transmit power configured by running the
eirp command takes effect depending on the following principles:
The actual transmit power of an AP radio is determined by the configured

transmit power of the radio, requirements of local laws and regulations, as well as
the transmit power range supported by the AP. The actual transmit power of a
radio cannot exceed the maximum transmit power required by local laws and
regulations.
● If the configured transmit power of a radio is in compliance with local laws
and regulations and within the transmit power range supported by the AP, the
configured transmit power is the actual transmit power of the radio.
● If the configured transmit power of a radio is smaller than the minimum
transmit power supported by the AP, the smaller one between the minimum
transmit power supported by the AP and maximum transmit power required
by local laws and regulations is the actual transmit power of the radio.
● If the configured transmit power of a radio is larger than the maximum
transmit power supported by the AP, the smaller one between the maximum
transmit power supported by the AP and maximum transmit power required
by local laws and regulations is the actual transmit power of the radio.
Example
# Set the transmit power to 30 dBm for the radio interface Wlan-Radio 0/0/0.
[HUAWEI-Wlan-Radio0/0/0] eirp 30
Info: The EIRP value takes effect only when automatic transmit power selection i
s disabled, and the value depends on the AP specifications and local laws and re
gulations.
9.47 fragmentation-threshold
Function
The fragmentation-threshold command sets the fragmentation threshold in a
radio profile.
The undo fragmentation-threshold command restores the default fragmentation

threshold in a radio profile.
By default, the packet fragmentation threshold is 2346 bytes.
Format
fragmentation-threshold fragmentation-threshold
undo fragmentation-threshold

Parameters
fragmentatio Specifies the fragment threshold. If the The value is an

n-threshold length of a frame to be sent by the MAC integer that ranges
layer exceeds this threshold, the frame is from 256 to 2346, in
fragmented before being sent. bytes. It must be an
integral multiple of
2.
Views
Default Level
Usage Guidelines
Usage Scenario
A proper packet fragmentation threshold can improve channel bandwidth usage.
Set the fragmentation threshold as required. A large threshold is recommended.
Precautions
When the packet fragmentation threshold is too small, packets are fragmented
into smaller frames. These frames are transmitted at a high extra cost, resulting in
low channel efficiency.
When the packet fragmentation threshold is too large, long packets are usually
not fragmented, which increases the transmission time and error probability. If an
error occurs, packets are retransmitted, resulting in a waste of channel bandwidth.
Example
# Set the fragmentation threshold to 1500 bytes in the 2G radio profile.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] fragmentation-threshold 1500
9.48 frequency
Function
The frequency command sets the working frequency of radio 0 to the 5 GHz
frequency band.
The undo frequency command restores the working frequency of radio 0 to the
2.4 GHz frequency band.

By default, radio 0 works on the 2.4 GHz frequency band, and radio 2 works on
the 5 GHz frequency band.
Format
frequency { 2.4g | 5g }
undo frequency
Parameters
None.
Views
Default Level
Usage Guidelines
Usage Scenario
On APs supporting radio switching between the 2.4 GHz and 5 GHz frequency
bands, some radios support both the two bands. However, such radios can work
on one band at a time. You can configure the working frequency band of the AP
based on the frequency band of STAs.
Precautions
When working in dual-5G mode, some APs support only low-band channels (36 to
64) or high-band channels (100 to 165) on the 5 GHz band.
● AP4030TN: Radio 0, radio 1, and radio 2 on all bands
● AP8130DN: Radio 0 and radio 1 on all bands
● AP8150DN: Radio 0 and radio 1 on all bands
● AP6052DN: Radio 0 on low bands and radio 1 on high bands
● AP4051TN: Radio 1 on high bands and radio 2 on low bands
● AP8050TN-HD: Radio 1 on high bands and radio 2 on low bands
● AP6750-10T: Radio 1 on high bands and radio 2 on low bands
Changing the working frequency of radio 0 and radio 2 will delete the channel,
power, and antenna gain configurations on radio 0 and radio 2. If an AP uses an
external antenna, run the antenna-gain antenna-gain command to reconfigure
the antenna gain to be consistent with the gain of the external antenna connected
to the AP.
If an AP works in dual-5G mode, configure the two 5 GHz radios to work on non-
adjacent channels.

For example, a country supports 40 MHz+ 5G channels 36, 44, 52, and 60. When
deploying 5 GHz radio channels, if one radio is deployed to work on channel 36, it
is recommended that channel 52 or 60 be configured for the other radio. Channel
44 is not recommended in this case.
Example
# Set the working frequency to the 5 GHz frequency band for radio 0 of AP.
[HUAWEI-Wlan-Radio0/0/0] frequency 5g
Warning: Modifying the frequency band will delete the channel, power, and antenn
a gain configurations of the current radio on the AP. Continue?[Y/N]:Y
9.49 guard-interval-mode
Function
The guard-interval-mode command configures the guard interval (GI) mode.
The undo guard-interval-mode command restores the default GI mode.
By default, the GI mode for 802.11n/ac is short, and the GI mode for 802.11ax is
0.8 us.
Format
guard-interval-mode { short | normal }
undo guard-interval-mode
guard-interval-mode dot11ax { dot8 | 1dot6 | 3dot2 }
undo guard-interval-mode dot11ax
Parameters
short Sets the GI mode for 802.11n/ac to short. -
normal Sets the GI mode for 802.11n/ac to -

normal.
dot11ax Specifies the GI mode for 802.11ax. -

{ dot8 |
1dot6 |
3dot2 }
Views

Default Level
Usage Guidelines
During data transmission, the receive and transmit ends do not receive and send
data at all times. When data is transmitted and received or transmitted for
multiple times, multi-path interference exists during radio transmission in the
space. Setting the GI can reduce interference impact on signals.
A smaller GI indicates higher transmission efficiency. A larger GI indicates a higher
anti-interference capability. In indoor environments with little interference, a small
GI is recommended. In outdoor environments with high interference, a large GI is
recommended.
● The GI for 802.11a/b/g is fixed at 800 ns.
● The GI for 802.11n and 802.11ac is 400 ns (short) or 800 ns (normal).
● The GI for 802.11ax can be 0.8 us (800 ns), 1.6 us, or 3.2 us.
Example
# Set the GI mode to short.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] guard-interval-mode short
9.50 he mcs-map (SSID Profile)

Function
The he mcs-map command configures the number of 802.11ax spatial streams
and the Modulation and Coding Scheme (MCS) of the spatial streams in an SSID
profile.
The undo he mcs-map command restores the default number of 802.11ax spatial
streams and the default MCS of the spatial streams in an SSID profile.
By default, the number of spatial streams sent and received in 802.11ax is 8, and
the MCS of the spatial streams is 11 in an SSID profile.
Format
he { tx | rx } mcs-map nss nss-value map mcs-value
undo he { tx | rx } mcs-map
Parameters
tx Indicates the sent data. -

rx Indicates the received -

data.
nss nss-value Specifies the number of The value is an integer

spatial streams. that ranges from 1 to 8.
map mcs-value Specifies the MCS of the The value can be 7, 9, or

spatial streams. 11.
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
The rate of an 802.11ax-capable AP depends on the index value of the MCS. A

larger MCS indicates a higher transmission rate.
● When the value of nss-value is greater than or equal to the number of spatial
streams actually supported by an AP, the MCS value corresponding to all the
spatial streams of the AP is the value of mcs-value.
● When the value of nss-value is smaller than the number of spatial streams
actually supported by an AP, only the MCS value corresponding to the spatial
streams on the AP is the value of mcs-value, and the maximum MCS value
corresponding to other spatial streams does not take effect.
For example, if the value of nss-value is 2, and the AP supports three spatial
streams, only the MCS value corresponding to spatial streams 1 and 2 is the
value of mcs-value, and the MCS value corresponding to spatial stream 3 does
not take effect.
Precautions
This configuration takes effect only when the AP communicates with STAs through
802.11ax.
The following configurations take effect in descending order of priority: Reliability-

first service guarantee mode configured using the service-guarantee reliability-
first command in the SSID profile > Number of spatial streams and MCS value
configured using the he mcs-map command in the SSID profile
Example
# Set the MCS value corresponding to spatial stream 4 to 9 when data is received
in an SSID profile.

[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] he rx mcs-map nss 4 map 9
9.51 ht a-mpdu disable

Function
The ht a-mpdu disable command disables the MAC protocol data unit (MPDU)
aggregation function.
The undo ht a-mpdu disable command enables the MPDU aggregation function.
By default, the MPDU aggregation function is enabled.
Format
ht a-mpdu disable
undo ht a-mpdu disable
Parameters
None
Views
Default Level
Usage Guidelines
To reduce costs, 802.11n uses MPDU aggregation technology that aggregates two
or more frames into one frame for transmission.
The 802.11ac and 802.11ax protocols require that the A-MPDU aggregation mode
be enabled. Therefore, this command takes effect only for 2.4 GHz and 5 GHz
radios on 802.11n APs or 2.4 GHz radios on 802.11ac APs.
Example
# Disable the MPDU aggregation function.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] ht a-mpdu disable

9.52 ht a-mpdu max-length-exponent

Function
The ht a-mpdu max-length-exponent command sets the maximum length of an
aggregated MPDU (A-MPDU) on the 802.11n radio. MPDU stands for MAC
protocol data unit.
The undo ht a-mpdu max-length-exponent command restores the maximum

length of an A-MPDU on the 802.11n radio to the default value.
By default, the index for the maximum length of an A-MPDU is 3. The maximum
length of the A-MPDU is 65535 bytes.
Format
ht a-mpdu max-length-exponent max-length-exponent-index
undo ht a-mpdu max-length-exponent
Parameters
max-length- Indicates the index for the maximum The value is an

exponent- length of the A-MPDU. integer that ranges
index from 0 to 3.
● 0: indicates that
the maximum
length of the A-
MPDU is 8191
bytes.
the maximum
length of the A-
MPDU is 16383
bytes.
the maximum
length of the A-
MPDU is 32767
bytes.
the maximum
length of the A-
MPDU is 65535
bytes.

Views
Default Level
Usage Guidelines
To reduce costs, 802.11n uses frame aggregation technology that aggregates two
or more frames into an A-MPDU to transmit.
Example
# Set the index of the maximum length of the A-MPDU to 2 in the 2G radio
profile default. The index 2 corresponds to a maximum length of 32767 bytes.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] ht a-mpdu max-length-exponent 2
9.53 interface wlan-radio

Function
The interface wlan-radio command displays the radio interface view.
Format
interface wlan-radio wlan-radio-number

Parameters
wlan-radio- Displays the specified radio interface The value can be:
number view. ● 0/0/0
● 0/0/1
● 0/0/2
NOTE
All types of APs
support 2.4 GHz and
5 GHz radio
interfaces.
On APs supporting
radio switching
between the 2.4 GHz
and 5 GHz frequency
bands, some radios
support both the two
bands. However, such
radios can work on
one band at a
time.You can run the
frequency command
to change the
working frequency
band of Radio 0.
Views
System view
Default Level
Usage Guidelines
● You can configure the radio after enter the wlan-radio interface.
● you can create a VAP by binding a VAP profile to WLAN-radio interface.
Example
# Display the view of Wlan-Radio0/0/0.
[HUAWEI] interface wlan-radio0/0/0
[HUAWEI-Wlan-Radio0/0/0]

9.54 legacy-station disable

Function
The legacy-station disable command denies access of non-HT STAs.
The undo legacy-station disable command permits access of non-HT STAs.
By default, access of non-HT STAs is permitted.
Format
legacy-station [ only-dot11b ] disable
undo legacy-station disable
Parameters
only-dot11b Denies access of non-HT STAs that support only 802.11b. -
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
Non-HT STAs support only 802.11a/b/g and provide a data transmission rate far
smaller than the rate of 802.11n/ac STAs. If the non-HT STAs access the wireless
network, the data transmission rate of 802.11n/ac STAs will be reduced. To prevent
the transmission rate of 802.11n/ac STAs from being affected, you can run the
legacy-station [ only-dot11b ] disable command to deny access of all or only
802.11b-compliant non-HT STAs.
After the legacy-station disable command is run, non-HT STAs supporting only
802.11a/b/g cannot access the wireless network.
After the legacy-station only-dot11b disable command is run, non-HT STAs
supporting only 802.11b cannot access the wireless network.
After access of non-HT STAs is denied, services may be interrupted.
Precautions

After the legacy-station disable command is run, the access of non-HT STAs
supporting only 802.11a/b/g fails to be denied if any of the following functions is
configured on the non-HT STAs:
● WMM function in a 2G or 5G radio profile disabled using the wmm disable
command
● Pre-shared key authentication and TKIP encryption for WPA/WPA2 configured
using the security { wpa | wpa2 | wpa-wpa2 } psk { pass-phrase | hex } key-
value tkip command when the security profile is used
● 802.1X authentication and TKIP encryption for WPA/WPA2 configured using
the security { wpa | wpa2 | wpa-wpa2 } dot1x tkip command when the
security profile is used
● WEP authentication configured using the security wep [ share-key |
dynamic ] command when the security profile is used
● 802.11b/g radio type in the 2G radio profile configured using the radio-type
{ dot11b | dot11g } command
● 802.11a radio type in the 5G radio profile configured using radio-type dot11a
command
After the legacy-station only-dot11b disable command is run, the access of non-
HT STAs supporting only 802.11b is denied. If 802.11b radio type in the 2G radio
profile has been configured using the radio-type dot11b command, the access of
non-HT STAs supporting only 802.11b fails to be denied.
Example
# Deny access of non-HT STAs.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] legacy-station disable
Warning: If the wmm disable command, TKIP, WEP, or radio type of 802.11a/b/g is configured, the function
of denying access of legac
y STAs cannot take effect.
9.55 max-sta-number (SSID profile view)

Function
The max-sta-number command sets the maximum number of successfully
associated STAs on a VAP.
The undo max-sta-number command restores the default maximum number of

successfully associated STAs on a VAP.
By default, a VAP allows for a maximum of 64 successfully associated STAs.
Format
max-sta-number max-sta-number
undo max-sta-number

Parameters
max-sta- Specifies the maximum number of The value is an

number successfully associated STAs on a integer that varies
specified VAP. depending on
product models.
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
More access users on a VAP indicate fewer network resources that each user can
occupy. To ensure Internet experience of users, you can run the max-sta-number
command to set a proper maximum number of successfully associated STAs on a
VAP.
After th max-sta-number command is executed, online STAs are forcibly to go
offline. When STAs reassociate with the VAP and the number of associated STAs
on the VAP reaches the maximum, new STAs fail to associate with this VAP.
The max-sta-number max-sta-number command sets the maximum number of
successfully associated STAs on a VAP.
Precautions
The maximum number of successfully associated STAs on a specified VAP refers to
the maximum number of successfully associated STAs on a VAP of a single AP.
Example
# Set the maximum number of successfully associated STAs on a VAP to 50.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] max-sta-number 50

9.56 multicast-rate
Function
The multicast-rate command configures the multicast rate of wireless packets in
a radio profile.
The undo multicast-rate command restores the default multicast rate of wireless
packets in a radio profile.
By default, the multicast rate of wireless packets is not configured in a radio
profile. That is, the multicast rate is set to auto-sensing.
Format
multicast-rate multicast-rate
undo multicast-rate

Parameters
multicast-rate Specifies the multicast Enumerated type.

rate of wireless packets The values are as follows
in a radio profile. in a 2G radio profile:
● 1: 1 Mbps
● 2: 2 Mbps
● 5: 5.5 Mbps
● 6: 6 Mbps
● 9: 9 Mbps
● 11: 11 Mbps
● 12: 12 Mbps
● 18: 18 Mbps
● 24: 24 Mbps
● 36: 36 Mbps
● 48: 48 Mbps
● 54: 54 Mbps
The values are as follows
in a 5G radio profile:
● 6: 6 Mbps
● 9: 9 Mbps
● 12: 12 Mbps
● 18: 18 Mbps
● 24: 24 Mbps
● 36: 36 Mbps
● 48: 48 Mbps
● 54: 54 Mbps
Views
Default Level
Usage Guidelines
After this command is run, the multicast rate of wireless packets is the configured
value and irrelevant to the STA access mode.
If the configured multicast rate is not in the basic rate set and the STA does not
support this rate, the STA cannot receive multicast data.

radio type to dot11b, and the 2G radio profile is applied to an AP, multicast-rate
that takes effect on the 2 GHz radio of the AP is fixed as 1 Mbps, and multicast-
rate configured in the 2G radio profile view does not take effect on the AP.
Example
# Set the multicast rate of wireless packets to 54 Mbps in the 2G radio profile.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] multicast-rate 54
9.57 mu-mimo disable

Function
The mu-mimo disable command disables the MU-MIMO function.
The undo mu-mimo disable command enables the MU-MIMO function.
By default, the MU-MIMO function is enabled.
Format
mu-mimo disable
undo mu-mimo disable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
Carrier sense multiple access with collision avoidance (CSMA-CA) allows an air
interface channel to be occupied only by one STA, and other STAs cannot
communicate with the AP. After MU-MIMO is enabled, STAs supporting MU-
MIMO can form an MU group to simultaneously receive downlink data from the
same air interface channel, improving channel efficiency and overall downlink
throughput.
Precautions

In VR scenarios, disabling MU-MIMO is recommended.

After MU-MIMO is enabled, the beamforming function is automatically enabled
on the radio of the VAP and is no longer subject to the beamforming enable
command. If MU-MIMO is disabled for all VAPs on a radio, the beamforming
function is subject to the beamforming enable command.
Example
# EnableMU-MIMO in the SSID profile test.
[HUAWEI] wlan
[HUAWEI-wlan-view] ssid-profile name test
[HUAWEI-wlan-ssid-prof-test] undo mu-mimo disable
9.58 mu-mimo optimize enable

Function
The mu-mimo optimize enable command enables the MU-MIMO optimization
function.
The undo mu-mimo optimize enable command disables the MU-MIMO
optimization function.
By default, the MU-MIMO optimization function is disabled.
Format
mu-mimo optimize enable
undo mu-mimo optimize enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
In an environment with less interference, you can run the mu-mimo optimize
enable command to enable the MU-MIMO optimization function to meet
requirements for high downlink throughput of the AP. The expected effect may fail
to be achieved in some scenarios.
Prerequisites

The MU-MIMO function has been enabled using the undo mu-mimo disable
command.
Example
# Enable the MU-MIMO optimization function in the SSID profile test.
[HUAWEI] wlan
[HUAWEI-wlan-view] ssid-profile name test
[HUAWEI-wlan-ssid-prof-test] undo mu-mimo disable
[HUAWEI-wlan-ssid-prof-test] mu-mimo optimize enable
9.59 probe-response-retry
Function
The probe-response-retry command sets the number of times Probe Response
The undo probe-response-retry command restores the default number of times
Probe Response packets are retransmitted.
By default, the number of Probe Response retransmissions is 1.
Format
probe-response-retry retry-time
undo probe-response-retry
Parameters
retry-time Specifies the number of The value is an integer that ranges from
times Probe Response 0 to 3.
When the value is set to 0, Probe
Response packets are not retransmitted.
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
In high-density wireless scenarios, too many Probe Response frames occupy a
large number of wireless resources. To reduce wireless resource occupation of the

frames, you can run the probe-response-retry command to set a small number of
or forbid Probe Response packet retransmissions.
Precautions
A small number of Probe Response packet retransmissions may reduce the
channel scan efficiency of some STAs while a large number of Probe Response
packet retransmissions may lower the wireless network performance.
Example
# Set the number of times Probe Response packets are retransmitted to 0.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] probe-response-retry 0
9.60 qbss-load enable

Function
The qbss-load enable command enables the function of notifying STAs of AP load
information.
The undo qbss-load enable command disables the function of notifying STAs of
AP load information.
By default, the function of notifying STAs of AP load information is disabled.
Format
qbss-load enable
undo qbss-load enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
After the qbss-load enable command is executed, STAs are notified of the AP load
status during the STA association. The notified information includes the number of
STAs associated with AP radios and channel utilization. A STA selects the optimal
AP based on the load of each AP to improve air interface performance.

NOTE
This command takes effect only when dynamic load balancing is disabled, because with
dynamic load balancing enabled, APs will definitely notify STAs of their loads.
Modifying this configuration will cause STAs connected to the SSID to go offline and then
online, interrupting STAs' services.
Example
# Enable the function of notifying STAs of AP load information in the SSID profile
ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] qbss-load enable
9.61 radio disable

Function
The radio disable command disables a specified radio.
The undo radio disable command enables a specified radio.
By default, a radio is enabled.
Format
radio disable
undo radio disable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
You can run this command to enable or disable a specified radio.
Example
# Disable the radio interface Wlan-Radio 0/0/0.

[HUAWEI-Wlan-Radio0/0/0] radio disable

Function
The radio-2g-profile command displays the 2G radio profile view.
Format
radio-2g-profile name profile-name
Parameters
name profile- Specifies the name of a 2G radio profile. The device supports
name only one 2G radio
profile named
default.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
A 2G radio profile is used to configure and optimize the 2G radio of an AP, but
does not take effect on the 5G radio.
Example
# Display the 2G radio profile view.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default]


Function
The radio-5g-profile command displays the 5G radio profile view.
Format
radio-5g-profile name profile-name
Parameters
name profile- Specifies the name of a 5G radio profile. The device supports
name only one 5G radio
profile named
default.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
A 5G radio profile is used to configure and optimize the 5G radio of an AP, but
does not take effect on the 2G radio.
Example
# Display the 5G radio profile view.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default]

Function
The radio-type command sets the radio type in a 2G radio profile.
The undo radio-type command restores the default radio type in a 2G radio
profile.

By default, the radio type in a 2G radio profile is dot11ax.
Format
radio-type { dot11b | dot11g | dot11n | dot11ax }
undo radio-type
Parameters
dot11b Specifies the 802.11b radio type. -
dot11g Specifies the 802.11g radio type, which is -

backward compatible.
dot11n Specifies the 802.11n radio type, which is -

dot11ax Specifies the 802.11ax radio type, which -

is backward compatible.
Views
2G radio profile
Default Level
Usage Guidelines
Usage Scenario
Usually, the default radio type is used and does not need to be modified. If the
default radio mode cannot meet requirements or a fault needs to be located,
configure the radio type as required.
Precautions
If a rate in the basic rate set or supported rate set, or the multicast rate is not
supported by the 802.11b protocol, the radio type cannot be set to 80211b.
When the radio type is set to dot11b or dot11g, the function of denying access
from non-HT STAs becomes invalid.
If WDS- or Mesh-enabled radios are configured not to support 802.11n/ac, the air
interface backhaul performance will be degraded.
radio type to dot11b, and the 2G radio profile is applied to an AP, the rates of
management frames and multicast packets that take effect on the 2 GHz radio of
the AP are fixed as 1 Mbps, and the values configured using the beacon-2g-rate

beacon-2g-rate and multicast-rate multicast-rate commands do not take effect

on the AP.
Example
# Set the radio type to dot11g in a 2G radio profile.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] radio-type dot11g

Function
The radio-type command sets the radio type in a 5G radio profile.
The undo radio-type command restores the default radio type in a 5G radio
profile.
By default, the radio type in a 5G radio profile is dot11ax.
Format
radio-type { dot11a | dot11n | dot11ac | dot11ax }
undo radio-type
Parameters
dot11a Specifies the 802.11a radio type. -
dot11n Specifies the 802.11n radio type, which is -

dot11ac Specifies the 802.11ac radio type, which -

dot11ax Specifies the 802.11ax radio type, which -

Views
5G radio profile
Default Level

Usage Guidelines
Usage Scenario
Usually, the default radio type is used and does not need to be modified. If the
default radio mode cannot meet requirements or a fault needs to be located,
configure the radio type as required.
Precautions
When the radio type is set to dot11a, the function of denying access from non-HT
STAs becomes invalid.
If the configured radio type is not supported by an AP, the actual radio type
supported by the AP takes effect. For example, if you set the 802.11ac radio type
for an 802.11n AP, the 802.11n radio type takes effect on the AP.
If WDS- or Mesh-enabled radios are configured not to support 802.11n/ac, the air
interface backhaul performance will be degraded.
Example
# Set the radio type to dot11n in a 5G radio profile.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] radio-type dot11n
9.66 reach-max-sta
Function
The reach-max-sta command controls access of new STAs when the number of
STAs of a VAP reaches the maximum value.
The undo reach-max-sta command cancels the configuration.
By default, when the number of access users reaches the maximum value, you can
determine whether to enable SSID hiding or enable the VAP to replace low-
priority STAs with high-priority STAs.
Format
reach-max-sta { hide-ssid disable | priority-replace }
undo reach-max-sta
Parameters
hide-ssid disable Disable SSID hiding. -

priority-replace Enable the VAP to -

replace low-priority STAs
with high-priority STAs.
Views
SSID profile view
Default Level
Usage Guidelines
When the number of access users reaches the maximum value, you can enable
SSID hiding or enable the VAP to replace low-priority STAs with high-priority STAs.
The two functions cannot be configured simultaneously.
● SSID hiding: New STAs cannot search for the SSID of the VAP and need to
access other VAPs.
● Replacing low-priority STAs with high-priority STAs: A new VIP user will
replace a common user. This ensures access experience of VIP users.
Example
# Disable automatic SSID hiding when the number of users reaches the maximum.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] reach-max-sta hide-ssid disable
9.67 report-sta-assoc enable

Function
The report-sta-assoc enable command enables the function of recording STA
association information or STA login information in the log.
The undo report-sta-assoc enable command disables the function of recording
STA association information or STA login information in the log.
By default, the function of recording STA association information or STA login
information in the log is disabled.
Format
report-sta-assoc enable
undo report-sta-assoc enable

Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
If a STA is associated or goes online after this function is enabled, the device
records the STA association or login information in the log.
NOTE
Enabling this function will generate a large number of logs. If there are a large number of
STAs, log files may overwrite each other due to limited storage space, which affects fault
locating.
Example
# Enable the function of recording STA association information or STA login
information in the log.
[HUAWEI] wlan
[HUAWEI-wlan-view] report-sta-assoc enable
9.68 reset channel switch-record

Function
The reset channel switch-record command deletes channel switching records on
a device.
Format
reset channel switch-record all
Parameters
all Deletes all channel switching records. -
Views
All views

Default Level
3: Management level
Usage Guidelines
Usage Scenario
You can use this command to delete existing channel switching records so that the
system can record new channel switching events.
Precautions
Deleted channel switching records cannot be restored.
Example
# Delete all channel switching records.
<HUAWEI> reset channel switch-record all
9.69 reset station offline-record

Function
The reset station offline-record command deletes STAs' going-offline records.
Format
reset station offline-record { all | sta-mac sta-mac }
Parameters
all Deletes all STAs' going-offline -

records.
sta-mac sta-mac Deletes going-offline records of a The specified STA MAC

specified STA. address must exist.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario

You can use this command to delete existing STAs' going-offline records so that
the system can record new STAs' going-offline events.
Precautions
The deleted STAs' going-offline records cannot be restored.
Example
# Delete all STAs' going-offline records.
<HUAWEI> reset station offline-record all
9.70 reset station online-fail-record

Function
The reset station online-fail-record command deletes records of STAs' failures to
go online.
Format
reset station online-fail-record { all | sta-mac sta-mac-address }
Parameters
all Deletes online failure records of all STAs. -
sta-mac sta- Deletes online failure records of the STA The specified STA's
mac-address with the specified MAC address. MAC address must
exist.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
To re-collect records about STA online failures, run this command to delete
existing records.
Precautions
The deleted records cannot be restored.

Example
# Delete online failure records of all STAs.
<HUAWEI> reset station online-fail-record all
9.71 reset station statistics

Function
The reset station statistics command deletes statistics about online STAs.
Format
reset station statistics [ sta-mac sta-mac-address ]
Parameters
sta-mac sta- Specifies the MAC address of an online The STA's MAC
mac-address STA. address must exist.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Before recollecting statistics about online STAs, run the command to clear the
existing statistics.
Precautions
After the command is run, statistics about online STAs are cleared and cannot be
restored.
Example
# Delete statistics about the STA with MAC address 00e0-fc88-b74f.
<HUAWEI> reset station statistics sta-mac 00e0-fc88-b74f

9.72 rf-ping
Function
The rf-ping command enables an AP to automatically detect wireless link quality.
Format
rf-ping [ -m time | -c number ] [ -p { be | bk | vi | vo }] * mac-address
Parameters
-m time Specifies the interval for The value is an integer that

sending probe data packets. ranges from 100 to 10000, in
milliseconds. The default
value is 100.
-c number Specifies the number of The value is an integer that

probe data packets sent by ranges from 1 to 1000. The
the AP. default value is 10.
-p { be | bk | vi | Specifies the priority of -

vo } probe data packets sent by
the AP, which can be AC_BE,
AC_BK, AC_VI, or AC_VO. If
this parameter is not
specified, the default priority
is AC_BE.
mac-address MAC address of a STA. The value is in H-H-H

format. An H is a
digits.
Views
WLAN view
Default Level
Usage Guidelines
Use Scenario

This command allows an AP to automatically detect wireless link quality based on

link parameters, including the signal strength, data rate on air port, and delay in
packet transmission.
Prerequisites
STAs have been associated with the APs and go online.
Example
# Configure an AP to automatically detect quality of the link between the AP and
STA with the MAC address 00e0-fc12-3456.
[HUAWEI] wlan
[HUAWEI-wlan-view] rf-ping 00e0-fc12-3456
Tx rate=52.0 Mbps, Reply from 00e0-fc12-3456: RSSI=-58 dBm time < 1 ms
1 packets transmitted, 1 received, 0% packet loss, time < 1 ms, RSSI -58 dBm
Table 9-32 Description of the rf-ping command output
Item Description
Tx rate Transmission rate.
RSSI Received signal strength.
time Packet transmission delay.
9.73 rts-cts-mode
Function
The rts-cts-mode command sets the request to send (RTS)-clear to send (CTS)
operation mode in a radio profile.
The undo rts-cts-mode command restores the default RTS-CTS operation mode in
a radio profile.
By default, the RTS-CTS operation mode is rts-cts.
Format
rts-cts-mode { cts-to-self | disable | rts-cts }
undo rts-cts-mode
Parameters
cts-to-self Set the RTS-CTS operation mode to cts-to-self. -
disable Disable RTS-CTS. -

rts-cts Set the RTS-CTS operation mode to rts-cts. -
Views
Default Level
Usage Guidelines
● In rts-cts mode, when an AP needs to send data to a STA, the AP sends an
RTS packet to all STAs associated with it. After receiving the RTS packet, none
of the devices within the AP's coverage area sends data within a specified
period. After the destination STA receives the RTS packet, it sends a CTS
packet. After receiving the CTS packet, none of the devices within the STA's
coverage area sends data within a specified period. Using the rts-cts mode to
avoid conflicts requires two packets (RTS and CTS packets), increasing packet
overhead.
● In cts-to-self mode, when an AP needs to send data to STAs, it sends a CTS
packet with its IP address as the source and destination addresses. Then none
of the devices within the AP's coverage area sends data within a specified
period. In cts-to-self mode, an AP only needs to send a CTS packet to avoid
channel conflicts in most scenarios. However, if there is a device within the
STA's coverage area but not within the AP's coverage area, a channel conflict
may still occur.
Compared to the rts-cts mode, the cts-to-self mode reduces the number of control
packets sent on the network. In some situations, however, a channel conflict may
still occur when hidden nodes do not receive the CTS packet from the AP.
Therefore, the rts-cts mode is more effective in avoiding channel conflicts than the
cts-to-self mode.
To avoid a data transmission failure caused by channel conflicts, run the rts-cts-
mode command to set the RTS-CTS operation mode in a radio profile according to
networking requirements.
Example
# Set the RTS-CTS operation mode to rts-cts in the 2G radio profile.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] rts-cts-mode rts-cts

9.74 rts-cts-threshold
Function
The rts-cts-threshold command sets the RTS-CTS threshold in a radio profile.
The undo rts-cts-threshold command restores the default RTS-CTS threshold in a
radio profile.
The default RTS-CTS alarm threshold is 1400 bytes.
Format
rts-cts-threshold rts-cts-threshold
undo rts-cts-threshold
Parameters
rts-cts- Specifies the RTS-CTS threshold. If the The value is an

threshold length of a frame to be sent by the MAC integer that ranges
Layer exceeds this threshold, an RTS from 64 to 2347, in
frame needs to be sent before this frame. bytes.
Views
Default Level
Usage Guidelines
The IEEE 802.11 MAC protocol provides an RTS-CTS handshake protocol to prevent
conflicts between channels and failure to transmit data. STA A sends an RTS frame
before sending data to STA B. STA A can send data after receiving a CTS frame
from STA B. If multiple STAs send RTS frames to a STA, only the STA that receives
a CTS frame can send data, and other STAs have channel conflicts by default and
must wait and send RTS frames again.
If STAs implement RTS-CTS handshakes before sending data, the channel
bandwidth is consumed by too much RTS frames. You can set an RTS threshold to
specify the length of frames to be sent. When the length of frames to be sent by
the STA is smaller than the RTS threshold, no RTS/CTS handshake is implemented.
Example
# Set the RTS-CTS threshold to 2300 bytes in the 2G radio profile.

[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] rts-cts-threshold 2300
9.75 service-mode disable

Function
The service-mode disable command disables the service mode of a VAP.
The undo service-mode disable command enables the service mode of a VAP.
By default, the service mode of a VAP is enabled.
Format
service-mode disable
undo service-mode disable
Parameters
None
Views
VAP profile view
Default Level
Usage Guidelines
You can run the service-mode disable command to disable the service mode of a
VAP. After the service mode of a VAP is disabled, the VAP is disabled.
● After the service mode of a VAP is enabled, run the auto-off service
command to enable the scheduled VAP auto-off function. In the scheduled
time, the VAP is disabled. To enable the VAP, run the undo auto-off service
command.
● After the service mode of a VAP is disabled, the scheduled VAP auto-off
function does not take effect.
Example
# Disable the service mode of VAP vap1.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] service-mode disable

9.76 service-vlan (VAP profile view)

Function
The service-vlan command configures a service VLAN for a VAP.
The undo service-vlan command restores the default service VLAN of a VAP.
By default, VLAN 1 is the service VLAN of a VAP.
Format
service-vlan vlan-id vlan-id
undo service-vlan
Parameters
vlan-id vlan- Service VLAN of a VAP. The value is an

id integer that ranges
from 1 to 4094.
Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
Each VAP has a service VLAN. Layer 2 data packets delivered from a VAP to an AP
carry the service VLAN ID.
Precautions
Modifying the service VLAN of a VAP will interrupt services of STAs connected to
the VAP. Exercise caution when you run the command.
Example
# Set the service VLAN to VLAN 2 in the VAP profile vap1.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] service-vlan vlan-id 2

9.77 short-preamble disable

Function
The short-preamble disable command configures a radio profile not to support
the short preamble.
The undo short-preamble disable command configures a radio profile to support
the short preamble.
By default, a radio profile supports the short preamble.
Format
short-preamble disable
undo short-preamble disable
Parameters
None
Views
Default Level
Usage Guidelines
The preamble is a section of bits in the header of a data frame. It synchronizes
signals transmitted between the sender and receiver. The preamble is classified
into the long preamble and short preamble. The short preamble ensures better
synchronization performance and therefore is recommended. The long preamble is
usually used for compatibility with earlier network adapters of clients.
Example
# Configure the 2G radio profile default to support the short preamble.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] short-preamble disable

9.78 single-txchain enable

Function
The single-txchain enable command enables the single-antenna transmission
mode.
The undo single-txchain enable command disables the single-antenna

transmission mode.
By default, the single-antenna transmission mode is disabled.
Format
single-txchain enable
undo single-txchain enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
Some non-HT STAs that support 802.11a/b/g cannot receive packets sent by APs
using multiple antennas. As a result, network access failures, frequent STA
roaming, or network instability is caused. After running the single-txchain enable
command to enable the single-antenna transmission mode in an SSID profile,
management packets on the corresponding VAP and data packets sent by the AP
to non-HT STAs on the VAP will be sent in single-antenna transmission mode. For
a radio that is bound to a VAP with the single-antenna transmission mode
enabled, control packets of the radio are sent in single-antenna transmission
mode as long as non-HT STAs is connected to the VAP. When no non-HT STA is
connected to the VAP, the control packets are still sent in multi-antenna
transmission mode.
Precautions
APs supporting MU-MIMO support the single-antenna transmission mode.
After the single-antenna transmission mode is enabled in an SSID profile, the RSSI
of STAs may be affected.

Example
# Enable the single-antenna transmission mode in SSID profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] single-txchain enable
9.79 snmp-agent trap enable feature-name wlan

Function
The snmp-agent trap enable feature-name wlan command enables the trap
function for the WLAN module.
The undo snmp-agent trap enable feature-name wlan command disables the
trap function for the WLAN module.
By default, the trap function is enabled for the WLAN module.
Format
snmp-agent trap enable feature-name wlan [ trap-name trap-name ]
undo snmp-agent trap enable feature-name wlan [ trap-name trap-name ]
Parameters
trap-name trap- Specifies the name of The value is a string and must be
name a trap. set according to the device
configuration.
Views
System view
Default Level
Usage Guidelines
You can specify trap-name to enable the trap function for one or more events of
the WLAN module.
Example
# Enable the hwapfaulttrap trap.
[HUAWEI] snmp-agent trap enable feature-name wlan trap-name hwapfaulttrap

9.80 ssid
Function
The ssid command sets a service set identifier (SSID) for an SSID profile.
The undo ssid command deletes the SSID of an SSID profile.
By default, the SSID HUAWEI-WLAN is configured in an SSID profile.
Format
ssid ssid
undo ssid
Parameters
ssid Specifies the The value is a string of 1 to 32 case-

name of an SSID. sensitive characters. It supports Chinese
characters or Chinese + English characters,
without tab characters.
To start an SSID with a space, you need to
encompass the SSID with double quotation
marks (" "), for example, " hello". The
double quotation marks occupy two
characters. To start an SSID with a double
quotation mark, you need to add a
backslash (\) before the double quotation
mark, for example, \"hello. The backslash
occupies one character.
NOTE
You can only use a command editor of the
UTF-8 encoding format to edit Chinese
characters.
SSIDs containing Chinese characters cannot be
displayed on STAs that do not support the UTF-8
encoding format.
Views
SSID profile view
Default Level

Usage Guidelines
Usage Scenario
An SSID specifies a wireless network. When you search for available wireless
networks on your wireless terminal, SSIDs are displayed to identify the available
wireless networks.
Precautions
When you configure an SSID containing Chinese characters, do not delete

characters by pressing the Delete button if you want to modify the SSID that has
been entered. Otherwise, the SSID will contain garbled characters after the
configuration. In this case, run the ssid command to reconfigure the SSID.
Example
# Set the SSID to wlan-net in the SSID profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] ssid wlan-net
9.81 ssid-hide enable

Function
The ssid-hide enable command enables SSID hiding in Beacon frames in an SSID
profile.
The undo ssid-hide enable command disables SSID hiding in Beacon frames in an
SSID profile.
By default, SSID hiding in Beacon frames is disabled in an SSID profile.
Format
ssid-hide enable
undo ssid-hide enable
Parameters
None
Views
SSID profile view
Default Level

Usage Guidelines
Usage Scenario
A STA listens on the Beacon frames that an AP periodically sends in each channel
to obtain AP information. The STA can obtain SSIDs from Beacon frames that
contain the SSIDs.
The STA can actively send a probe frame with a specified SSID, only the AP with
the same SSID will respond to the STA. If the STA broadcasts a probe frame
without an SSID, only the APs on which SSID hiding in Beacon frames is disabled
will respond to the STA.
● After the ssid-hide enable command is used, an AP periodically sends Beacon
frames that contain empty SSID character strings and does not reply to the
broadcast probe requests sent from STAs. The STAs can send probe frames
with the AP's SSID to discover the SSID.
● After the undo ssid-hide enable command is used, an AP periodically sends
Beacon frames that contain valid SSID character strings and replies to the
broadcast probe requests sent from STAs. The STAs can send probe frames
with the AP's SSID to discover the SSID.
Precautions
If the ssid-hide enable or undo ssid-hide enable command is run in the SSID
profile after STAs are associated with an SSID, service interruptions may occur for
all online STAs.
Example
# Configure SSID hiding in Beacon frames in the SSID profile ssid1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] ssid-hide enable
9.82 ssid-profile (WLAN view)

Function
The ssid-profile command creates an SSID profile and displays the SSID profile
view, or displays the view of an existing SSID profile.
The undo ssid-profile command deletes an SSID profile.
By default, the system provides the SSID profile default.
NOTE
No SSID profile can be created on a cloud AP using this command.
Format
ssid-profile name profile-name
undo ssid-profile { name profile-name | all }

Parameters
name profile- Specifies the name of an SSID profile. The value is a string
name of 1 to 35 case-
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all SSID profiles. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
An SSID profile is mainly used to configure STA association and access parameters
based on SSIDs, including the SSID name, STA association timeout period, non-HT
STA access, and QoS CAR.
Follow-up Procedure
Run the ssid-profile (VAP profile view) command to bind the SSID profile to a
VAP profile and run the vap-profile command to bind the VAP profile to an AP
group, AP, AP radio, or AP group radio so that the SSID profile can take effect.
Precautions
● The SSID profile default cannot be deleted.
● The SSID profile referenced by a VAP profile cannot be deleted. To delete the
SSID profile, unbind it from the VAP profile first.
● If the VAP profile has been applied to an AP group or an AP, modifying the
SSID profile will interrupt services.
Example
# Create an SSID profile ssid1 and enter the SSID profile view.
[HUAWEI] wlan


[HUAWEI-wlan-ssid-prof-ssid1]
9.83 ssid-profile (VAP profile view)

Function
The ssid-profile command binds an SSID profile to a VAP profile.
The undo ssid-profile command unbinds an SSID profile from a VAP profile.
By default, the SSID profile default is bound to a VAP profile.
Format
ssid-profile profile-name
undo ssid-profile
Parameters
profile-name Specifies the name of an SSID profile. The SSID profile

must exist.
Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
After you create an SSID profile using the ssid-profile (WLAN view) command,
bind it to a VAP profile to make the SSID profile take effect.
Precautions
After an SSID profile is bound to a VAP profile, parameter settings in the SSID
profile take effect on all APs using the VAP profile.
Example
# Create the SSID profile ssid1 and bind it to the VAP profile vap1.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] quit


[HUAWEI-wlan-vap-prof-vap1] ssid-profile ssid1
9.84 sta-network-detect disable

Function
The sta-network-detect disable command disables the device from monitoring
user traffic and forcibly disconnecting STAs without traffic.
The undo sta-network-detect disable command enables the device to monitor
user traffic and forcibly disconnect STAs without traffic.
By default, the device is enabled to monitor user traffic and forcibly disconnect
STAs without traffic.
Format
sta-network-detect disable
undo sta-network-detect disable
Parameters
None
Views
VAP profile view
Default Level
Usage Guidelines
After the device is enabled to monitor user traffic and forcibly disconnect STAs
without traffic, a STA meeting all the following conditions is forcibly disconnected
after reassociation and going online:
● The STA does not send DHCP Request messages or receive ARP Reply packets
within 5s after going online.
● The IP address of the STA changes after roaming.
● The STA has only uplink traffic but no downlink traffic.
When you do not require user traffic monitoring or want to prevent STAs from
being forcibly disconnected, run the sta-network-detect disable command.
Example
# Enable the device to monitor user traffic and forcibly disconnect STAs without
traffic.
[HUAWEI] wlan


[HUAWEI-wlan-vap-prof-vap1] undo sta-network-detect disable
9.85 type (VAP profile view)

Function
The type command sets the type for a VAP.
The undo type command restores the default VAP type.
By default, the type of a VAP is service.
Format
type service-backup auth-server-down radius-server template template-name
undo type
Parameters
service-backup Sets the VAP type to -

auth-server-down authentication-server-down
backup service.
radius-server Specifies the name of a The specified name of

template RADIUS server template. the RADIUS server
template-name template must exist.
Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
● If the type of a VAP is set to service-backup auth-server-down, the VAP is
automatically enabled to allow network access of associated STAs when the
authentication server is not accessible. When the authentication server
recovers, this VAP is not automatically disabled. You can manually disable it if
needed. If the authentication server is accessible but rejects user access, this
VAP is not automatically enabled. You can manually enable it if needed. To
enable or disable this VAP, run the vap-service-backup auth-server-down
command.
Precautions

● After the VAP type is configured in the VAP profile view, the VAPs generated
by the VAP profile use the configured VAP type. The new VAP type will
overwrite the old one.
Example
# Create the VAP profile vap1 and set the VAP type to authentication-server-
down backup service.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] type service-backup auth-server-down radius-server template temp1
9.86 u-apsd enable

Function
The u-apsd enable command enables the Unscheduled Automatic Power Save
Delivery (U-APSD) function.
The undo u-apsd enable command disables the U-APSD function.
By default, the U-APSD function is disabled.
Format
u-apsd enable
undo u-apsd enable
Parameters
None
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
U-APSD is a new energy saving mode defined for WMM, which can improve the
energy-saving capability of STAs.
If some STAs on the network do not support the U-APSD function, disable the U-
APSD function.
Precautions
The U-APSD function takes effect only when WMM is enabled.

After the U-APSD function is enabled, services may be interrupted.
Example
# Enable the U-APSD function.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] u-apsd enable
9.87 utmost-power
Function
The utmost-power disable command disables radios from sending packets at the
maximum power.
The utmost-power enable command enables radios to send packets at the
maximum power.
The undo utmost-power command restores the adaptive mode for radios to send
packets.
By default, radios are enabled to send packets in adaptive mode.
Format
utmost-power { disable | enable }
undo utmost-power
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
This command is valid for all country codes. You can run the utmost-power
enable command to enable radios to send packets at the maximum power or run
the utmost-power disable command to enable radios to send packets at the
power specified by the country code. After you run the undo utmost-power
command to restore the adaptive mode, radios send packets at the maximum
power if the country code is CN or at the power specified by other country codes.

Precautions
802.11ac and 802.11ax APs can send packets at the maximum power.
Example
# Disable radios from sending packets at maximum power.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] utmost-power disable
9.88 vap-profile (WLAN view)

Function
The vap-profile command creates a VAP profile and displays the VAP profile view,
or displays the view of an existing VAP profile.
The undo vap-profile command deletes a VAP profile.
By default, the system provides the VAP profile default.
Format
vap-profile name profile-name
undo vap-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a VAP profile. The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all VAP profiles. -
Views
WLAN view

Default Level
Usage Guidelines
Usage Scenario
After a radio profile is applied to a radio, the AP can transmit and receive radio
signals. After a VAP profile is applied to a radio, VAPs are generated and provide
wireless access services for STAs. You can configure parameters in the VAP profile
to enable APs to provide different wireless services.
Follow-up Procedure
Run the vap-profile command to apply the VAP profile in the radio interface view
so that the VAP profile can take effect.
Precautions
● The VAP profile default cannot be deleted.

● The VAP profile referenced by a radio cannot be deleted. To delete the VAP
profile, unbind it from the radio interface view first.
● By default, the SSID profile default, security profile default, and traffic profile
default are bound to a VAP profile.
A maximum of 33 VAP profiles can be created on an AP.
Example
# Create a VAP profile vap1 and enter the VAP profile view.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1]
9.89 vap-profile (radio interface view)

Function
The vap-profile command binds a VAP profile to a radio.
The undo vap-profile command unbinds a VAP profile from a radio.
By default, no VAP profile is bound to a radio.
Format
vap-profile profile-name wlan wlan-id
undo vap-profile profile-name wlan wlan-id

Parameters
profile-name Specifies the name of a VAP profile. The VAP profile

must exist.
wlan wlan-id Specifies the WLAN ID of a VAP. The value is an

integer that ranges
from 1 to 16.
Views
Default Level
Usage Guidelines
Usage Scenario
After you create a VAP profile using the vap-profile (WLAN view) command,
bind it to a radio so that the VAP profile can take effect.
Precautions
After a VAP profile is bound to a radio, parameter settings in the VAP profile apply
to the radio using the profile.
Example
# Create the VAP profile vap1 and bind it to radio Wlan-Radio 0/0/0.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] quit
[HUAWEI-wlan-view] quit
[HUAWEI-Wlan-Radio0/0/0] vap-profile vap1 wlan 1
9.90 vap-service-backup auth-server-down

Function
The vap-service-backup auth-server-down command manually enables or
disables an authentication-server-down backup service VAP.
Format
vap-service-backup auth-server-down { active | inactive } [ vap-profile profile-
name ]

Parameters
active Manually enables an -

authentication-server-down
backup service VAP.
inactive Manually disables an -

authentication-server-down
backup service VAP.
vap-profile profile- Specifies the name of a VAP The VAP profile name
name profile. If this parameter is must exist.
not specified, VAPs of this
type on all referenced radios
are enabled.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
If an authentication-server-down backup service VAP is not automatically disabled
after the authentication server is restored, the administrator can manually disable
this VAP. When the authentication server rejects access of STAs, the administrator
can manually enable an authentication-server-down backup service VAP to enable
the STAs to enter the survival state.
Precautions
After an authentication-server-down backup service VAP is manually disabled,
STAs associated with this VAP go offline.
Example
# Manually enable an authentication-server-down backup service VAP.
[HUAWEI] wlan
[HUAWEI-wlan-view] vap-service-backup auth-server-down active vap-profile vap1

9.91 vht a-mpdu max-length-exponent

Function
The vht a-mpdu max-length-exponent command sets the maximum length of
an aggregated MPDU (A-MPDU) on the 802.11ac radio. MPDU stands for MAC
protocol data unit.
The undo vht a-mpdu max-length-exponent command restores the maximum
length of an A-MPDU on the 802.11ac radio to the default value.
By default, the index for the maximum length of an A-MPDU is 7. The maximum
length of the A-MPDU is 1048575 bytes.
Format
vht a-mpdu max-length-exponent max-length-exponent-index
undo vht a-mpdu max-length-exponent

Parameters
max-length- Indicates the index for the maximum The value is an

exponent- length of the A-MPDU. integer that ranges
index from 0 to 7.
the maximum
length of the A-
MPDU is 8191
bytes.
the maximum
length of the A-
MPDU is 16383
bytes.
the maximum
length of the A-
MPDU is 32767
bytes.
the maximum
length of the A-
MPDU is 65535
bytes.
the maximum
length of the A-
MPDU is 131071
bytes.
the maximum
length of the A-
MPDU is 262143
bytes.
the maximum
length of the A-
MPDU is 524287
bytes.
the maximum
length of the A-
MPDU is
1048575 bytes.

Views
Default Level
Usage Guidelines
To reduce costs, 802.11ac uses frame aggregation technology that aggregates two
or more frames into an A-MPDU to transmit.
Example
# Set the index of the maximum length of the A-MPDU to 2 in the 5G radio
profile default. The index 2 corresponds to a maximum length of 32767 bytes.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] vht a-mpdu max-length-exponent 2
9.92 vht a-msdu enable
Function
The vht a-msdu enable command enables the function of sending 802.11 frames
in A-MSDU mode.
The undo vht a-msdu enable command disables the function of sending 802.11
frames in A-MSDU mode.
By default, the function of sending 802.11 frames in A-MSDU mode is disabled.
Format
vht a-msdu enable
undo vht a-msdu enable
Parameters
None
Views
Default Level

Usage Guidelines
Usage Scenario
Aggregated MAC Service Data Unit (A-MSDU) technology aggregates multiple
MAC Service Data Units (MSDUs) into an MAC Protocol Data Unit (MPDU), which
reduces MAC layer costs of the 802.11 packets and improves packet transmission
efficiency especially when short MSDUs are aggregated.
Precautions
The function of sending 802.11 frames in A-MSDU mode can be enabled on the
802.11ac and 802.11ax radios.
Example
# Enable the function of sending 802.11 frames in A-MSDU mode.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] vht a-msdu enable
9.93 vht a-msdu max-frame-num
Function
The vht a-msdu max-frame-num command sets the maximum number of
subframes that can be aggregated into an A-MSDU at one time.
The undo vht a-msdu max-frame-num command restores the default maximum
number of subframes that can be aggregated into an A-MSDU at one time.
By default, a maximum of two subframes can be aggregated into an A-MSDU at
one time.
Format
vht a-msdu max-frame-num max-frame-number
undo vht a-msdu max-frame-num
Parameters
max-frame- Specifies the maximum number of The value is an

number subframes that can be aggregated into integer ranging
an A-MSDU at one time. from 2 to 15.
Views

Default Level
Usage Guidelines
Usage Scenario
A-MSDU technology aggregates multiple MSDUs into an MPDU, which reduces
MAC layer costs of the 802.11 packets.
● When the wireless network quality is satisfactory, increase the maximum
number of subframes that can be aggregated into an A-MSDU at one time to
improve the network usage efficiency and wireless service performance.
● When the wireless network quality is unsatisfactory or delay-sensitive services,
such as voice services are transmitted, reduce the maximum number of
subframes that can be aggregated into an A-MSDU at one time to minimize
the impact of packet loss on services and reduce packet transmission delay.
Some STAs have restrictions on the number of subframes aggregated into a
received A-MSDU. If the number of subframes sent by the AP exceeds the
threshold, the STAs cannot receive the frames properly.
Prerequisite
The function of sending 802.11 frames in A-MSDU mode has been enabled using
the vht a-msdu enable command.
Precautions
The function of sending 802.11 frames in A-MSDU mode can only be enabled on
the 802.11ac and 802.11ax radios.
Example
# Set the maximum number of subframes that can be aggregated into an A-
MSDU at one time to 3.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] vht a-msdu max-frame-num 3
9.94 vht mcs-map

Function
The vht mcs-map command configures the maximum number of spatial streams
and the maximum MCS value supported by 802.11ac in the 5G radio profile.
The undo vht mcs-map command restores the default configuration.
By default, the maximum number of spatial streams and the maximum MCS value
are not specified in the 5G radio profile.
Format
vht mcs-map nss nss-value max-mcs max-mcs-value

undo vht mcs-map
Parameters
nss nss-value Specifies the maximum The value is an integer

number of available ranging from 1 to 8.
spatial streams.
max-mcs max-mcs- Specified the maximum The value is an integer

value MCS value that can be ranging from 7 to 9.
negotiated for spatial
streams.
Views
Default Level
Usage Guidelines
Usage Scenario
Rates of 802.11ac APs depend on the index value of MCS. A larger MCS value
indicates a higher transmission rate.
● When nss-value is greater than or equal to the maximum number of spatial

streams supported by an AP, the number of available spatial streams is the
same as the maximum number of spatial streams supported by the AP.
● When nss-value is smaller than the maximum number of spatial streams
supported by an AP, the number of available spatial streams is the same as
nss-value and remaining spatial streams do not take effect.
For example, if nss-value is set to 2 and the AP supports a maximum of 3
spatial streams, the maximum number of available spatial streams on the AP
is 2.
Precautions

configured using the vht mcs-map (SSID Profile) command in the SSID profile >
Number of spatial streams and MCS value configured using the vht mcs-map
command in the 5G radio profile.
802.11ac and 802.11ax.

Example
# In the 5G radio profile, set the maximum number of available spatial streams to
2 and the maximum MCS value to 8.
[HUAWEI] wlan
[HUAWEI-wlan-radio-5g-prof-default] vht mcs-map nss 2 max-mcs 8
9.95 vht mcs-map (SSID profile)

Function
The vht mcs-map command configures the maximum number of spatial streams
and the maximum MCS value supported by 802.11ac in the SSID profile.
The undo vht mcs-map command restores the default configuration.
By default, the maximum number of spatial streams and the maximum MCS value
are not specified in the SSID profile.
Format
vht { tx | rx } mcs-map nss nss-value map mcs-value
undo vht { tx | rx } mcs-map
Parameters
tx Indicates the sent data. -
rx Indicates the received -

data.
nss nss-value Specifies the maximum The value is an integer

number of available that ranges from 1 to 8.
spatial streams.
map mcs-value Specified the maximum The value is an integer

MCS value that can be that ranges from 7 to 9.
negotiated for spatial
streams.
Views
SSID profile view
Default Level

Usage Guidelines
Usage Scenario
Rates of 802.11ac APs depend on the index value of MCS. A larger MCS value
indicates a higher transmission rate.
● When nss-value is greater than or equal to the maximum number of spatial

streams supported by an AP, the number of available spatial streams is the
same as the maximum number of spatial streams supported by the AP.
● When nss-value is smaller than the maximum number of spatial streams
supported by an AP, the number of available spatial streams is the same as
nss-value and remaining spatial streams do not take effect.
For example, if nss-value is set to 2 and the AP supports a maximum of 3
spatial streams, the maximum number of available spatial streams on the AP
is 2.
Precautions

configured using the vht mcs-map (SSID Profile) command in the SSID profile >
Number of spatial streams and MCS value configured using the vht mcs-map
command in the 5G radio profile.
802.11ac and 802.11ax.
Example
# In the SSID profile, set the maximum number of available spatial streams to 2
and the maximum MCS value to 8.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] vht rx mcs-map nss 2 map 8
9.96 wlan
Function
The wlan command displays the WLAN view.
Format
wlan
Parameters
None

Views
System view
Default Level
Usage Guidelines
Before performing WLAN configurations, run the wlan command to enter the
WLAN view. All WLAN configuration commands need to be used in the WLAN
view or WLAN sub-view.
Example
# Enter the WLAN view.
[HUAWEI] wlan
[HUAWEI-wlan-view]

Fat AP and Cloud AP
Command Reference 10 AP Management Configuration Commands
10 AP Management Configuration
Commands
About This Chapter
10.1 access-user syslog-restrain enable

10.2 access-user syslog-restrain period
10.3 channel-load-mode indoor
10.4 display ap around-ssid-list
10.5 display ap led
10.6 display ap optical-info
10.7 display ap run-info
10.8 display ap uncontrol all
10.9 high-temperature threshold
10.10 led blink-time
10.11 led off
10.12 low-temperature threshold
10.13 mtu (Cloud AP)
10.14 sta-ipv6-service enable
10.15 usb enable

Fat AP and Cloud AP
10.1 access-user syslog-restrain enable

Function
The access-user syslog-restrain enable command enables system log
suppression.
The undo access-user syslog-restrain enable command disables system log

suppression.
By default, system log suppression is enabled.
Format
access-user syslog-restrain enable
undo access-user syslog-restrain enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
After a STA passes authentication or successfully associates with the AP, the AP
sends system logs to the NMS server. A system log contains MAC addresses of the
STA and AP, AP name and current time, and authentication result.
If a STA fails to associate with an AP or fails authentication, the STA attempts to

go online continuously. The AP processes a large number of duplicate logs in a
short period, which wastes resources and deteriorates system performance. To
prevent this problem, enable system log suppression.
Example
# Enable system log suppression.
[HUAWEI] access-user syslog-restrain enable

Fat AP and Cloud AP
10.2 access-user syslog-restrain period

Function
The access-user syslog-restrain period command sets the period of system log
suppression.
The undo access-user syslog-restrain period command restores the default

period of system log suppression.
By default, the period of system log suppression is 300s.
Format
access-user syslog-restrain period period
undo access-user syslog-restrain period
Parameters
period Specifies the period of system log The value is an

suppression. integer that ranges
from 60 to 604800,
in seconds.
Views
System view
Default Level
Usage Guidelines
When a STA is authenticated or successfully associates with an AP, the AP sends
system logs to the NMS server. A system log contains the MAC addresses of the
STA and AP, AP name, current time, and authentication result.
A STA retries continuously after it fails to associate with an AP or pass the

authentication. When this occurs, the AP sends a large number of logs in a short
time. This results in a high statistics failure rate and degrades the NMS
performance. The system log suppression function reduces impact of such logs on
the NMS. After the period of system log suppression is set, the AP will send only
one system log to the NMS server during the suppression period, reducing the
load on the server.

Fat AP and Cloud AP
Example
# Set the period of system log suppression to 600s.
[HUAWEI] access-user syslog-restrain period 600
10.3 channel-load-mode indoor

Function
The channel-load-mode indoor command sets the AP channel mode to indoor
mode.
The undo channel-load-mode indoor command restores the default channel
mode of APs.
The default channel mode of an AP is outdoor mode.
Format
channel-load-mode indoor
undo channel-load-mode indoor
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
In scenarios where indoor and outdoor boundaries are unclear, such as subway
and train platforms, it is recommended that outdoor APs be deployed. When a
large volume of data is transmitted, outdoor APs in outdoor channel mode have
no sufficient channels to meet data transmission requirements. In this case, you
can run the channel-load-mode indoor command to set the channel mode of the
APs to indoor mode, so that data can be transmitted on more channels.
Precautions
This command will cause an AP running V200R019C10 or earlier to automatically
restart. Therefore, exercise caution when running this command.
This function is available only for the following models: AP8030DN, AP8130DN,
AP8050TN-HD, AP8050DN, AP8150DN, AP8050DN-S, AP8082DN, AP8182DN.
This function is not supported by cloud APs running versions earlier than
V200R019C00SPC803.

Fat AP and Cloud AP
Example
# Set the AP channel mode to indoor mode.
[HUAWEI] wlan
[HUAWEI-wlan] channel-load-mode indoor
Warning: Modifying the channel set mode may delete channels of AP radios in this
domain and restart the AP. Continue?[Y/N]:y
10.4 display ap around-ssid-list

Function
The display ap around-ssid-list command displays SSIDs of neighbors of a
specified AP.
Format
display ap around-ssid-list
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view SSIDs of neighbors of a specified AP.
Example
# Display SSIDs of neighbors of the AP.
<HUAWEI> display ap around-ssid-list
In control AP(2.4G):
----------------------------------------------------
SSID
----------------------------------------------------
admin-edf
----------------------------------------------------
Total: 1
Uncontrol AP(2.4G):
----------------------------------------------------
SSID
----------------------------------------------------
admin-abc
----------------------------------------------------
Total: 1

Fat AP and Cloud AP
Table 10-1 Description of the display ap around-ssid-list command output

Item Description
In control AP SSIDs of authorized neighbors.
Uncontrol AP SSIDs of unauthorized neighbors.
10.5 display ap led

Function
The display ap led command displays the indicator blinking status of an AP.
Format
display ap led
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view the indicator blinking status of an AP.
Example
# Display the indicator blinking status of the AP.
<HUAWEI> display ap led
Led status : blink
Blink left time(s) : 100

Fat AP and Cloud AP
Table 10-2 Description of the display ap led command output
Item Description
Led status Blinking status of the indicator.

● off: The indicator is off.
● blink: The indicator is blinking.
led blink-time command.
● normal: The indicator is running
properly. The running status of the
AP is displayed according to the
indicator description.
Blink left time(s) Remaining time of the indicator

blinking status.
10.6 display ap optical-info

Function
The display ap optical-info command displays optical module information.
Format
display ap optical-info
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run this command to view optical module information, including the
optical module type, transmit optical power, and receive optical power.
Prerequisites
The AP supports optical modules. You can run the display version command to
view the AP model.

Fat AP and Cloud AP
NOTE
Optical module query is supported only by the following models:

● AD9430DN-24, AD9431DN-24X, AP9131DN, AP9132DN, AP8050TN-HD, AP8082DN,
AP8182DN, AP8030DN, AP8050DN, AP8150DN, AP8050DN-S, AP8130DN
Example
# Display optical module information about the AP.
<HUAWEI> display ap optical-info
-------------------------------------------------------------------------------
Common information:
Transceiver Type :
Connector Type :LC
Wavelength(nm) :1310
Transfer Distance(m) :10000(9um)
Copper Link Length(m) :0
Digital Diagnostic Monitoring :NO
Vendor Name :FINISAR CORP.
Vendor Part Number :FTLF1318P2BTL-HW
Vendor IEEE Company ID :36965
Vendor Revision Level :A
Nominal Bit Rate(MBits/sec) :1200
--------------------------------------------------------------------------------
Manu. Serial Number :PMK2K62
Vendor Name :FINISAR CORP.
--------------------------------------------------------------------------------
Diagnostic information:
Temperature(degree C) :49
Temp High Threshold(degree C) :90
Temp Low Threshold(degree C) :-45
Voltage(0.1mV) :33161
Volt High Threshold(0.1mV) :37000
Volt Low Threshold(0.1mV) :29000
Bias Current(mA) :19
Bias High Threshold(mA) :25430
Bias Low Threshold(mA) :1929
RX Power(0.1uw) :0
RX Power High Threshold(0.1uw) :5012
RX Power Low Threshold(0.1uw) :126
TX Power(0.1uw) :2886
TX Power High Threshold(0.1uw) :6310
TX Power Low Threshold(0.1uw) :708
--------------------------------------------------------------------------------
Table 10-3 Description of the display ap optical-info command output
Item Description
Transceiver Type Type of the optical module.
Connector Type Interface type.
Wavelength(nm) Optical wavelength, in nm.
Transfer Distance(m) Transmission distance, in meters.
Copper Link Length(m) Length of the copper cable, in meters.
Digital Diagnostic Monitoring Whether diagnostic information about

the optical module is monitored.

Fat AP and Cloud AP
Item Description
Vendor Name Name of the vendor.
Vendor Part Number Product code provided by the vendor.
Vendor IEEE Company ID Version number provided by the

vendor.
Vendor Revision Level Product serial number provided by the

vendor.
Nominal Bit Rate(MBits/sec) Bit rate of the optical module, in

Mbit/s.
Manu. Serial Number Vendor sequence number of the

optical module.
Manufacturing Date Manufacturing date of the optical

module.
Temperature(degree C) Current temperature of the optical

module, in °C.
Temp High Threshold(degree C) The upper threshold for the

temperature of the optical module, in
°C.
Temp Low Threshold(degree C) The lower threshold for the

temperature of the optical module, in
°C.
Voltage(0.1mV) Current voltage of the optical module,

in 0.1 mV.
Volt High Threshold(0.1mV) The upper threshold for the voltage of

the optical module, in 0.1 mV.
Volt Low Threshold(0.1mV) The lower threshold for the voltage of

the optical module, in 0.1 mV.
Bias Current(mA) Bias current of the optical module, in

mA.
Bias High Threshold(mA) Upper threshold for the bias current of

the optical module, in mA.
Bias Low Threshold(mA) Lower threshold for the bias current of

the optical module, in mA.
RX Power(0.1uw) Receive power of the optical module,

in 0.1 uw.
RX Power High Threshold(0.1uw) Upper receive power threshold for the

optical module, in 0.1 uw.
RX Power Low Threshold(0.1uw) Lower receive power threshold for the

optical module, in 0.1 uw.

Fat AP and Cloud AP
Item Description
TX Power(0.1uw) Transmit power of the optical module,

in 0.1 uw.
TX Power High Threshold(0.1uw) Upper transmit power threshold for

the optical module, in 0.1 uw.
TX Power Low Threshold(0.1uw) Lower transmit power threshold for

the optical module, in 0.1 uw.
10.7 display ap run-info

Function
The display ap run-info command displays the running status of an AP.
Format
display ap run-info
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
This command displays the AP running status. You can run this command to
monitor an AP in real time.
Prerequisites
The AP works properly.
Example
# Display the running status of the AP.
<HUAWEI> display ap run-info
--------------------------------------------------------------------------------
Country code : CN
Software version : V200R007C20
Hardware version : Ver.A
Memory size(MB) : 256

Fat AP and Cloud AP
Flash size(MB) : 64
Run time(ddd:hh:mm:ss) : 4D:0H:7M:31S
--------------------------------------------------------------------------------
Table 10-4 Description of the display ap run-info command output

Item Description
Country code Country code.
Software version Software version of an AP.
Hardware version Hardware version of an AP.
Memory size(MB) Memory size of an AP, in MB.
Flash size(MB) Flash memory size of an AP, in MB.
Run time(ddd:hh:mm:ss) Running duration of an AP.
10.8 display ap uncontrol all

Function
The display ap uncontrol all command displays information about all
uncontrolled APs.
Format
display ap uncontrol all
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view information about all uncontrolled APs. The
command output includes channel of the controlled AP closest to the uncontrolled
AP and the strength of signals that the controlled AP received from the
uncontrolled AP.
Example
# View information about all uncontrolled APs.

Fat AP and Cloud AP
<HUAWEI> display ap uncontrol all

---------------------------------------------------------
BSSID NEAREST-AP CHANNEL RSSI(dBm) SSID
---------------------------------------------------------
00e0-fc76-e360 ap-13 149 -68 test
---------------------------------------------------------
Total: 1
Table 10-5 Description of the display ap uncontrol all command output
Item Description
BSSID BSSID of an uncontrolled AP.
NEAREST-AP Name of the controlled AP that is

closest to the uncontrolled AP.
CHANNEL Channel on which the uncontrolled AP

is detected. If a rogue AP is detected
on multiple channels, the channel with
the strongest signal strength is
displayed.
RSSI(dBm) Strength of signals that the closest

controlled AP receives from the
uncontrolled AP, in dBm.
SSID SSID of an uncontrolled AP.
10.9 high-temperature threshold

Function
The high-temperature threshold command sets an upper temperature alarm
threshold for APs.
The undo high-temperature threshold command restores the default upper

temperature alarm threshold of APs.
Table 10-6 Default upper temperature alarm threshold for APs
AP Model Default Value (°C)
R230D/R240D 40
AP4050DN-HD 79
AP8050DN/AP8050DN-S/AP8150DN/ 83
AP9330DN/AP7030DE
AP9131DN/AP9132DN 84
AP8030DN/AP6050DN/AP6150DN/ 86
AP5050DN-S

Fat AP and Cloud AP
AP4030TN/AP5030DN/AP5130DN/ 87
AP5030DN-S
AP8130DN/AP7050DE/AP7052DN/ 88
AP7152DN/AP6052DN/AP4051TN/
AP6750-10T
AP7050DN-E 89
AP4050DE-M/AP4050DE-M-S/ 90
AirEngine 5760-10
AP8082DN/AP8182DN/AP8050TN-HD 91
AP4050DN-E 92
AP7052DE/R251D/R251D-E 95
AP4050DN/AP1050DN-S/R450D 96
R250D/R250D-E 102
NOTE
This command is not supported by the following models:

● AP3050DE, AP4050DE-B-S, AP2051DN-L-S, AP5510-W-GP, AD9431DN-24X, AD9430DN-24,
AD9430DN-12, AP4030DN-E, AP2030DN, AP2030DN-S, AP2050DN, AP2051DN,
AP2050DN-S, AP2051DN-S, AP2050DN-E, AP2051DN-E, AP430-E, AP3010DN-V2,
AP3030DN, AP4030DN, AP4051DN, AP4151DN, AP4050DN-S, AP4051DN-S, AP4130DN
Format
high-temperature threshold threshold
undo high-temperature threshold
Parameters
threshold Specifies the The value is an integer that ranges from 20 to

upper 110, in °C.
temperature
alarm
threshold.
Views
WLAN view

Fat AP and Cloud AP
Default Level
Usage Guidelines
You can run this command to set the upper temperature alarm threshold for an
AP. When an AP's temperature exceeds the upper threshold, the AP generates an
alarm and a log.
Example
# Set the upper temperature alarm threshold for APs to 65°C.
[HUAWEI] wlan
[HUAWEI-wlan-view] high-temperature threshold 65
10.10 led blink-time

Function
The led blink-time command configures the indicator blinking function for an AP.
The undo led blink-time command cancels the indicator blinking configuration of
an AP.
By default, the indicator blinking function is disabled on an AP.
Format
led blink-time blink-time
undo led blink-time
Parameters
blink-time Specifies the blinking The value is an integer

time of an AP. that ranges from 1 to
86400, in seconds.
Views
User view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
To locate an AP, run this command to configure the AP indicator to blink.
When this function is enabled, the SYS indicator on an AP blinks orange and green
alternatively.
Precautions
The configuration using the led blink-time command takes precedence over that
using the led off command. That is, if AP indicators are configured to blink and to
turn off or turn off during the specified time range, the configuration performed
using the led off command takes effect after the RU indicators blink.
Example
# Configure the AP indicator to blink for 300 seconds.
<HUAWEI> led blink-time 300
10.11 led off

Function
The led off command turns off AP indicators or turns them off during the
specified time range.
The undo led off command restores the default settings.
By default, AP indicators are allowed to turn on.
Format
led off [ time-range time-range-name ]
undo led off
Parameters
time-range time-range- Specifies a time range. The specified time range

name must exist.
Views
System view
Default Level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
Blinking indicators of indoor APs deployed in hospitals and hotels may affect
people's nighttime rest. To prevent this, run the led off command to turn off AP
indicators or turn them off during the specified time range.
If you need to locate AP faults by observing AP indicator status, run the undo led
off command to allow the AP indicators to turn on.
Precautions
The configuration performed using the led blink-time command takes precedence
over that performed using the led off command. That is, if AP indicators are
configured to blink and to turn off or turn off during the specified time range, the
configuration performed using the led off command takes effect after the RU
indicators blink.
Example
# Turn off AP indicators.
10.12 low-temperature threshold

Function
The low-temperature threshold command sets a lower temperature alarm
threshold for APs.
The undo low-temperature threshold command restores the default lower

temperature alarm threshold of APs.
Table 10-7 Default lower temperature alarm threshold for APs
R230D/R240D 0
R250D/R250D-E/R251D/R251D-E -3
AP5030DN-S/AP5130DN/AP5030DN/ -13
AP6150DN/AP4050DN-HD/
AP4050DN-E/AP4030TN/AP4050DN/
AP1050DN-S/AP7052DN/AP7152DN/
AP7052DE/AP6052DN/AP4051TN/
AP6050DN/AP7050DE/AP7050DN-E/
R450D/AP5050DN-S/AP9330DN/
AP6750-10T
AP7030DE -23

Fat AP and Cloud AP
AP8030DN/AP8050DN/AP8150DN/ -43
AP8050DN-S/AP8130DN/AP9131DN/
AP9132DN/AP8082DN/AP8182DN/
AP8050TN-HD
NOTE
This command is not supported by the following models:

● AP3050DE, AP4050DE-B-S, AP2051DN-L-S, AP5510-W-GP, AD9431DN-24X, AD9430DN-24,
AD9430DN-12, AP4030DN-E, AP2030DN, AP2030DN-S, AP2050DN, AP2051DN,
AP2050DN-S, AP2051DN-S, AP2050DN-E, AP2051DN-E, AP430-E, AP3010DN-V2,
AP3030DN, AP4030DN, AP4051DN, AP4151DN, AP4050DN-S, AP4051DN-S, AP4130DN
Format
low-temperature threshold threshold
undo low-temperature threshold
Parameters
threshold Specifies the The value is an integer that ranges from -70
lower to +10, in °C.
temperature
alarm
threshold.
Views
WLAN view
Default Level
Usage Guidelines
You can run this command to set the lower temperature alarm threshold for an
AP. When an AP's temperature exceeds the lower threshold, the AP generates an
alarm and a log.
Example
# Set the lower temperature alarm threshold for APs to 5°C.

Fat AP and Cloud AP
[HUAWEI] wlan
[HUAWEI-wlan-view] low-temperature threshold 5
10.13 mtu (Cloud AP)

Function
The mtu command sets the maximum transmission unit (MTU) of the AP's
CAPWAP tunnel.
The undo mtu command restores the default MTU value of the AP's CAPWAP
tunnel.
By default, the MTU value of the AP's CAPWAP tunnel is 1500 bytes.
Format
mtu mtu
undo mtu
Parameters
mtu Specifies the MTU size The value is an integer

supported by the AP's that ranges from 128 to
CAPWAP tunnel. 1700, in bytes.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
The MTU determines the maximum number of bytes in IP packets each time a
sender can send. The MTU of an IP packet refers to the number of bytes from the
IP header of the packet to the data.
The size of data frames is limited at the network layer. Any time the IP layer
receives an IP packet to be sent, it checks to which local interface the packet
needs to be sent and obtains the MTU configured on the interface. Then the IP
layer compares the MTU with the packet length. If the packet length is longer
than the MTU, the IP layer fragments the packet into smaller packets, which are
shorter than or equal to the MTU. If unfragmentation is configured, some packets

Fat AP and Cloud AP
may be discarded during data transmission at the IP layer. To ensure jumbo

packets are not dropped during transmission, you need to configure forcible
fragmentation. In this case, you can run the mtu command to set the size of a
fragment.
Therefore, a proper MTU is a prerequisite for normal communication on a

network.
● If the configured MTU is excessively small and the packet size is larger,
packets are discarded when being forwarded through the forwarding chip;
packets are broken into a great number of fragments when being forwarded
through the CPU, affecting proper data transmission.
● If the size of packets exceeds the MTU supported by a transit node or a
receiver, the transit node or receiver fragments the packets or even discards
them, aggravating the network transmission load.
The default MTU is recommended. When the size of packets to be transmitted or

the device that receives packets changes, you can change the MTU based on the
actual network.
Precautions
● DHCP packets cannot be fragmented. When the MTU value set using the mtu
command is smaller than the DHCP packet length, DHCP packets cannot be
forwarded. Therefore, set a larger MTU value.
● If the MTU value is smaller than the DHCP packet length, the AP may be
disconnected. In this case, restart the AP.
● The MTU configured on the management VLANIF and CAPWAP takes effect
on both IPv4 and IPv6 packets. However, the IPv6 packets support only a
minimum MTU of 1280 bytes. If the configured MTU is smaller than 1280
bytes, the length of 1280 bytes takes effect.
● When the MTU is too small and the DF bit is set to 1, packets cannot be
fragmented. In this case, use the forced fragmentation function.
Example
# Set the MTU value of the AP's CAPWAP tunnel to 1492 bytes.
[HUAWEI] mtu 1492
10.14 sta-ipv6-service enable
Function
The sta-ipv6-service enable command enables the function of processing STA
IPv6 services.
The undo sta-ipv6-service enable command disables the function of processing

STA IPv6 services.
By default, the function of processing STA IPv6 services is disabled.

Fat AP and Cloud AP
Format
sta-ipv6-service enable
undo sta-ipv6-service enable
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
On an IPv6 network, the AP needs to forward IPv6 packets. After this function is
enabled, the AP can forward received STA IPv6 packets transparently to other
devices rather than discarding these packets.
Example
# Enable the function of processing STA IPv6 services.
[HUAWEI] wlan
[HUAWEI-wlan-view] sta-ipv6-service enable
10.15 usb enable

Function
The usb enable command enables the USB function on an AP.
The undo usb enable command disables the USB function on an AP.
By default, the USB function on an AP is disabled.
NOTE
The USB function can be enabled or disabled only for the following models:
● AP7060DN, AirEngine 5760-10, AP6750-10T, AP2050DN, AP2050DN-E, AP2050DN-S,
AP2051DN, AP2051DN-E, AP2051DN-S, AP4030TN, AP4050DN-E, AP4051DN, AP4151DN,
AP4051DN-S, AP4051TN, AP5050DN-S, AP6050DN, AP6150DN, AP6052DN, AP7050DE,
AP7050DN-E, AP7052DE, AP7052DN, AP7152DN
Format
usb enable

Fat AP and Cloud AP
undo usb enable
Parameters
None
Views
System view
Default Level
Usage Guidelines
Usage Scenario
When users need to save or transfer files using the USB interface provided on
some APs, the USB function can be enabled using the usb enable command.
When the USB function is enabled, the power consumption of the AP will increase,
which may affect other functions. You are advised to run the undo usb enable
command to disable the USB function after using it.
Precautions
Some AP functions may be affected after the USB function is enabled. For details,
see Understanding PoE in the Configuration - AP Management Configuration
Guide-Managing the PoE Function of an AP.
The affected AP functions are restored after the USB function is disabled.
Example
# Enable the USB function.
[HUAWEI] usb enable

Fat AP and Cloud AP 11 WLAN Radio Resource Management
Command Reference Configuration Commands (Common AP)
11 WLAN Radio Resource Management

Configuration Commands (Common AP)
About This Chapter
11.1 amc-policy
11.2 air-scan-profile
11.3 air-scan-profile (radio profile view)
11.4 band-steer balance gap-threshold
11.5 band-steer balance start-threshold
11.6 band-steer client-band-expire
11.7 band-steer deny-threshold
11.8 band-steer disable
11.9 band-steer snr-threshold
11.10 calibrate auto-bandwidth-selection
11.11 calibrate auto-channel-select
11.12 calibrate auto-txpower-select
11.13 calibrate enable { auto | manual | schedule time }
11.14 calibrate environment-deterioration-blacklist
11.15 calibrate error-rate-check
11.16 calibrate error-rate-threshold
11.17 calibrate tpc threshold
11.18 calibrate flexible-radio
11.19 calibrate flexible-radio manual-recognize
11.20 calibrate max-tx-power

11.21 calibrate min-tx-power

11.22 calibrate manual startup
11.23 calibrate noise-floor-threshold
11.24 calibrate policy
11.25 calibrate reference data-analysis disable
11.26 calibrate reference data-analysis
11.27 calibrate sensitivity
11.28 cca-threshold
11.29 dca-channel bandwidth
11.30 dca-channel channel-set
11.31 dfs recover-delay
11.32 dfs smart-selection disable
11.33 display air-scan-profile
11.34 display ap neighbor
11.35 display ap neighbor (Cloud AP)
11.36 display ap traffic statistics wireless
11.37 display channel switch-record
11.38 display channel switch-record (Cloud AP)
11.39 display flexible-radio status
11.40 display flexible-radio switch-record
11.41 display references air-scan-profile
11.42 display references rrm-profile
11.43 display rrm-profile
11.44 display sta-load-balance fairness
11.45 display station neighbor
11.46 display station neighbor all
11.47 display station steer-history
11.48 display station steer-info
11.49 display station steer-statistics
11.50 display station unsteerable
11.51 display wlan calibrate channel-set
11.52 display wlan calibrate global configuration
11.53 display wlan calibrate statistics

11.54 dynamic-edca enable

11.55 dynamic-edca threshold
11.56 high-density amc-optimize enable
11.57 interference adjacent-channel threshold
11.58 interference co-channel threshold
11.59 interference detect-enable
11.60 interference station threshold
11.61 power auto-adjust enable
11.62 reset ap traffic statistics wireless
11.63 reset station steer-history
11.64 reset station steer-statistics
11.65 reset flexible-radio switch-record
11.66 reset wlan calibrate statistics
11.67 rrm-profile (WLAN view)
11.68 rrm-profile (radio profile view)
11.69 scan-channel-set
11.70 scan-disable
11.71 scan-enhancement
11.72 scan-interval
11.73 scan-period
11.74 smart-antenna { enable | disable }
11.75 smart-antenna throughput-triggered-training
11.76 smart-antenna training-interval
11.77 smart-antenna training-mpdu-number
11.78 smart-antenna valid-per-scope
11.79 smart-roam advanced-scan disable
11.80 smart-roam disable
11.81 smart-roam quick-kickoff back-off-time
11.82 smart-roam quick-kickoff-snr check-interval
11.83 smart-roam quick-kickoff-snr p-n criteria
11.84 smart-roam quick-kickoff-threshold
11.85 smart-roam quick-kickoff-threshold { check-snr | check-rate }
11.86 smart-roam quick-kickoff-threshold disable

11.87 smart-roam roam-threshold { check-snr | check-rate }

11.88 smart-roam roam-threshold { snr | rate }
11.89 smart-roam snr-margin
11.90 smart-roam unable-roam-client expire-time
11.91 sta-load-balance dynamic btm-fail-times
11.92 sta-load-balance dynamic deauth-fail-times
11.93 sta-load-balance dynamic deny-threshold
11.94 sta-load-balance dynamic disable
11.95 sta-load-balance dynamic sta-number gap-threshold
11.96 sta-load-balance dynamic sta-number start-threshold
11.97 sta-load-balance dynamic channel-utilization gap-threshold
11.98 sta-load-balance dynamic channel-utilization start-threshold
11.99 sta-load-balance dynamic probe-report interval
11.100 sta-load-balance dynamic rssi-diff-gap
11.101 sta-load-balance dynamic rssi-threshold
11.102 sta-load-balance dynamic steer-restrict auth-threshold
11.103 sta-load-balance dynamic steer-restrict probe-threshold
11.104 sta-load-balance dynamic steer-restrict restrict-time
11.105 sta-load-balance mode
11.106 uac channel-utilization threshold
11.107 uac enable
11.108 uac client-number threshold
11.109 uac client-snr threshold
11.110 uac reach-access-threshold
11.1 amc-policy
Function
The amc-policy command configures an adaptive modulation and coding (AMC)
algorithm for a radio.
The undo amc-policy command restores the default AMC algorithm for a radio.
By default, a radio uses the AMC algorithm auto-balance.
NOTE
This takes effect only on APs in compliance with 802.11n.

Format
amc-policy { auto-balance | high-stability | high-throughput }
undo amc-policy
Parameters
auto-balance Indicates the auto- -

balance algorithm.
high-stability Indicates the high- -

stability algorithm.
high-throughput Indicates the high- -

throughput algorithm.
Views
RRM profile view
Default Level
Usage Guidelines
Radios need to adjust the AMC algorithm according to different scenarios to
deliver the optimal user experience. Three AMC algorithms are available:
● auto-balance: applicable to most wireless scenarios
● high-stability: applicable to scenarios with continuous interference.
● high-throughput: applicable to scenarios with good wireless signals and non-
continuous interference.
Example
# Set the AMC algorithm of a radio to high-stability.
[HUAWEI] wlan
[HUAWEI-wlan-view] rrm-profile name test
[HUAWEI-wlan-rrm-prof-test] amc-policy high-stability
11.2 air-scan-profile
Function
The air-scan-profile command creates an air scan profile and displays the air scan
profile view.

The undo air-scan-profile command deletes an air scan profile.
By default, the system provides the air scan profile default. You can run the
display air-scan-profile command to view configuration of the air scan profile
default.
Format
air-scan-profile name profile-name
undo air-scan-profile { name profile-name | all }
Parameters
name profile- Specifies the name of an air scan profile. The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all air scan profiles. The air scan profile
default can be
modified but cannot
be deleted.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
After an air scan profile is created using the air-scan-profile command and bound
to a radio profile, and scanning functions are enabled, such as radio calibration,
smart roaming, WLAN location, and WIDS, the AP periodically scans surrounding
radio signals and reports the collected information to a server. The information is
used for radio calibration, smart roaming, WLAN location, or WIDS data analysis.
Follow-up Procedure

Run the air-scan-profile (radio profile view) command to bind the air scan
profile to a 2G radio profile or 5G radio profile so that the air scan profile can take
effect.
Example
# Create the air scan profile air-scan01.
[HUAWEI] wlan
[HUAWEI-wlan-view] air-scan-profile name air-scan01
[HUAWEI-wlan-air-scan-prof-air-scan01]
11.3 air-scan-profile (radio profile view)

Function
The air-scan-profile command binds an air scan profile to a radio profile.
The undo air-scan-profile command unbinds an air scan profile from a radio
profile.
By default, the air scan profile default is bound to a radio profile.
Format
air-scan-profile profile-name
undo air-scan-profile
Parameters
profile-name Specifies the name of an air scan profile. The air scan profile
name must already
exist.
Views
Default Level
Usage Guidelines
After you create an air scan profile using the air-scan-profile command, bind it to
a radio profile so that the air scan profile can take effect.

Example
# Bind the air scan profile air-scan01 to the radio profile default.
[HUAWEI] wlan
[HUAWEI-wlan-view] air-scan-profile name air-scan01
[HUAWEI-wlan-air-scan-prof-air-scan01] quit
[HUAWEI-wlan-radio-2g-prof-default] air-scan-profile air-scan01
11.4 band-steer balance gap-threshold

Function
The band-steer balance gap-threshold command sets the percentage threshold
for access STAs on 5 GHz radios during band steering.
The undo band-steer balance gap-threshold command restores the default

percentage threshold for access STAs on 5 GHz radios during band steering.
By default, the percentage threshold for access STAs on 5 GHz radios during band
steering is 90%.
Format
band-steer balance gap-threshold gap-threshold
undo band-steer balance gap-threshold
Parameters
gap-threshold gap- Specifies the percentage The value is an integer

threshold threshold for access STAs that ranges from 1 to
on 5 GHz radios during 100, in percentage.
band steering.
Views
RRM profile view
Default Level
Usage Guidelines
After the band steering function is configured on a multi-radio AP, the AP instructs
STAs that support multiple frequency bands to preferentially connect to a 5 GHz
radio.

When a STA requests to connect to an AP radio, the AP enabled with band

steering will collect statistics about access STAs on each radio.
1. If the number of access STAs on the AP does not exceed the start threshold
configured using the band-steer balance start-threshold command, the STA
can preferentially associate with the 5 GHz radio.
2. If the number of access STAs exceeds the value specified by the start
threshold, the AP calculates the percentage of access STAs on the 5 GHz radio
using the formula: (number of access STAs on the 5 GHz radio/total number
of access STAs) x 100%. If the percentage exceeds the percentage threshold
for access STAs on the 5 GHz radio configured using the band-steer balance
gap-threshold command, the STA randomly selects a frequency band.
NOTE
In most cases, you are advised to use the default values of the start threshold for the number of
access STAs and the percentage threshold for access STAs on 5 GHz radios. If the two thresholds
are set low, the AP may allow STAs to freely select the access frequency band when the number
of STAs on 5 GHz radios is small. As a result, the 5G-prior access mechanism does not take
effect, and the 5 GHz band utilization cannot be maximized.
Example
# Set the percentage threshold for access STAs on 5 GHz radios to 85% in the
RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-view] rrm-profile name default
[HUAWEI-wlan-rrm-prof-default] band-steer balance gap-threshold 85
11.5 band-steer balance start-threshold

Function
The band-steer balance start-threshold command sets the start threshold for
the number of access STAs during band steering.
The undo band-steer balance start-threshold command restores the default
start threshold for the number of access STAs during band steering.
By default, the start threshold for the number of access STAs during band steering
is 100.
Format
band-steer balance start-threshold start-threshold
undo band-steer balance start-threshold

Parameters
start-threshold start- Specifies the start The value is an integer

threshold threshold for the number that ranges from 0 to
of access STAs during 100.
band steering.
Views
RRM profile view
Default Level
Usage Guidelines
After the band steering function is configured on a multi-radio AP, the AP instructs
STAs that support multiple frequency bands to preferentially connect to a 5 GHz
radio.
When a STA requests to connect to an AP radio, the AP enabled with band

steering will collect statistics about access STAs on each radio.
1. If the number of access STAs on the AP does not exceed the start threshold
configured using the band-steer balance start-threshold command, the STA
can preferentially associate with the 5 GHz radio.
2. If the number of access STAs exceeds the value specified by the start
threshold, the AP calculates the percentage of access STAs on the 5 GHz radio
using the formula: (number of access STAs on the 5 GHz radio/total number
of access STAs) x 100%. If the percentage exceeds the percentage threshold
for access STAs on the 5 GHz radio configured using the band-steer balance
gap-threshold command, the STA randomly selects a frequency band.
NOTE
In most cases, you are advised to use the default values of the start threshold for the number of
access STAs and the percentage threshold for access STAs on 5 GHz radios. If the two thresholds
are set low, the AP may allow STAs to freely select the access frequency band when the number
of STAs on 5 GHz radios is small. As a result, the 5G-prior access mechanism does not take
effect, and the 5 GHz band utilization cannot be maximized.
Example
# Set the start threshold for the number of access STAs during band steering to 90
in the RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] band-steer balance start-threshold 90

11.6 band-steer client-band-expire

Function
The band-steer client-band-expire command sets the aging condition for
terminal band information.
The undo band-steer client-band-expire command restores the default aging
condition for terminal band information.
By default, band information of a terminal will be aged out under conditions that
an AP has consecutively received Probe frames of the terminal more than 35 times
from the same frequency band.
Format
band-steer client-band-expire probe-counters
undo band-steer client-band-expire
Parameters
probe- Sets the aging condition of terminal The value is an

counters band information to the number of times integer that ranges
that an AP has consecutively received from 10 to 65535.
Probe frames of a terminal from the
same frequency band.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the band steering function is enabled on an AP, the AP records frequency
band information of terminals so that the terminals can preferentially access the
supported and lightly loaded frequency band.
Users may change terminals' configurations, which causes the supported
frequency band of terminals to change. Therefore, the AP needs to update
frequency band information of terminals in a timely manner. If the AP keeps
receiving Probe frames of a terminal from a specific frequency band, and the
number of receiving times exceeds a certain threshold, the AP updates the

frequency band information of the terminal and considers that the terminal
supports only the frequency band.
For example, the supported frequency bands of a terminal are 2.4 and 5 GHz
frequency bands on an AP. If the AP only receives Probe frames of the terminal
from the 2.4 GHz frequency band, and the number of times that the AP
consecutively receives Probe frames from the 2.4 GHz frequency band exceeds the
specified threshold, the AP considers that users change the terminal configuration
and the terminal supports only the 2.4 GHz frequency band.
Precautions
If you set the aging condition to a large number of times that an AP consecutively
receives Probe frames of a terminal from the same frequency band, the AP detects
terminal band change more slowly. A smaller number indicates quicker response.
Set the aging condition according to the difference in the number of Probe frames
sent from the two frequency bands.
Example
# Configure the supported band information of the terminal named default to
age out when the number of times that an AP consecutively receives Probe frames
from a frequency band exceeds 80.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] band-steer client-band-expire 80
11.7 band-steer deny-threshold

Function
The band-steer deny-threshold command sets the maximum number of times an
AP rejects association requests of a STA for band steering.
The undo band-steer deny-threshold command restores the default maximum
number of times an AP rejects association requests of a STA for band steering.
By default, the maximum number of rejections is 0.
Format
band-steer deny-threshold deny-threshold
undo band-steer deny-threshold
Parameters
deny- Specifies the maximum number of times The value is an

threshold an AP rejects association requests of a integer that ranges
STA. from 0 to 10.

Views
RRM profile view
Default Level
Usage Guidelines
If a STA requests to associate with an AP from the 2.4 GHz frequency band but the
AP steers the STA to the 5 GHz frequency band according to the band steering
algorithm, the AP will reject the association. However, after the number of
rejections exceeds the maximum value specified by the band-steer deny-
threshold command, the AP allows the STA to associate from the 2.4 GHz
frequency band.
Example
# Set the maximum number of rejections to 8.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] band-steer deny-threshold 8
11.8 band-steer disable
Function
The band-steer disable command disables the band steering function.
The undo band-steer disable command enables the band steering function.
By default, the band steering function is enabled.
Format
band-steer disable
undo band-steer disable
Parameters
None
Views
VAP profile view
Default Level

Usage Guidelines
Usage Scenario
Compared with the 2.4 GHz frequency band, the 5 GHz frequency band has less
interference and more available channels, and provides higher access capability.
Most STAs support both 5 GHz and 2.4 GHz frequency bands and usually associate
with the 2.4 GHz radio by default when connecting to the Internet. To connect the
STAs to the 5 GHz radio, you must manually select the 5 GHz radio. The band
steering function frees you from the manual selection.
After you enable band steering for a specific SSID on the device, the AP
preferentially associates the terminals connected to the SSID with the 5 GHz
frequency band. After the 5 GHz frequency band is fully loaded, the AP steers the
terminals to the 2.4 GHz frequency band.
After the band steering function is enabled, it takes a long time for dual-band
terminals to associate or roam. You are advised to disable band steering for delay-
sensitive services.
Precautions
If both radios of an AP use the same VAP profile, the band steering function takes
effect on both radios as long as the function is enabled for an SSID on one radio
of the AP. For example, if band steering is enabled for the SSID test on the 2.4
GHz radio but not on the 5 GHz radio, the AP preferentially steers terminals
associated with the SSID to the 5 GHz radio.
Single-radio devices do not support the band steering function.
Example
# Disable band steering.
[HUAWEI] wlan
[HUAWEI-wlan-view] vap-profile name test
[HUAWEI-wlan-vap-prof-test] band-steer disable
11.9 band-steer snr-threshold

Function
The band-steer snr-threshold command configures a start SNR threshold for
triggering 5G-prior access.
The undo band-steer snr-threshold command restores the default start SNR
threshold for triggering 5G-prior access.
The default start SNR threshold for triggering 5G-prior access is 20 dB.
Format
band-steer snr-threshold snr-threshold

undo band-steer snr-threshold
Parameters
snr-threshold Specifies a start SNR threshold for The value is an

triggering 5G-prior access. integer that ranges
from 10 to 35, in
dB.
Views
RRM profile view
Default Level
Usage Guidelines
You can run the undo band-steer disable command to enable the band steer
function and the band-steer snr-threshold command to configure a start SNR
threshold for triggering 5G-prior access. When the SNR in 5G Probe frames sent by
a multi-band STA to a multi-radio AP exceeds the specified threshold, the STA
connects to the 5G radio preferentially, improving user experience.
Example
# Set the start SNR threshold for triggering 5G-prior access in the RRM profile
default to 20 dB.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] band-steer snr-threshold 20
11.10 calibrate auto-bandwidth-selection

Function
The calibrate auto-bandwidth-selection { enable | disable } command enables
or disables the dynamic bandwidth selection (DBS) function.
The undo calibrate auto-bandwidth-selection command restores the default
DBS state.
By default, the DBS function is disabled. This command takes effect only for 5 GHz
radios.
NOTE

Format
calibrate auto-bandwidth-selection { enable | disable }
undo calibrate auto-bandwidth-selection
Parameters
enable Enables the DBS function. -
disable Disables the DBS function. -
Views
Default Level
Usage Guidelines
Usage Scenario
In non-high-density indoor scenarios, the DBS function can leverage the radio
calibration mechanism to automatically select proper bandwidth, improving the
overall system capacity.
Prerequisites
● Radio calibration has been enabled using the calibrate enable { auto |
manual | schedule time } command.
● Automatic channel selection has been enabled using the calibrate auto-
channel-select enable command.
Precautions
● The DBS function is valid only for 5 GHz radios.
● The DBS function is applicable only to indoor APs with omnidirectional
antennas. The adjustment effect cannot be ensured for indoor APs with
directional antennas and outdoor APs.
● The DBS function takes effect only between cloud APs on the same site but
not between APs on different sites.
● The DBS effect is not obvious for high-density scenarios.
Example
# Enable the DBS function.
[HUAWEI] interface Wlan-Radio 0/0/1
[HUAWEI-Wlan-Radio0/0/1] calibrate auto-bandwidth-selection enable

11.11 calibrate auto-channel-select

Function
The calibrate auto-channel-select { enable | disable } command enables or
disables automatic channel selection.
The undo calibrate auto-channel-select command restores the automatic

channel selection state.
By default, automatic channel selection is enabled.
Format
calibrate auto-channel-select { enable | disable }
undo calibrate auto-channel-select
Parameters
None
Views
Default Level
Usage Guidelines
Two channel selection modes are available:
● Automatic mode (enabling automatic channel selection): An AP automatically
selects a proper channel based on the WLAN radio environment, removing the
need to specify channels manually.
● Fixed mode (disabling automatic channel selection): Channels must be
manually specified.
The automatic mode (automatic channel selection) is recommended because you

do not need to specify a channel for each radio. The fixed mode provides users
with an alternative way when they want to specify channels by themselves or to
avoid frequent channel adjustment (this may cause intermittent service
interruption).
If an AP needs radio calibration, automatic channel selection must be enabled.
NOTE
When automatic channel selection is enabled, the manually configured channels do not take
effect to ensure that the radio works in the optimal channel environment.

Example
# Disable automatic channel selection.
[HUAWEI-Wlan-Radio0/0/0] calibrate auto-channel-select disable
11.12 calibrate auto-txpower-select

Function
The calibrate auto-txpower-select { enable | disable } command enables or
disables automatic transmit power selection.
The undo calibrate auto-txpower-select command restores the automatic
transmit power selection state.
By default, automatic transmit power selection is enabled.
Format
calibrate auto-txpower-select { enable | disable }
undo calibrate auto-txpower-select
Parameters
enable Enables the automatic transmit power -

selection function.
disable Disables the automatic transmit power -

selection function.
Views
Default Level
Usage Guidelines
Two power selection modes are available:
● Automatic mode (enabling automatic transmit power selection): An AP
automatically selects or adjusts the transmit power based on the WLAN radio
environment, removing the need to specify AP power manually.
● Fixed mode (disabling automatic transmit power selection): The transmit
power must be manually specified.

If an AP needs radio calibration, automatic transmit power selection must be

enabled.
NOTE
For common Fat APs, to ensure the signal strength of the default SSID, automatic transmit
power selection is disabled and the transmit power is fixed at 20 dBm when no country code is
configured. You can configure the country code according to local laws and regulations and
then enable automatic transmit power selection.
Example
# Disable automatic transmit power selection.
[HUAWEI-Wlan-Radio0/0/0] calibrate auto-txpower-select disable
11.13 calibrate enable { auto | manual | schedule

time }
Function
The calibrate enable { auto | manual | schedule time } command configures the
radio calibration mode.
The undo calibrate enable command disables radio calibration.
By default, the radio calibration mode is auto, the radio calibration interval is
1440 minutes, and the start time for radio calibration is 03:00:00.
Format
calibrate enable { auto [ interval interval-value [ start-time start-time ] ] |
manual | schedule time time-value }
undo calibrate enable
Parameters
auto Sets the radio -

calibration mode to
auto.
interval Specifies the radio The value is an integer that ranges

interval-value calibration interval in from 30 to 1440, in minutes. If interval
auto mode. is not specified, the radio calibration
interval in auto mode is 1440 minutes.

start-time Specifies the start The value is in the format of hh:mm:ss.

start-time time for radio ● hh: indicates the hour. The value is
calibration in an integer that ranges from 0 to 23.
automatic mode.
● mm: indicates the minute. The value
is an integer that ranges from 0 to
59.
● ss: indicates the second. The value is
an integer that ranges from 0 to 59.
manual Sets the radio -

calibration mode to
manual.
schedule Sets the radio -

calibration mode to
schedule.
time time- Specifies the time for The value is in the format of hh:mm:ss.
value triggering the ● hh: indicates the hour. The value is
scheduled radio an integer that ranges from 0 to 23.
calibration.
● mm: indicates the minute. The value
is an integer that ranges from 0 to
59.
● ss: indicates the second. The value is
an integer that ranges from 0 to 59.
Views
WLAN view
Default Level
Usage Guidelines
There are three radio calibration modes:
● Automatic radio calibration mode: The device periodically implements radio
calibration at certain intervals (the interval is specified by interval and the
default interval is 1440 minutes).
● Manual radio calibration mode: Radio calibration is not automatically
implemented by the device but manually triggered through the calibrate
manual startup command.
● Schedule radio calibration mode: The device triggers radio calibration only at
a specified time point (specified by time).

The three modes cannot be configured simultaneously. You can choose any of the
modes as required.
In any mode, you can run the calibrate manual startup command to trigger the
calibration. In manual radio calibration mode, the device implements radio
calibration only after the calibrate manual startup command is executed.
Example
# Set the radio calibration mode to manual.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate enable manual
# Set the radio calibration mode to schedule and set the time for scheduled radio
calibration to 20:30:00.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate enable schedule time 20:30:00
11.14 calibrate environment-deterioration-blacklist

Function
The calibrate environment-deterioration-blacklist command sets the blacklist
threshold for the number of times the channel environment deteriorates.
The undo calibrate environment-deterioration-blacklist command restores the
default blacklist threshold for the number of times the channel environment
deteriorates.
By default, the blacklist threshold for the number of times the channel
environment deteriorates is 16.
Format
calibrate environment-deterioration-blacklist threshold threshold
undo calibrate environment-deterioration-blacklist
Parameters
threshold Specifies the blacklist threshold The value is an integer

threshold for the number of times the that ranges from 1 to 48.
channel environment
deteriorates.
Views
WLAN view

Default Level
Usage Guidelines
When detecting that the environment of a channel deteriorates, the device
generates an environment deterioration alarm and accumulates the number of
environment deterioration times on the channel. If this number exceeds the
threshold, the channel is added to the calibration blacklist. The device will skip this
channel when performing radio calibration next time. If the number of
environment deterioration times does not exceed the threshold, interference
penalty is performed accordingly.
NOTE
If the number of environment deterioration times on more than half of calibration channels
exceeds the threshold, the device performs interference penalty on all channels in the next
calibration but does not add the channels to the blacklist.
Example
# Set the blacklist threshold for the number of times the channel environment
deteriorates to 20.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate environment-deterioration-blacklist threshold 20
11.15 calibrate error-rate-check

Function
The calibrate error-rate-check command configures the interval and traffic
threshold for checking the retransmission rate.
The undo calibrate error-rate-check command configures the interval and traffic
threshold for checking the retransmission rate.
The default interval and traffic threshold for checking the retransmission rate are
1 minute and 1250 kbit/s, respectively.
Format
calibrate error-rate-check interval interval traffic-threshold traffic-threshold
undo calibrate error-rate-check

Parameters
interval Specifies the interval for checking the The value is an

interval retransmission rate. integer that ranges
from 1 to 10, in
minutes.
traffic- Specifies the traffic threshold for The value is an

threshold checking the retransmission rate. integer that ranges
traffic- from 1 to 20000, in
threshold kbit/s.
Views
RRM profile view
Default Level
Usage Guidelines
You can run the calibrate error-rate-check command to lower the sensitivity for
collecting radio retransmission rate statistics. When the rate of network traffic
reaches the threshold, retransmission rate check is performed at the specified
interval.
Example
# Set the interval and traffic threshold for checking the retransmission rate in the
RRM profile default to 2 minutes and 1000 kbit/s, respectively.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] calibrate error-rate-check interval 2 traffic-threshold 1000
11.16 calibrate error-rate-threshold

Function
The calibrate error-rate-threshold command sets the retransmission rate
threshold.
The undo calibrate error-rate-threshold command restores the default

retransmission rate threshold.
By default, the retransmission rate threshold is 60%.

Format
calibrate error-rate-threshold error-rate-threshold
undo calibrate error-rate-threshold
Parameters
error-rate- Specifies the retransmission rate The value is an

threshold threshold. integer that ranges
from 20 to 100, in
percentage.
Views
RRM profile view
Default Level
Usage Guidelines
The retransmission rate is the ratio of retransmitted packets to all packets sent by
a radio.
The retransmission rate threshold determines whether the radio environment is
normal. When the retransmission rate of a radio reaches the threshold, the system
considers that the radio environment deteriorates. When this occurs, the system
may start radio calibration or take measures to avoid signal interference.
Example
# Set the retransmission rate threshold to 70% in the RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] calibrate error-rate-threshold 70
11.17 calibrate tpc threshold

Function
The calibrate tpc threshold command sets the Transmit Power Control (TPC)
coverage threshold.
The undo calibrate tpc threshold command restores the default TPC coverage
threshold.
The default TPC coverage threshold is –60 dBm.

Format
calibrate tpc threshold threshold
undo calibrate tpc threshold
Parameters
threshold Specifies the TPC coverage threshold. The value is an

threshold integer that ranges
from -85 to -35, in
dBm.
Views
RRM profile view
Default Level
Usage Guidelines
When radio calibration is enabled, the TPC coverage threshold is different
depending on AP deployment scenarios because the AP deployment distance or
height differs. To ensure the optimal coverage effect, adjust the TPC coverage
threshold based on the actual AP deployment situations. A large threshold
indicates a wider transmit power range that can be adjusted through TPC.
Example
# Set the TPC coverage threshold to -70 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] calibrate tpc threshold -70
11.18 calibrate flexible-radio

Function
The calibrate flexible-radio { auto-switch | auto-off } command enables global
dynamic frequency assignment (DFA) and sets the mode for processing redundant
radios.
The undo calibrate flexible-radio command disables global DFA.
By default, global DFA is disabled.

Format
calibrate flexible-radio { auto-switch | auto-off }
undo calibrate flexible-radio
Parameters
auto-switch Automatically switches redundant 2.4 GHz radios to 5 GHz -

radios. If no channel is available on a 5 GHz radio or the
current radio cannot be switched to a 5 GHz radio, the
current radio is switched to the monitor mode.
auto-off Automatically disables redundant 2.4 GHz radios. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
DFA applies to scenarios where indoor APs with omnidirectional antennas are
densely deployed, the 2.4 GHz frequency band has severe co-channel interference,
and most STAs on the network support the 5 GHz frequency band.
DFA automatically switches or disables redundant radios.

● If an AP does not support radio switchover, you are advised to specify auto-
off in the command to reduce co-channel interference and save energy.
● If an AP supports radio switchover, you are advised to specify auto-switch in
the command to increase network capacity. If most redundant 2.4 GHz radios
are automatically switched to the monitor mode, channel resources on the
current network are properly used. In this case, you can specify auto-off in
the command.
Prerequisites
The radio calibration function has been enabled using the calibrate enable { auto
| manual | schedule time } command.
Precautions
DFA reduces the deployment density of 2.4 GHz radios and increases the transmit
power of 2.4 GHz radios. To ensure the 5 GHz access ratio of STAs, keep the band
steering function enabled.

When DFA is disabled, redundant radios are switched back to 2.4 GHz radios and
the system automatically triggers radio calibration, which may degrade wireless
service experience.
Example
# Enable global DFA and set the mode for processing redundant radios to
automatic switchover.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate enable auto
[HUAWEI-wlan-view] calibrate flexible-radio auto-switch
11.19 calibrate flexible-radio manual-recognize

Function
The calibrate flexible-radio manual-recognize command triggers identification
of redundant radios.
Format
calibrate flexible-radio manual-recognize
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
The network administrator can run this command to manually trigger
identification of redundant radios, and can enable DFA if discovering that
redundant radios exist on the network.
Prerequisites
Precautions
This command only triggers identification of redundant radios but does not switch
or disable identified redundant radios.

Radio scanning is required for identifying redundant radios, which may degrade
wireless service experience.
Follow-up Procedure
After redundant radios are identified, you can run the display flexible-radio
status command to check the status of the redundant radios.
Example
# Trigger identification of redundant radios.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate flexible-radio manual-recognize
11.20 calibrate max-tx-power

Function
The calibrate max-tx-power command sets the maximum transmit power that
can be adjusted through radio calibration.
The undo calibrate max-tx-power command restores the default maximum
transmit power that can be adjusted through radio calibration.
By default, the maximum transmit power that can be adjusted through radio
calibration is 127 dBm.
Format
calibrate max-tx-power { 2g-power | radio-5g 5g-power }
undo calibrate max-tx-power [ radio-5g ]
Parameters
2g-power Specifies the maximum transmit power The value is an

that can be adjusted through 2.4 GHz integer that ranges
radio calibration. from 1 to 127, in
dBm.
radio-5g 5g- Specifies the maximum transmit power The value is an

power that can be adjusted through 5 GHz radio integer that ranges
calibration. from 1 to 127, in
dBm.
Views
RRM profile view

Default Level
Usage Guidelines
Usage Scenario
After radio calibration is enabled, an AP uses the Transmit Power Control (TPC)
algorithm to calculate the transmit power to be adjusted based on detected
neighbor information. If the transmit power to be adjusted calculated using the
TPC algorithm is to large, signal interference between APs may occur. You can run
the calibrate max-tx-power command to set the maximum transmit power that
can be adjusted through TPC.
Precautions
The maximum radio calibration power must be larger or equal to the minimum
radio calibration power. You can run the calibrate min-tx-power command to set
the minimum calibration power.
You can adjust the maximum and minimum calibration powers using the calibrate
max-tx-power and calibrate min-tx-power commands. The valid power after
radio calibration is between the two values.
Example
# Set the maximum transmit power that can be adjusted through 2.4 GHz radio
calibration to 30 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] calibrate max-tx-power 30
11.21 calibrate min-tx-power

Function
The calibrate min-tx-power command sets the minimum transmit power that
can be adjusted through radio calibration.
The undo calibrate min-tx-power command restores the default minimum

transmit power that can be adjusted through radio calibration.
By default, the minimum transmit power that can be adjusted through 2.4 GHz
radio calibration is 9 dBm, and that through 5 GHz radio calibration is 12 dBm.
Format
calibrate min-tx-power { 2g-power | radio-5g 5g-power }
undo calibrate min-tx-power [ radio-5g ]

Parameters
2g-power Specifies the minimum transmit power The value is an

that can be adjusted through 2.4 GHz integer that ranges
radio calibration. from 1 to 127, in
dBm.
radio-5g 5g- Specifies the minimum transmit power The value is an

power that can be adjusted through 5 GHz radio integer that ranges
calibration. from 1 to 127, in
dBm.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After radio calibration is enabled, an AP uses the Transmit Power Control (TPC)
algorithm to calculate the transmit power to be adjusted based on detected
neighbor information. If the transmit power calculated using the TPC algorithm is
too small, radio coverage requirements may not be met. You can run the calibrate
min-tx-power command to set the minimum transmit power that can be adjusted
through TPC.
Precautions
The maximum radio calibration power must be larger or equal to the minimum
radio calibration power. You can run the calibrate max-tx-power command to set
the maximum calibration power.
You can adjust the maximum and minimum calibration powers using the calibrate
max-tx-power and calibrate min-tx-power commands. The valid power after
radio calibration is between the two values.
Example
# Set the minimum transmit power that can be adjusted through 2.4 GHz radio
calibration to 10 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] calibrate min-tx-power 10

11.22 calibrate manual startup
Function
The calibrate manual startup command manually triggers radio calibration.
Format
calibrate manual startup
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
To trigger radio calibration immediately, run the calibrate enable { auto | manual
| schedule time } command to enable radio calibration and then run the calibrate
manual startup command to manually trigger radio calibration.
Example
# Manually trigger radio calibration.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate manual startup
Warning: The operation may cause business interruption, Continue? [Y/N]:y
11.23 calibrate noise-floor-threshold

Function
The calibrate noise-floor-threshold command specifies the noise floor threshold
for triggering radio calibration.
The undo calibrate noise-floor-threshold command restores the default noise

floor threshold for triggering radio calibration.
The default noise floor threshold for triggering radio calibration is -75 dBm.

Format
calibrate noise-floor-threshold threshold
undo calibrate noise-floor-threshold
Parameters
noise-floor- Specifies the noise floor threshold for The value is an

threshold triggering radio calibration. integer that ranges
threshold from -95 to 0, in
dBm.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
The noise floor indicates the noise strength in the current environment. A high
noise floor value will make noise drown out valid data, affecting user services.
The noise floor threshold for triggering radio calibration can be used to determine
whether the environment noise is normal. When detecting a noise floor value
higher than the threshold, an AP reports a high noise floor message, and then
performs radio calibration to avoid channels with high noise floor values to
improve user experience.
Example
# Set the noise floor threshold for triggering radio calibration to -60 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] calibrate noise-floor-threshold -60
11.24 calibrate policy
Function
The calibrate policy command creates a radio calibration policy.
The undo calibrate policy command deletes a radio calibration policy.

By default, no radio calibration policy is created.
Format
calibrate policy { rogue-ap | load | non-wifi | noise-floor }
undo calibrate policy { rogue-ap | load | non-wifi | noise-floor }
Parameters
rogue-ap Specifies the rogue AP mode. -
load Specifies the load mode. -
non-wifi Specifies the non-Wi-Fi mode. -

noise-floor Specifies the noise floor mode. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
Radio calibration policies are classified into:
● Rogue AP policy: When rogue APs exist on a network, set the radio calibration
policy to rogue-ap. The device then immediately takes actions to avoid
interference. This policy may lead to frequency channel switchovers. You are
advised to use this policy under the instruction of technical support personnel.
● Load policy: When this radio calibration policy is used, the AP traffic load
difference is considered for channel allocation. The device allocates channels
with less interference to APs with heavier loads. The AP load changes with
times. You are advised to use this policy under the instruction of technical
support personnel.
● Non-Wi-Fi policy: When non-Wi-Fi interference occurs on a network, the
device immediately takes actions to avoid interference.
● Noise floor policy: When the noise floor of APs is high due to special external
interference, service experience may deteriorate. With this radio calibration
policy, the device takes actions to avoid interference. When detecting that the
noise floor of the current channel exceeds the threshold for three consecutive
times, the AP switches its channel and does not switch back in 30 minutes.

NOTE
The noise floor, rogue AP and non-Wi-Fi policies take effect only in automatic radio
calibration mode.
Radio calibration triggers channel changes. Some STAs may go offline and then go
online again. If these STAs exist on the network, to ensure service experience, you
are advised to perform radio calibration when no service is running and disable
policies that frequently trigger radio calibration. You can run the display channel
switch-record calibrate command to check policies that frequently trigger radio
calibration.
The three radio calibration policies can be used together. You can run the
command multiple times to configure different radio calibration policies according
to service requirements.
Prerequisites
The noise floor threshold for triggering radio calibration has been specified using
the calibrate noise-floor-threshold threshold command.
Example
# Set the radio calibration policy to rogue AP.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate policy rogue-ap
11.25 calibrate reference data-analysis disable

Function
The calibrate reference data-analysis disable disables the Big Data calibration
function.
The undo calibrate reference data-analysis command restores the default

configuration.
By default, Big Data calibration is enabled.
NOTE
Format
calibrate reference data-analysis disable
undo calibrate reference data-analysis
Parameters
None

Views
WLAN view
Default Level
Usage Guidelines
After Big Data calibration is enabled, the device performs calculation based on the
variations in interference and load according to Big Data information obtained
from the CampusInsight. This function helps better avoid interference and improve
network capacity. If the Big Data calibration function is disabled, radio calibration
is performed based only on the locally collected data.
The Big Data calibration function takes effect only when radio calibration is
enabled.
Example
# Disable the Big Data calibration function.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate reference data-analysis disable
11.26 calibrate reference data-analysis

Function
The calibrate reference data-analysis disable command disables Big Data
calibration on radio interfaces of APs.
The calibrate reference data-analysis enable command enables Big Data
calibration on radio interfaces of APs.
The undo calibrate reference data-analysis command restores the default Big
Data calibration configuration on radio interfaces of APs.
By default, Big Data calibration is enabled on radio interfaces of APs.
NOTE
Format
calibrate reference data-analysis { disable | enable }
undo calibrate reference data-analysis
Parameters
None

Views
Default Level
Usage Guidelines
After Big Data calibration is enabled, the device performs calculation based on the
variations in interference and load according to Big Data information obtained
from the CampusInsight. This function helps better avoid interference and improve
network capacity. If the Big Data calibration function is disabled, radio calibration
is performed based only on the locally collected data.
NOTE
The Big Data calibration function takes effect on an AP only when the following
configurations are performed:
● Configure the function of reporting KPIs to the Big Data analyzer.
● Enable radio calibration.
● Run the undo calibrate reference data-analysis command in the WLAN view to enable
the global Big Data calibration function.
● Enable the Big Data calibration function on the AP.
Example
# Enable Big Data calibration on radio 0.
[HUAWEI-Wlan-Radio0/0/0] calibrate reference data-analysis enable
11.27 calibrate sensitivity
Function
The calibrate sensitivity command configures the radio calibration sensitivity for
a device.
The undo calibrate sensitivity command restores the default radio calibration
sensitivity.
By default, the radio calibration sensitivity of the device is set to medium.
Format
calibrate sensitivity { high | medium | low | insensitivity | custom-threshold
custom-threshold }
undo calibrate sensitivity

Parameters
high Indicates high radio calibration -

sensitivity.
medium Indicates medium radio -

calibration sensitivity.
low Indicates low radio calibration -

sensitivity.
insensitivity Indicates radio calibration -

insensitivity.
custom-threshold Specifies the radio calibration The value ranges from 0

custom-threshold sensitivity based on the to 95. A larger value
customized threshold. indicates a lower
sensitivity.
Views
WLAN view
Default Level
Usage Guidelines
Radio calibration sensitivity is valid only in automatic radio calibration mode
(enabled using the calibrate enable auto command). The default value is
recommended.
Radio calibration sensitivity of a device is described as follows:
● high: Radio calibration is performed when the total interference can be

mitigated.
● medium: Radio calibration is performed when the total interference can be
mitigated to a large extent.
● low: Radio calibration performed when the total interference can be
significantly mitigated.
● insensitivity: It indicates the lowest sensitivity, and radio calibration is hardly
performed. This mode is applicable only to scenarios without external
interference to prevent calibration changes caused by neighbor scanning.
● custom-threshold: Radio calibration is performed when the interference
reaches the customized sensitivity threshold.
– 0: The sensitivity is high.

– 1: The sensitivity is medium.

– 2: The sensitivity is low.
– 5: Radio calibration is insensitive.
NOTE
You are advised to customize the sensitivity threshold when the wireless environment is stable
(APs are online with fixed interference or no surrounding interference). If the customized
sensitivity threshold (5 or higher) is used in other scenarios, radio transmission cannot avoid
high-interference channels due to low sensitivity, affecting user experience.
Example
# Set the radio calibration sensitivity to high.
[HUAWEI] wlan
[HUAWEI-wlan-view] calibrate sensitivity high
11.28 cca-threshold
Function
The cca-threshold command sets the clear channel assessment (CCA) threshold
for APs.
The undo cca-threshold command restores the default CCA threshold of APs.
By default, no CCA threshold is specified. APs use the default CCA threshold of the
chip.
Format
cca-threshold cca-threshold
undo cca-threshold
Parameters
cca-threshold Specifies the CCA threshold The value is an integer that ranges
for APs. from -85 to -40, in dBm.
Views
Default Level

Usage Guidelines
The CCA mechanism enables a WLAN chip to determine whether the channel is
idle before transmitting signals to the air interface. If so, the chip transmits signals.
If not, the chip waits until the channel is idle.
The CCA threshold is used by a WLAN chip to determine whether the channel is
idle. If the noise on the channel exceeds the threshold, the chip considers the
channel busy. Otherwise, the chip considers the channel idle.
When deploying a WLAN, set a proper CCA threshold to reduce signal interference
and improve the channel reuse rate.
● If APs are densely deployed, a high CCA threshold is recommended to narrow
down the coverage and ignore remote weak signals.
● If APs are sparsely deployed, a low CCA threshold is recommended to
maximize the effective coverage of signals.
Example
# Set the CCA threshold for a 2G radio to -70 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] cca-threshold -70
Warning: This parameter may affect uplink access coverage or STA access. Modify this parameter only
under the guidance of technical
personnel. Continue? [Y/N]Y
11.29 dca-channel bandwidth

Function
The dca-channel bandwidth command configures the calibration bandwidth.
The undo dca-channel bandwidth command restores the default calibration

bandwidth.
By default, the calibration bandwidth is 20 MHz.
Format
dca-channel 5g bandwidth { 20mhz | 40mhz | 80mhz }
undo dca-channel 5g bandwidth
Parameters
5g Specifies the frequency band on which -

radio calibration is implemented.

20mhz | Specifies the calibration bandwidth. -

40mhz |
80mhz
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
The 5 GHz frequency band has richer spectrum resources. In addition to 20 MHz
channels, APs working on the 5 GHz frequency band support 40 MHz and 80 MHz
channels. Larger-bandwidth channels mean higher transmission rates. However, at
least three channels are required in radio calibration to achieve the optimal
calibration effect. When configuring the calibration bandwidth, ensure that
enough calibration channels are available for use.
You can use the dca-channel bandwidth command to configure the calibration
bandwidth and the dca-channel channel-set command to configure calibration
channels as prompted.
When the calibration bandwidth is changed, the device recalculates the calibration
channels.
Precautions
Only the following APs support 80 MHz calibration bandwidth.
● AP1050DN-S, AP2050DN, AP2050DN-E, AP2050DN-S, AP2051DN, AP2051DN,
AP2051DN-E, AP2051DN-E, AP2051DN-S, AP2051DN-S, AP3010DN-V2,
AP3030DN, AP4030DN, AP4030TN, AP4050DN, AP4050DN-E, AP4050DN-HD,
AP4050DN-S, AP4051DN, AP4051DN-S, AP4051TN, AP4130DN, AP4151DN,
AP5030DN, AP5030DN-S, AP5050DN-S, AP5130DN, AP6050DN, AP6052DN,
AP6150DN, AP7050DE, AP7050DN-E, AP7052DE, AP7052DN, AP7152DN,
AP8030DN, AP8050DN, AP8050DN-S, AP8050TN-HD, AP8082DN, AP8130DN,
AP8150DN, AP8182DN, AP4050DE-M, AP4050DE-M-S, AP4050DE-B-S,
AP3050DE, AP7060DN, AP2051DN-L-S, AP5510-W-GP, AP6750-10T, AirEngine
5760-10, AP9130DN, AP9131DN, and AP9132DN
When configuring 40 MHz or 80 MHz calibration bandwidth, check whether
channels of the corresponding bandwidth exist under the country code.
Example
# Set the calibration bandwidth to 40 MHz.

[HUAWEI] wlan
[HUAWEI-wlan-view] dca-channel 5g bandwidth 40mhz
11.30 dca-channel channel-set

Function
The dca-channel channel-set command configures a calibration channel set.
The undo dca-channel channel-set command restores the default calibration
channel set.
By default, a calibration channel set contains channels 1, 6, and 11 on the 2.4 GHz
radio and contains all channels supported by the corresponding country code on
the 5 GHz radio. When configuring a calibration channel set, you can specify
channels as prompted.
Format
dca-channel { 2.4g | 5g } channel-set channel-value
undo dca-channel { 2.4g | 5g } channel-set
Parameters
2.4g | 5g Specifies the frequency band on -

which radio calibration is
performed. The options are as
follows:
● 2.4g: Radios work on the 2.4
GHz frequency band.
● 5g: Radios work on the 5 GHz
frequency band.
channel-set Specifies a calibration channel set. The value is a character

channel-value string. You can select
calibration channels as
prompted. If you select
multiple channels, use
commas (,) to separate
channel names.
Views
WLAN view
Default Level

Usage Guidelines
The 5 GHz frequency band has richer spectrum resources. In addition to 20 MHz
channels, APs working on the 5 GHz frequency band support 40 MHz and 80 MHz
channels. Larger-bandwidth channels mean higher transmission rates. However, at
least three channels are required in radio calibration to achieve the optimal
calibration effect. When configuring the calibration bandwidth, ensure that
enough calibration channels are available for use.
You can run this command to specify a calibration channel set for an AP. The AP
selects channels from the channel set to calibrate. This reduces the burden on the
AP.
NOTE
To ensure a good calibration effect, you are advised to configure at least three calibration
channels.
To prevent signal interference, ensure that adjacent APs work in non-overlapping channels. The
2.4 GHz frequency band has overlapping channels. When configuring calibration channels, you
are advised to configure a non-overlapping calibration channel set containing channels 1, 6, and
11 or containing channels 1, 5, 9, and 13.
To specify a 40 MHz calibration channel, you need to specify two consecutive 20

MHz channels. To specify an 80 MHz calibration channel, you need to specify four
consecutive 20 MHz channels. The combinations of 20 MHz channels making up
the 40 MHz and 80 MHz channels are fixed.
You can also use the dca-channel bandwidth command to configure the
calibration bandwidth and the dca-channel channel-set command to configure
calibration channels as prompted.
If no calibration channel set is configured, the device probes channels based on
the calibration channels corresponding to the country code.
NOTE
When configuring a calibration channel set, avoid using radar channels.

The configured channels must be supported by STAs; otherwise, the STAs cannot discover
radio signals.
Channels 184, 188, 192, and 196 on the 4.9 GHz frequency band can be used for radio
scanning but cannot be used for channel calibration.
If the AP has three 5 GHz radios, configure at least five calibration channels. If the AP has
two 5 GHz radios, configure at least three calibration channels.
Example
# Configure a calibration channel set composed of 40 MHz channels 149, 153,
157, and 161 on the 5 GHz frequency band.
[HUAWEI] wlan
[HUAWEI-wlan-view] dca-channel 5g bandwidth 40mhz
[HUAWEI-wlan-view] dca-channel 5g channel-set 149,153,157,161

11.31 dfs recover-delay

Function
The dfs recover-delay command sets the delay in switching back the DFS
channel.
The undo dfs recover-delay command restores the default delay in switching
back the DFS channel.
By default, the delay in switching back the DFS channel is 0 minutes. That is, the
channel is switched back to the manually planned channel when the legitimate
aging time (30 minutes) expires.
Format
dfs recover-delay delay-time
undo dfs recover-delay
Parameters
delay-time Specifies a delay in switching The value is an integer that ranges

back the DFS channel. from 0 to 2880, in minutes.
Views
RRM profile view
Default Level
Usage Guidelines
When an AP is working on the manually planned channel, if radar signals are
detected, the AP randomly selects a channel (the calibration channel
preferentially) allowed by the country code. The AP channel will be switched back
to the manually planned channel after the configured switchback delay and
legitimate aging time (30 minutes). A proper delay in switching back the DFS
channel will prevent frequent channel switchovers.
Example
# Set the delay in switching back the DFS channel to 10 minutes.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] dfs recover-delay 10

11.32 dfs smart-selection disable

Function
The dfs smart-selection disable command disables the DFS smart selection
function.
The undo dfs smart-selection disable command enables the DFS smart selection
function.
By default, the DFS smart selection function is enabled.
Format
dfs smart-selection disable
undo dfs smart-selection disable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the DFS smart selection function is enabled, an AP working on the 5 GHz
band detects radar signals. Upon detecting radar channels, the AP automatically
switches to another channel to prevent radar interference.
When an AP switches its working channel upon detecting radar signals, it
randomly selects a channel (the calibration channel preferentially) allowed by the
country code. The selected channel may be the same as or adjacent to the
working channel of surrounding 5 GHz radios, thereby causing severe interference
and poor network access experience. By default, the DFS smart selection function
is enabled so that the AP switches to a 5 GHz channel with the minimum
interference, preventing interference.
After the dfs smart-selection disable command is executed, the DFS smart
selection function is disabled, affecting user experience. Configure this function as
required.
Precautions
The DFS smart selection function is valid only when the air scan is enabled.

Example
# Disable DFS smart selection.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] dfs smart-selection disable
Info: This function does not take effect when air scan is disabled.
11.33 display air-scan-profile

Function
The display air-scan-profile command displays information about air scan
profiles.
Format
display air-scan-profile { all | name profile-name }
Parameters
all Displays information about all air -

scan profiles.
name profile-name Displays information about a The air scan profile

specified air scan profile. name must already
exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display air-scan-profile command to view information about air
scan profiles.
Example
# Display information about all air scan profiles.
<HUAWEI> display air-scan-profile all
------------------------------------------------------------
------------------------------------------------------------

default 2
test 1
------------------------------------------------------------
Total: 2
Table 11-1 Description of the display air-scan-profile all command output

Item Description
Profile name Name of an air scan profile.
Reference Number of times that the air scan

# Display information about the air scan profile test.

<HUAWEI> display air-scan-profile name test
------------------------------------------------------------
Scan switch : enable
Scan period(ms) : 80
Scan interval(ms) : 3000
Scan channel-set : dca-channel
Scan enhancement : enable
------------------------------------------------------------
Table 11-2 Description of the display air-scan-profile name command output

Item Description
Scan switch Whether air scanning is enabled.

scan-disable command.
Scan period(ms) Air scan period.

To set the air scan period, run the
scan-period command.
Scan interval(ms) Air scan interval.

To set the air scan interval, run the
scan-interval command.
Scan channel-set Air scan channel set.

To set the air scan channel set, run the
scan-channel-set command.
Scan enhancement Whether the scanning enhancement

To configure the scanning
enhancement function, run the scan-
enhancement command.

11.34 display ap neighbor

Function
The display ap neighbor command displays information about neighbors of a
radio, including authorized and unauthorized neighbors.
Format
display ap neighbor [ radio radio ]
Parameters
radio radio Specifies radio ID of an The value is an integer that ranges

AP. from 0 to 2.
Three radios are available only on
the , AP4030TN, AP4051TN,
AP6750-10T, AP8050TN-HD.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
APs' neighbor information reflects the APs' locations and neighbor relationships,
helping you plan the network.
If a neighboring AP is an unauthorized one, the system displays only the RSSI of
signals received from the neighboring AP.
Prerequisites
Example
# Display information about neighbors on the AP.
<HUAWEI> display ap neighbor
Uncontrol AP:
--------------------------------------------------------------------------------------------------------

Radio BSSID Channel RSSI(dBm) Last Update Time SSID

--------------------------------------------------------------------------------------------------------
0 dcd2-fc01-1760 1 -62 2019-08-18/00:54:35 auto-open-TB10-25
0 80f6-2e4d-4eb0 1 -79 2019-08-18/00:59:26 h3c-test1
0 04f9-3895-5cc0 1 -56 2019-08-18/00:59:26 vrrp-wc
1 80f6-2e4d-4ea0 149 -78 2019-08-18/00:59:05 test-portal
1 dcd2-fc95-d090 149 -79 2019-08-18/00:41:26 b
--------------------------------------------------------------------------------------------------------
Total: 5
Table 11-3 Description of the display ap neighbor command output
Item Description
Radio Neighboring AP detected on an AP

radio.
Uncontrol AP Unauthorized neighboring AP.

radio.
BSSID BSSID of an unauthorized neighbor.
Channel Channel that the unauthorized

neighboring AP uses.
RSSI(dBm) RSSI of signals received from the

neighboring AP, in dBm.
Last Update Time Latest time when the AP is detected.
SSID SSID of an unauthorized neighbor.
11.35 display ap neighbor (Cloud AP)

Function
The display ap neighbor command displays information about neighbors of an
AP, including authorized and unauthorized neighbors.
Format
display ap neighbor { dev-id device-id | ap-mac ap-mac } [ radio radio ]
Parameters
dev-id Specifies the ID of The device ID must exist.

device-id an AP.
ap-mac ap- Specifies the MAC The MAC address must exist.
mac address of an AP.

radio radio Specifies radio ID The value is an integer that ranges from 0
of an AP. to 2.
Three radios are available only on the ,
AP4030TN, AP4051TN, AP6750-10T,
AP8050TN-HD.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
APs' neighbor information reflects the APs' locations and neighbor relationships,
helping you plan the network.
If a neighboring AP is an authorized one, the system displays the RSSI of signals
received from the neighboring AP as well as the path loss.
If a neighboring AP is an unauthorized one, the system displays only the RSSI of
signals received from the neighboring AP.
Prerequisites
Example
# Display information about neighbors of the slave AP with the ID of 10 on the
leader AP.
<HUAWEI> display ap neighbor dev-id 10 radio 0
Radio: Radio ID of AP
Dev ID: Device ID of AP
In control AP:
------------------------------------------------------------------------------
Radio Dev ID AP MAC Channel Received RSSI(dbm) Path loss(db)
------------------------------------------------------------------------------
0 20 9c50-ee7b-a810 4 -16 44
------------------------------------------------------------------------------
Total: 1
Uncontrol AP:
------------------------------------------------------------------------------
Radio BSSID Channel RSSI(dBm) SSID
------------------------------------------------------------------------------
0 7079-90ac-7100 1 -32 2g-se
------------------------------------------------------------------------------
Total: 1

Table 11-4 Description of the display ap neighbor command output

Item Description
In control AP Authorized neighboring AP.
Uncontrol AP Unauthorized neighboring AP.

radio.
Dev ID ID of a neighboring AP.
AP MAC MAC address of a neighboring AP.
Channel Channel that the authorized

NOTE
The device displays only information about
neighboring APs detected on the current
channel.
Received RSSI(dbm) Strength of signals received from

neighboring APs.
Path loss(db) Path loss.
BSSID BSSID of an unauthorized neighbor.
Channel Channel that the unauthorized

RSSI(dBm) RSSI of signals received from the

neighboring AP, in dBm.
SSID SSID of an unauthorized neighbor.
11.36 display ap traffic statistics wireless

Function
The display ap traffic statistics wireless command displays statistics about
packets with the specified SSID on the radio of an AP.
Format
display ap traffic statistics wireless radio radio-id [ ssid ssid ]

Parameters
radio radio-id Specifies the radio ID. The value is an integer

Three radios are
available only on the ,
AP4030TN, AP4051TN,
AP6750-10T, AP8050TN-
HD.
ssid ssid Specifies the SSID that The value must be an

STAs associate with. existing SSID.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display ap traffic statistics wireless command to view statistics
about packets with the specified SSID on the radio of an AP.
Example
# Display statistics about packets with the SSID cmcc on radio 0 of the AP.
<HUAWEI> display ap traffic statistics wireless radio 0 ssid cmcc
----------------------------------------------------------------
Wireless bytes(RX) : 14583149
Wireless error frames(RX) : 10
Wireless frames(RX) : 97419
Wireless unicast frames(RX) : 16
Wireless dropped frames(RX) : 0
Wireless bytes(TX) : 1725974
Wireless error frames(TX) : 6
Wireless frames(TX) : 9704
Wireless unicast frames(TX) : 9680
Wireless dropped frames(TX) : 6
Wireless retransmitted frames: 32674
Current accessed STA number : 0
----------------------------------------------------------------
Table 11-5 Description of the display ap traffic statistics wireless radio radio-id
ssid ssid command output
Item Description
Wireless bytes(RX) Total number of bytes of data frames

received by the radio.

Item Description
Wireless error frames(RX) Total number of received error frames.
Wireless frames(RX) Total number of received frames.
Wireless unicast frames(RX) Total number of received unicast

frames.
Wireless dropped frames(RX) Total number of received frames that

are discarded.
Wireless bytes(TX) Total number of bytes of data frames

sent by the radio.
Wireless error frames(TX) Total number of transmitted error

frames.
Wireless frames(TX) Total number of transmitted frames.
Wireless unicast frames(TX) Total number of transmitted unicast

frames.
Wireless dropped frames(TX) Total number of transmitted frames

that are discarded.
Wireless retransmitted frames Total number of retransmitted frames.
Current accessed STA number Number of STAs that connect to the

AP normally.
# Display packet statistics on radio 0 of the AP.

<HUAWEI> display ap traffic statistics wireless radio 0
-----------------------------------------------------------------------
Wireless frames(RX) :3523697
Wireless bytes(RX) :418414831
Wireless error frames(RX) :1198591099
Wireless physical layer error frames(RX) :0
Wireless MIC error frames(RX) :0
Wireless private key and decrypt fail frames(RX) :0
Wireless frames(TX) :183946
Wireless bytes(TX) :33813072
Wireless RTS successes(TX) :0
Wireless unicast frames(TX) :158729
Wireless broadcast frames(TX) :18309
Wireless failure frames(TX) :137848
Wireless retry frames :0
Wireless PER(%) :0
Wireless PER of the last 5min(%) :0
Wireless port drop rate(%) :0
Wireless port drop rate of the last 5min(%) :0
Wireless retransmitted rate(%) :0
Wireless retransmitted rate of the last 5min(%) :0
Wireless channel utilization(%) :70
WMM AC_BE retry ratio(%) :0
WMM AC_BK retry ratio(%) :0
WMM AC_VI retry ratio(%) :0
WMM AC_VO retry ratio(%) :0
WMM AC_BE PER(%) :0
WMM AC_BK PER(%) :0
WMM AC_VI PER(%) :0

WMM AC_VO PER(%) :0

-----------------------------------------------------------------------
Table 11-6 Description of the display ap traffic statistics wireless radio radio-id
command output
Item Description
Wireless frames(RX) Total number of data frames and

management frames received by the
radio.
Wireless bytes(RX) Total number of bytes of data frames

Wireless error frames(RX) Total number of error frames received

by the radio.
Wireless physical layer error Number of error frames received at

frames(RX) the physical layer of the radio.
Wireless MIC error frames(RX) Number of frames with message

integrity code (MIC) received by the
radio.
Wireless private key and decrypt fail Number of frames with incorrect keys
frames(RX) received by the radio.
Wireless frames(TX) Number of transmitted frames

Wireless bytes(TX) Total number of bytes of data frames

transmitted by the radio.
Wireless RTS successes(TX) Number of Request to Send (RTS)

frames that are successfully sent by
the radio.
Wireless unicast frames(TX) Number of transmitted unicast frames

Wireless broadcast frames(TX) Number of broadcast frames sent by

the radio.
Wireless failure frames(TX) Number of frames that the radio fails

to send.
Wireless retry frames Number of frames that are

retransmitted by the radio.
Wireless PER(%) Packet error rate of the radio.
Wireless PER of the last 5min(%) Packet error rate of the radio in the
last statistical period.
Wireless port drop rate(%) Packet loss ratio of the radio.

Item Description
Wireless port drop rate of the last Packet loss ratio of the radio in the
5min(%) last statistical period.
Wireless retransmitted rate(%) Retransmission ratio of the radio.
Wireless retransmitted rate of the last Retransmission ratio of the radio in the
5min(%) last statistical period.
Wireless channel utilization(%) Channel usage of the radio.

NOTE
When an AP radio works in monitor mode,
this parameter is displayed as -.
WMM AC_BE retry ratio(%) Retransmission ratio of AC_BE packets

in the WMM queue.
WMM AC_BK retry ratio(%) Retransmission ratio of AC_BK packets

in the WMM queue.
WMM AC_VI retry ratio(%) Retransmission ratio of AC_VI packets

in the WMM queue.
WMM AC_VO retry ratio(%) Retransmission ratio of AC_VO packets

in the WMM queue.
WMM AC_BE PER(%) PER of AC_BE packets in the WMM

queue.
WMM AC_BK PER(%) PER of AC_BK packets in the WMM

queue.
WMM AC_VI PER(%) PER of AC_VI packets in the WMM

queue.
WMM AC_VO PER(%) PER of AC_VO packets in the WMM

queue.
11.37 display channel switch-record

Function
The display channel switch-record command displays channel switching records
on the device.
Format
display channel switch-record { all | calibrate | radio radio-id }

Parameters
all Displays all channel switching records. -
calibrate Displays channel switching records for -

radio calibration.
radio radio-id Displays channel switching records of a The radio ID must

specified radio. exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check channel switching records on a device.
Run the display channel switch-record calibrate command to query channel or

power switching records caused by radio calibration to check the calibration
results.
Example
# Display all channel switching records.
<HUAWEI> display channel switch-record all
Old/New: Old channel/New channel
RfID : Radio ID
----------------------------------------------------------------------------------------------
RfID Old/New Switch reason Switch time
----------------------------------------------------------------------------------------------
0 1/6 calibration 11:03:30 2014/9/28
----------------------------------------------------------------------------------------------
Total : 1
Table 11-7 Description of the display channel switch-record all command

output
Item Description
RfID Radio ID.
Old/New Channels used before and after

switching.

Item Description
Switch reason Reason for channel switching.

● calibration: channel switching
caused by radio calibration
● configuration: channel switching
caused by configuration
● dfs: channel switching performed to
avoid radar channels
● dfs recover: channel switching
caused by DFS channel switchback
● mesh: channel switching caused by
channel negotiation on a Mesh
network
Switch time Time when channel switching

occurred.
# Display channel calibration records.

<HUAWEI> display channel switch-record calibrate
PCH : Pre channel
CCH : Current channel
PBW : Pre bandwidth
CBW : Current bandwidth
PE : Pre EIRP (dBm)
CE : Current EIRP (dBm)
PR : Pre RSSI (dBm)
CR : Current RSSI (dBm)
RfID: Radio ID
----------------------------------------------------------------------------------------------------
RfID PCH/CCH PBW/CBW PE/CE PR/CR Reason Time Trigger ID(Radio)
----------------------------------------------------------------------------------------------------
0 11/6 80M/40M+ 27/127 -32/-40 Period recheck 19:30:00 2016/04/11 -
0 6/11 20M/20M 27/127 -40/-48 Bad env 19:21:53 2016/04/11 3(0)
----------------------------------------------------------------------------------------------------
Total : 2
Table 11-8 Description of the display channel switch-record calibrate command

output
Item Description
RfID Radio ID.
PCH/CCH Channels before and after calibration.

NOTE
PCH/CCH changes may be discontinuous
for a radio.
PBW/CBW Bandwidth before and after

calibration.

Item Description
PE/CE Power before and after calibration.

NOTE
PE/CE changes may be discontinuous for a
radio.
PR/CR Interference values before and after

calibration.
Reason Reason for triggering calibration.

● Period recheck: periodic calibration
● Bad env: environment deterioration
● Non-Wi-Fi report: non-Wi-Fi report
NOTE
● Rogue AP report: rogue AP report
● Noise interfere: noise interference
● Global plan: trial operation
● AP online: The AP radio is on, the
radio is switched (between 2.4 GHz
and 5 GHz bands), the radio
working mode changes, or the AP
goes online.
● AP offline: The AP radio is off, the
radio is switched (between 2.4 GHz
and 5 GHz bands), the radio
working mode changes, or the AP
goes offline.
● Bad Channel: The channel
deteriorates, causing a loss of
Beacon frames.
● Unknown: unknown reason
Time Time when calibration is triggered.
Trigger ID(Radio) ID of the device (radio) that triggers

partial radio calibration.
11.38 display channel switch-record (Cloud AP)

Function
The display channel switch-record command displays channel switching records
of APs.

Format
display channel switch-record { all | calibrate | dev-id device-id radio radio-id |
ap-mac ap-mac radio radio-id }
Parameters
all Displays all channel switching records. -
calibrate Displays channel switching records for -

radio calibration.
dev-id device-id Displays channel switching records of The device ID must

the AP with a specified ID. exist.
ap-mac ap-mac Displays channel switching records of The MAC address

the AP with a specified MAC address. must exist.
radio radio-id Displays channel switching records of a The radio ID must

specified radio. exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check channel switching records of APs.
Run the display channel switch-record calibrate command to query channel or
power switching records caused by radio calibration to check the calibration
results.
Example
# Display all channel switching records of slave APs and leader AP on the leader
AP.
<HUAWEI> display channel switch-record all
Old/New: Old channel/New channel
RfID : Radio ID
Dev ID : Device ID of AP
----------------------------------------------------------------------------------------------
Dev ID AP MAC RfID Old/New Switch reason Switch time
----------------------------------------------------------------------------------------------
14 88cf-98ba-5a40 0 1/6 configuration 11:03:30 2017/9/28
----------------------------------------------------------------------------------------------
Total : 1

Table 11-9 Description of the display channel switch-record all command

output
Item Description
Dev ID ID of an AP.
RfID Radio ID.
Old/New Channels used before and after

switching.
Switch reason Channel switching reason.

● calibration: channel switching
caused by radio calibration
● configuration: channel switching
caused by configuration
● dfs: channel switching performed to
avoid radar channels
● dfs recover: channel switching
caused by DFS channel switchback
● iot-notification: channel switching
notified by an IoT card
Switch time Time when channel switching

occurred.
# Display channel calibration records.

<HUAWEI> display channel switch-record calibrate
PCH : Pre channel
CCH : Current channel
PBW : Pre bandwidth
CBW : Current bandwidth
PE : Pre EIRP (dBm)
CE : Current EIRP (dBm)
PR : Pre RSSI (dBm)
CR : Current RSSI (dBm)
RfID: Radio ID
Dev ID: Device ID of AP
------------------------------------------------------------------------------------------------------------------------------
-----
Dev ID AP MAC RfID PCH/CCH PBW/CBW PE/CE PR/CR Reason Time
Trigger ID(Radio)
------------------------------------------------------------------------------------------------------------------------------
-----
14 88cf-98ba-5a40 0 11/6 80M/40M+ 27/127 -32/-40 Period recheck 19:30:00
2018/01/11 -
15 88cf-98ba-5a60 0 6/11 20M/20M 27/127 -40/-48 Bad env 19:21:53
2018/01/11 -
------------------------------------------------------------------------------------------------------------------------------
-----
Total : 2

Table 11-10 Description of the display channel switch-record calibrate

command output
Item Description
Dev ID ID of an AP.
RfID Radio ID.
PCH/CCH Channels before and after calibration.

NOTE
PCH/CCH changes may be discontinuous
for a radio.
PBW/CBW Bandwidth before and after

calibration.
PE/CE Power before and after calibration.

NOTE
PE/CE changes may be discontinuous for a
radio.
PR/CR Interference values before and after

calibration.
Reason Reason for triggering calibration.

● Period recheck: periodic calibration
● Bad env: environment deterioration
● Non-Wi-Fi report: non-Wi-Fi report
● Rogue AP report: rogue AP report
● Noise interfere: noise interference
● Global plan: network-wide plan
● AP online: AP go-online
● AP offline: AP go-offline
● Bad Channel: The channel
deteriorates, causing a loss of
Beacon frames.
● iot-notification: An IoT card notifies
calibration.
● High interference: Severe
interference occurs.
● Unknown: unknown reason
Time Time when calibration is triggered.
Trigger ID(Radio) ID of the device (radio) that triggers

partial radio calibration.

11.39 display flexible-radio status

Function
The display flexible-radio status command displays the status and switching
result of the redundant radio.
Format
display flexible-radio status
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display flexible-radio status command to check the status and
switching result of the redundant radio.
Example
# Display the status and switching result of the redundant radio.
<HUAWEI> display flexible-radio status
Redundancy Results:
R: The current radio is a redundant radio that has not been switched
S(5G): The redundant radio is switched to the 5 GHz mode
S(monitor): The redundant radio is switched to the monitor mode
S(off): This redundant radio is disabled
-: This radio is not a redundant radio
Recognize time: 2019-06-11/16:59:52 DST
----------------------------------------------------------
AP ID Name RfID Band ST Redundancy Result
----------------------------------------------------------
2 00e0-fc12-3455 0 2.4G on R
3 00e0-fc12-3456 0 2.4G on S(5G)
----------------------------------------------------------
Total:4

Table 11-11 Description of the display flexible-radio status command output

Item Description
Recognize time Time when the redundant radio is

identified. DST indicates that the
daylight saving time is set through the
clock daylight-saving-time
command.
AP ID AP ID.
Name AP name.
RfID Radio ID.
Band Frequency band of the radio.
ST Radio status.
Redundancy Result Switching result of the redundant

radio.
● R: The current radio is a redundant
radio that has not been switched.
● S(5G): The redundant radio is
switched to the 5 GHz mode.
● S(monitor): The redundant radio is
switched to the monitor mode.
● S(off): This redundant radio is
disabled.
● -: This radio is not a redundant
radio.
11.40 display flexible-radio switch-record

Function
The display flexible-radio switch-record command displays the switching record
of the redundant radio.
Format
display flexible-radio switch-record [ detail ]

Parameters
detail Displays the detailed switching record of -

the redundant radio.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display flexible-radio switch-record command to check the
switching record of the redundant radio.
Example
# Display the switching record of the redundant radio.
<HUAWEI> display flexible-radio switch-record
-------------------------------------------------------------
Time ApID Name RfID Switch
-------------------------------------------------------------
2019-06-10/20:45:58 DST 5 00e0-fc12-3456 0 monitor
-------------------------------------------------------------
Total : 1
# Display the detailed switching record of the redundant radio.

<HUAWEI> display flexible-radio switch-record detail
------------------------------------------------------------------------------------------------------------------------------
---------
Time ApID Name RfID Switch ReferenceRadio(ApID/ApName/PL)
------------------------------------------------------------------------------------------------------------------------------
---------
2019-06-10/20:45:58 DST 5 00e0-fc12-3456 0 monitor (0 /00e0-fc12-c220/52 ),(6 /00e0-fc12-
f7c0/40 ),(2 /b4fb-f97a-f9e0/52 )
------------------------------------------------------------------------------------------------------------------------------
---------
Total : 1
Table 11-12 Description of the display flexible-radio switch-record detail

command output
Item Description
Time Time when the redundant radio is

switched. DST indicates that the
daylight saving time is set through the
clock daylight-saving-time
command.
ApID AP ID.

Item Description
Name AP name.
RfID Radio ID.
Switch Switching result of the redundant

radio.
● 5G: The redundant radio is switched
to the 5 GHz mode.
● 2.4G: The redundant radio is
switched back to the 2.4 GHz mode.
● monitor: The redundant radio is
switched to the monitor mode.
● normal: The redundant radio is
switched back to the normal mode.
● off: This redundant radio is
disabled.
● on: This redundant radio is enabled.
ReferenceRadio(ApID/ApName/PL) Top 3 neighbors of the redundant

radio (AP ID/AP name/path loss).
11.41 display references air-scan-profile

Function
The display references air-scan-profile command displays reference information
about an air scan profile.
Format
display references air-scan-profile name profile-name
Parameters
name profile-name Displays reference information The air scan profile name
about a specified air scan must already exist.
profile.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display references air-scan-profile command to view reference
information about an air scan profile.
Example
# Display reference information about the air scan profile test.
<HUAWEI> display references air-scan-profile name test
------------------------------------------------------------
------------------------------------------------------------
radio-2g-profile default
------------------------------------------------------------
Total: 1
Table 11-13 Description of the display references air-scan-profile command

output
Item Description
Reference type Type of the profile that references the

air scan profile.
Reference name Name of the profile that references

the air scan profile.
11.42 display references rrm-profile

Function
The display references rrm-profile command displays reference information
about an RRM profile.
Format
display references rrm-profile name profile-name
Parameters
name profile-name Displays reference information The RRM profile name

about a specified RRM profile. must already exist.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references rrm-profile command to view reference
information about an RRM profile.
Example
# Display reference information about the RRM profile default
<HUAWEI> display references rrm-profile name default
------------------------------------------------------------
------------------------------------------------------------
radio-2g-profile radio0
radio-5g-profile radio1
------------------------------------------------------------
Total: 2
Table 11-14 Description of the display references rrm-profile command output
Item Description
Reference type Type of the profile that references the

RRM profile.
Reference name Name of the profile that references

the RRM profile.
11.43 display rrm-profile

Function
The display rrm-profile command displays information about RRM profiles.
Format
display rrm-profile { all | name profile-name }
Parameters
all Displays information about all RRM -

profiles.

name profile-name Displays information about a The RRM profile

specified RRM profile. name must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display rrm-profile command to view information about RRM
profiles.
Example
# Display information about all RRM profiles.
<HUAWEI> display rrm-profile all
------------------------------------------------------------
------------------------------------------------------------
default 2
------------------------------------------------------------
Total:1
Table 11-15 Description of the display rrm-profile all command output
Item Description
Profile name Name of an RRM profile.
Reference Number of times an RRM profile is

referenced.
# Display information about the RRM profile default.

<HUAWEI> display rrm-profile name default
--------------------------------------------------------------------------
PER threshold for trigger channel/power select(%) : 60
Noise-floor threshold for trigger channel/power select(dBm) : -60
Calibrate tpc threshold(dBm): : -60
Maximum 2.4G calibration TX power(dBm) : 127
Maximum 5G calibration TX power(dBm) : 127
Minimum 2.4G calibration TX power(dBm) :9
Minimum 5G calibration TX power(dBm) : 12
Calibrate error rate check interval(min) :1
Calibrate error rate check traffic threshold(kbps) : 1250
Airtime fairness schedule : disable
Dynamic adjust EDCA parameter : enable
Dynamic EDCA be-service threshold :6
UAC check client's SNR : disable

UAC client's SNR threshold(dB) : 20

UAC hide SSID : SSID broadcast
Band steer deny threshold :5
Band steer SNR threshold(dB) : 20
Band balance start threshold : 10
Band balance gap threshold(%) : 20
Client's band expire based on continuous probe counts : 35
Smart-roam : disable
Smart-roam check SNR : enable
Smart-roam standing SNR threshold(dB) : 20
Smart-roam SNR quick-kickoff-threshold(dB) : 15
Smart-roam rate threshold(%) : 20
Smart-roam rate quick-kickoff-threshold(%) : 20
Smart-roam high level SNR margin(dB) : 15
Smart-roam low level SNR margin(dB) :6
Smart-roam SNR check interval(s) :3
Smart-roam unable roam client expire time(min) : 120
Smart-roam quick-kickoff SNR check interval(ms) : 500
Smart-roam quick-kickoff SNR P-N observe time :6
Smart-roam quick-kickoff SNR P-N qualify time :4
AMC policy : auto-balance
High density AMC optimize : disable
DFS smart select : enable
DFS recover delay time(min) :0
------------------------------------------------------------------------
Table 11-16 Description of the display rrm-profile name command output

Item Description
PER threshold for trigger channel/ Retransmission rate threshold for

power select(%) triggering channel or power
adjustment.
calibrate error-rate-threshold
command.
Noise-floor threshold for trigger Noise-floor threshold for triggering

channel/power select(dBm) channel or power adjustment.
calibrate noise-floor-threshold
command.
Calibrate tpc threshold(dBm) Transmit Power Control (TPC)

coverage threshold.
calibrate tpc threshold command.
Maximum 2.4G calibration TX Maximum transmit power that can be

power(dBm) adjusted through 2.4 GHz radio
calibration.
calibrate max-tx-power command.

Item Description
Maximum 5G calibration TX Maximum transmit power that can be

power(dBm) adjusted through 5 GHz radio
calibration.
calibrate max-tx-power radio-5g
command.
Minimum 2.4G calibration TX Minimum transmit power that can be

power(dBm) adjusted through 2.4 GHz radio
calibration.
calibrate min-tx-power command.
Minimum 5G calibration TX Minimum transmit power that can be

power(dBm) adjusted through 5 GHz radio
calibration.
calibrate min-tx-power radio-5g
command.
Calibrate error rate check interval(min) Interval for checking the

retransmission rate.
calibrate error-rate-check command.
Calibrate error rate check traffic Traffic threshold for checking the
threshold(kbps) retransmission rate.
calibrate error-rate-check command.
Airtime fairness schedule Whether to enable airtime fair

scheduling.
airtime-fair-schedule enable
command.
Dynamic adjust EDCA parameter Whether to enable dynamic EDCA

parameter adjustment.
dynamic-edca enable command.
Dynamic EDCA be-service threshold Threshold for the dynamic EDCA Best-
Effort service.
dynamic-edca threshold command.
UAC check client's SNR Whether to enable user CAC based on

the terminal SNR.
uac enable command.

Item Description
UAC client's SNR threshold(dB) User CAC SNR threshold.

uac client-snr threshold command.
Action upon reaching the UAC Action to take when the number of
threshold access users reaches the user CAC
threshold.
● SSID hide: hiding the SSID
● SSID broadcast: broadcasting the
SSID
● priority-based STA replacement:
allowing access of VIP users instead
of non-VIP users based on priorities
uac reach-access-threshold
command.
Band steer deny threshold Maximum number of times an AP

rejects association requests of a STA
for band steering.
band-steer deny-threshold
command.
Band steer SNR threshold(dB) Start SNR threshold for triggering 5G-
prior access.
band-steer snr-threshold command.
Band balance start threshold Start threshold for load balancing

between radios.
band-steer balance start-threshold
command.
Band balance gap threshold(%) Load difference threshold for load

balancing between radios.
band-steer balance gap-threshold
command.
Client's band expire based on Aging condition of terminal band

continuous probe counts information, that is, the number of
times that an AP has continuously
received Probe frames of a terminal
from the same frequency band.
band-steer client-band-expire
command.

Item Description
Smart-roam Whether to enable smart roaming.

smart-roam disable command.
Smart-roam quick kickoff Whether to enable the function of

quickly disconnecting STAs.
smart-roam quick-kickoff-threshold
disable command.
Smart-roam check SNR Whether to specify the trigger mode of

smart roaming as check SNR.
smart-roam roam-threshold { check-
snr | check-rate } command.
Smart-roam quick kickoff check SNR Whether to enable the function of

quickly disconnecting STAs is triggered
by checking the SNR of STAs.
{ check-snr | check-rate } command.
Smart-roam check rate Whether to specify the trigger mode of

smart roaming as check rate.
smart-roam roam-threshold { check-
snr | check-rate } command.
Smart-roam quick kickoff check rate Whether to enable the function of

quickly disconnecting STAs is triggered
by checking the rate of STAs.
{ check-snr | check-rate } command.
Smart-roam standing SNR SNR threshold for smart roaming.

threshold(dB) To configure this parameter, run the
smart-roam roam-threshold { snr |
rate } command.
Smart-roam SNR quick-kickoff- SNR-based threshold for quickly

threshold(dB) disconnecting STAs.
command.

Item Description
Smart-roam rate threshold(%) Rate threshold for smart roaming.

smart-roam roam-threshold { snr |
rate } command.
Smart-roam rate quick-kickoff- Rate-based threshold for quickly

threshold(%) disconnecting STAs.
command.
Smart-roam high level SNR Higher SNR difference threshold that

margin(dB) triggers STA roaming.
smart-roam snr-margin command.
Smart-roam low level SNR margin(dB) Lower SNR difference threshold that
triggers STA roaming.
smart-roam snr-margin command.
Smart-roam SNR check interval(s) Terminal SNR check interval.

smart-roam quick-kickoff-snr check-
interval command.
Smart-roam unable roam client expire Aging time of "unable to roam"

time(min) record.
smart-roam unable-roam-client
expire-time command.
Smart-roam quick-kickoff SNR check Interval for checking the SNR to

interval(ms) determine whether to quickly
disconnect STAs.
smart-roam quick-kickoff-snr check-
interval command.
Smart-roam quick-kickoff SNR P-N Number of PN observation times to

observe time determine whether to quickly
disconnect STAs.
smart-roam quick-kickoff-snr p-n
criteria command.

Item Description
Smart-roam quick-kickoff SNR P-N Number of PN observation times to

qualify time determine whether to quickly
disconnect STAs.
smart-roam quick-kickoff-snr p-n
criteria command.
AMC policy Adaptive modulation and coding

(AMC) algorithm.
amc-policy command.
High density AMC optimize Whether to enable the AMC

optimization function in high-density
scenarios.
high-density amc-optimize enable
command.
DFS smart select Whether to enable DFS smart

selection.
● enable: DFS smart selection is
enabled.
● disable: DFS smart selection is
disabled.
dfs smart-selection disable
command.
DFS recover delay time(min) Delay in switching back the DFS

channel.
dfs recover-delay command.
Multimedia air optimize Whether to enable the multimedia air

interface optimization function.
● disable: This function is disabled.
● enable: This function is enabled.
multimedia-air-optimize enable
command.

Item Description
Multimedia air optimize threshold User packet threshold for triggering

multimedia air interface optimization.
● Voice: voice packet density
threshold
● Video: video packet density
threshold
multimedia-air-optimize threshold
command.
11.44 display sta-load-balance fairness

Function
The display sta-load-balance fairness command displays the load balancing
fairness.
Format
display sta-load-balance fairness
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
STAs may access 2.4 GHz or 5 GHz radios on a WLAN. Even STA access indicates
high fairness.
Example
# Display the load balancing fairness.
<HUAWEI> display sta-load-balance fairness
2.4G sta-load-balance fairness : -
5G sta-load-balance fairness : 0.85

Table 11-17 Description of the display sta-load-balance fairness command

output
Item Description
2.4G sta-load-balance fairness Load balancing fairness of 2.4 GHz

radios. A high value indicates high
fairness.
The value ranges from 0 to 1. When
the value is 0, - is displayed.
5G sta-load-balance fairness Load balancing fairness of 5 GHz

radios. A high value indicates high
fairness.
The value ranges from 0 to 1. When
the value is 0, - is displayed.
11.45 display station neighbor
Function
The display station neighbor command displays the neighbor list of a specified
STA.
Format
display station neighbor sta-mac mac-address
Parameters
sta-mac mac-address Specifies the MAC address of a The MAC address must
STA. exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the neighbor list of the STA with a specified
MAC address.

Example
# Display the neighbor list of the STA with a specified MAC address.
<HUAWEI> display station neighbor sta-mac 00e0-fc00-0001
------------------------------------------------------------------------------------------------------------------------------
--
Device MAC Device ID Device Name Radio ID Channel Probe info(RSSI/HH:MM:SS) 11k
info[RCPI/RSNI/HH:MM:SS]
------------------------------------------------------------------------------------------------------------------------------
--
00e0-fc76-e360 0 00e0-fc76-e360 1 165 -44/15:05:11 -
------------------------------------------------------------------------------------------------------------------------------
--
Total neighbors: 1, total records: 1
System Response
Table 11-18 Description of the display station neighbor command output
Item Description
Device MAC MAC address of a neighboring device.
Device ID ID of a neighboring device.
Device Name Name of a neighboring device.
Radio ID Radio ID of a neighboring device.
Channel Channel of a neighboring device.
Probe info(RSSI/ Probe information about the STA, including the RSSI
HH :MM:SS) and timestamp.
11k info[RCPI/RSNI/ 802.11k information about the STA, including the

HH:MM:SS] Received Channel Power Indicator, Received Signal-
to-Noise Indication, and timestamp.
NOTE
A hyphen (-) displayed indicates that the STA does not
comply with 802.11k or has not performed 802.11k
scanning.
11.46 display station neighbor all
Function
The display station neighbor all command displays STA neighbor information.
Format
display station neighbor all

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view STA neighbor information.
Example
# Display STA neighbor information.
<HUAWEI> display station neighbor all
Probe neighbor number : Number of neighbors detected through Probe frames in 5 minutes
11k neighbor number : Number of neighbors detected through 802.11k frames in 5 minutes
Last update time : Time when neighbors are detected through Probe or 802.11k frames in 5 minutes
formatted: probe/11k
----------------------------------------------------------------------------------------------
STA MAC Probe neighbor number 11k neighbor number Last update time
----------------------------------------------------------------------------------------------
00e0-fc00-0001 4 0 11:43:08/-
00e0-fc00-0002 1 0 11:42:30/-
00e0-fc00-0003 33 0 11:43:26/-
----------------------------------------------------------------------------------------------
Total:3
System Response
Table 11-19 Description of the display station neighbor all command output
Item Description
Probe neighbor number Number of neighbors detected through Probe frames

in 5 minutes.
11k neighbor number Number of neighbors detected through 802.11k

frames in 5 minutes.
Last update time Time when neighbors are detected through Probe or
802.11k frames in 5 minutes.

11.47 display station steer-history

Function
The display station steer-history command displays historical information about
STA steering.
Format
display station steer-history
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After the load balancing, band steering, or smart roaming function is enabled,
STAs are steered. You can run this command to check historical information about
STA steering.
Example
# Display historical information about steering of all STAs.
<HUAWEI> display station steer-history
S/T/A:Source/Target/Actual
Flag:V[Voice/Video/Active STA]
BTM success times/BTM total times:1/2 Deauth success times/Deauth total times:0/0
------------------------------------------------------------------------------------------------------------------------------
------
Time Sta Device(S/T/A) Radio(S/T/A) Rssi(S/T/A) Reason Move-mode
BTM_CODE Flag Result
------------------------------------------------------------------------------------------------------------------------------
------
2019-01-11/15:56:49 00e0-fc00-0001 3/5/5 0/1/1 -27/-27/-25 BandSteer BTM -
- Success
2019-01-11/15:48:49 00e0-fc00-0001 3/3/3 0/1/1 -28/-/-57 BandSteer BTM -
- Success
- Not Move
- Not Move
------------------------------------------------------------------------------------------------------------------------------
------
Total: 4

Table 11-20 Description of the display station steer-history command output

Item Description
Time Time when a STA is triggered to steer.
Sta MAC address of a STA.
Device(S/T/A) ID of the source device/ID of the

target device/ID of the device to which
a STA is actually steered.
Radio(S/T/A) ID of the source radio/ID of the target

radio/ID of the radio to which a STA is
actually steered.
Rssi(S/T/A) RSSI of the source radio/RSSI of the

target radio/RSSI of the radio to which
a STA is actually steered.
Reason Reason why a STA is triggered to steer.

● Sticky: The STA is considered as a
sticky STA, triggering smart
roaming.
● Sticky(A): The device periodically
detects the roaming status and
proactively triggers smart roaming.
● LoadBalance: Load balancing is
enabled.
● BandSteer: Band steering is
enabled.
Move-mode Steering mode of a STA.

● BTM
● Deatuth

Item Description
BTM_CODE BTM steering status code.

● 0: Accept
● 1: Reject-Unspecified reject reason.
● 2: Reject-Insufficient Beacon or
Probe Response frames received
from all candidates.
● 3: Reject-Insufficient available
capacity from all candidates.
● 4: Reject-BSS termination undesired.
● 5: Reject-BSS termination delay
requested.
● 6: Reject-STA BSS Transition
Candidate List provided.
● 7: Reject-No suitable BSS transition
candidates.
● 8: Reject-Leaving ESS.
● -: A STA is steered in
deauthentication mode or the
device does not receive any BTM
response.
Flag Voice/Video/Active STA flag.
Result Steering result of a STA.

● Success: The steering is successful.
● Success(NT): The steering is
successful but the STA is not
steered to the expected target.
● Time Out: The steering times out.
● Not Move: The steering is complete,
but the STA is still associated with
the source AP.
● Failed: The steering fails. (The
steering result does not meet the
expectation. For example, the STA is
not steered to the 5 GHz radio in
the band steering scenario, is
steered to an AP with poor signal
quality in the smart roaming
scenario, or is steered to a high-
load AP in the load balancing
scenario.)
● Error(1) or Error(2): An internal
error occurs during the steering.

11.48 display station steer-info

Function
The display station steer-info command displays STA migration information
based on the weak RSSI, non-optimal load, and migration inability.
Format
display station steer-info { all | weak-rssi | non-best-load | unsteerable }
Parameters
all Displays migration -

STAs, including the weak
RSSI, non-optimal load,
and migration inability.
weak-rssi Displays STA information -

based on the weak RSSI.
non-best-load Displays STA information -

based on the non-
optimal load.
unsteerable Displays STA information -

based on the migration
inability.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view STA migration information based on the weak
RSSI, non-optimal load, and migration inability.
Example
# Display migration information about all STAs, including the weak RSSI, non-
optimal load, and migration inability.

<HUAWEI> display station steer-info all

-----------------------------------------------------------------------
Sta-MAC Weak RSSI Non-best-load Unsteerable
-----------------------------------------------------------------------
00e0-fc12-3456 Y N Y
-----------------------------------------------------------------------
Total STA :1
Weak-RSSI STA :1
Non-best-load STA : 0
Unsteerable STA : 1
Table 11-21 Description of the display station steer-info command output
Item Description
Sta-MAC MAC address of a STA.
Weak RSSI Whether a STA has a weak RSSI.
Non-best-load Whether a STA has the non-optimal

load.
Unsteerable Whether the STA cannot be migrated.
11.49 display station steer-statistics

Function
The display station steer-statistics command displays STA steering statistics.
Format
display station steer-statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After the load balancing, band steering, or smart roaming function is enabled,
STAs may be steered. You can run this command to check STA steering statistics.

Example
# Display steering statistics of all STAs.
<HUAWEI> display station steer-statistics
------------------------------------------------------------------------------------------------------------------------------
------
Reason Total/Success Deauth(Total/Success) BTM(Total/Accept/REJ1/REJ2/REJ3/REJ4/REJ5/REJ6/
REJ7/REJ8/TimeOut)
------------------------------------------------------------------------------------------------------------------------------
------
Sticky 0/0 0/0 0/0/0/0/0/0/0/0/0/0/0
Load-balance 0/0 0/0 0/0/0/0/0/0/0/0/0/0/0
Band-steer 0/0 0/0 0/0/0/0/0/0/0/0/0/0/0
Total 0/0 0/0 0/0/0/0/0/0/0/0/0/0/0
------------------------------------------------------------------------------------------------------------------------------
------
Table 11-22 Description of the display station steer-statistics command output

Item Description
Reason Reason why a STA is triggered to steer.

● Sticky: The STA is sticky.
● Load-balance: Load balancing is
implemented.
● Band-steer: Band steering is
implemented.
Total/Success Total number of triggered STA steering

times/Number of successful STA
steering times.
Deauth(Total/Success) Total number of times STA steering is

triggered in deauthentication mode/
Number of times STA steering is
successfully triggered in
deauthentication mode.

Item Description
BTM(Total/Accept/REJ1/REJ2/REJ3/ Total number of times STA steering is

REJ4/REJ5/REJ6/REJ7/REJ8/TimeOut) triggered in BTM mode/Number of
times STA steering is successfully
triggered in BTM mode/Number of
times STA steering is rejected in BTM
mode/Number of times STA steering is
timed out in BTM mode. The options
are as follows:
● REJ1: Reject-Unspecified reject
reason.
● REJ2: Reject-Insufficient Beacon or
Probe Response frames received
from all candidates.
● REJ3: Reject-Insufficient available
capacity from all candidates.
● REJ4: Reject-BSS termination
undesired.
● REJ5: Reject-BSS termination delay
requested.
● REJ6: Reject-STA BSS Transition
Candidate List provided.
● REJ7: Reject-No suitable BSS
transition candidates.
● REJ8: Reject-Leaving ESS.
11.50 display station unsteerable

Function
The display station unsteerable command displays "unable to roam" records of
STAs.
Format
display station unsteerable
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display station unsteerable command to check "unable to
roam" records of STAs.
Example
# Display "unable to roam" records of STAs.
<HUAWEI> display station unsteerable
-------------------------------------------------------------------------------
STA MAC Left aging time Status
-------------------------------------------------------------------------------
00E0-FC12-3456 3h 20m online
00E0-FC45-7890 2h 30m offline
-------------------------------------------------------------------------------
Total: 2
Table 11-23 Description of the display station unsteerable command output

Item Description
STA MAC MAC address of the "unable to roam"

STA.
Left aging time Remaining aging period.
Status Status of the STA.

● online
● offline
11.51 display wlan calibrate channel-set

Function
The display wlan calibrate channel-set command displays the effective
calibration channels and bandwidth.
Format
display wlan calibrate channel-set
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
After configuring the radio calibration function, you can run the display wlan
calibrate channel-set command to check the effective calibration channels and
bandwidth.
Example
# Display the calibration channels and bandwidth that take effect globally.
<HUAWEI> display wlan calibrate channel-set
Country code: CN
--------------------------------------------------------------------------------
Radio band Bandwidth Channel Set
--------------------------------------------------------------------------------
2.4G 20MHz 1,6,11
5G 20MHz 149,153,157,161,165
--------------------------------------------------------------------------------
Table 11-24 Description of the display wlan calibrate channel-set command

output
Item Description
Country code Country code.
Radio band Radio type.
Bandwidth Effective calibration bandwidth.
Channel Set Effective calibration channel set.
11.52 display wlan calibrate global configuration

Function
The display wlan calibrate global configuration command displays the global
configuration of radio calibration.
Format
display wlan calibrate global configuration
Parameters
None
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the display wlan calibrate global configuration command to check
the global configuration of radio calibration.
Example
# Display the global configuration of radio calibration.
<HUAWEI> display wlan calibrate global configuration
--------------------------------------------------------------------------------
----------
Mode : manual
Auto start time :-
Auto interval(min) :-
Schedule time :-
Flexible radio mode : auto-switch
Policy :-
Sensitivity : medium
Virtual group size : 50
K-value : 70
Reference data analysis : enable
Environment deterioration blacklist threshold : 16
--------------------------------------------------------------------------------
----------
Table 11-25 Description of the display wlan calibrate global configuration

command output
Item Description
Mode Radio calibration mode.

calibrate enable { auto | manual |
schedule time } command.
Auto start time Start time of automatic radio

calibration (only for the automatic
radio calibration mode).
calibrate enable auto [ interval
interval-value [ start-time start-
time ] ] command.
Auto interval(min) Interval for automatic radio calibration
(only for the automatic radio
calibration mode).
calibrate enable auto [ interval
interval-value [ start-time start-
time ] ] command.

Item Description
Schedule time Time of scheduled radio calibration

(only for the scheduled radio
calibration mode).
calibrate enable schedule time time-
value command.
Flexible radio mode Redundant radio switchover mode.
calibrate flexible-radio { auto-switch
| auto-off } command.
Policy Radio calibration policy.

calibrate policy { rogue-ap | load |
non-wifi | noise-floor } command.
Sensitivity Radio calibration sensitivity.

calibrate sensitivity { high | medium
| low | insensitivity | custom-
threshold custom-threshold }
command.
Virtual group size Parameter of the radio calibration

algorithm.
calibrate virtual-group-size size-value
k-value k-value command.
K-value Parameter of the radio calibration

algorithm.
calibrate virtual-group-size size-value
k-value k-value command.
Reference data analysis Whether to enable Big Data

calibration. Only cloud APs support
this parameter.
calibrate reference data-analysis
disable command.
Environment deterioration blacklist Blacklist threshold for the number of

threshold times the channel environment
deteriorates.
calibrate environment-deterioration-
blacklist threshold command.

11.53 display wlan calibrate statistics

Function
The display wlan calibrate statistics command displays radio calibration
statistics.
Format
display wlan calibrate statistics radio radio-id
Parameters
radio radio-id Displays radio calibration statistics on the The value is an

specified radio. integer that ranges
from 0 to 2.
Three radios are
available only on
the , AP4030TN,
AP4051TN,
AP6750-10T,
AP8050TN-HD.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display wlan calibrate statistics command to view radio
calibration statistics, helping check whether the radio environment is stable.
Example
# Display calibration statistics about radio 0.
<HUAWEI> display wlan calibrate statistics radio 0
-----------------------------------------------------------------------
Signal environment deterioration :1
Power calibration :1
Channel calibration :0
-----------------------------------------------------------------------

Table 11-26 Description of the display wlan calibrate statistics command output
Item Description
Signal environment deterioration Number of times the radio

environment deteriorates.
Power calibration Number of times the power of the

radio is calibrated.
Channel calibration Number of times the channel of the

radio is calibrated.
11.54 dynamic-edca enable

Function
The dynamic-edca enable command enables dynamic EDCA parameter
adjustment.
The undo dynamic-edca enable command disables dynamic EDCA parameter
adjustment.
By default, dynamic EDCA parameter adjustment is disabled.
Format
dynamic-edca enable
undo dynamic-edca enable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
A WLAN has only three non-overlapping channels on the 2.4 GHz frequency band.
When APs are deployed densely, multiple APs have to work in the same channel,
resulting in co-channel interference. This interference degrades network
performance.
The dynamic EDCA parameter adjustment function allows APs to adjust EDCA
parameters flexibly to reduce the possibility of collision, improve the throughput,
and enhance user experience.

Example
# Enable dynamic EDCA parameter adjustment.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-test] dynamic-edca enable
11.55 dynamic-edca threshold

Function
The dynamic-edca threshold command configures the threshold for the dynamic
EDCA Best-Effort service.
The undo dynamic-edca threshold command restores the default threshold for
the dynamic EDCA Best-Effort service.
The default threshold for the dynamic EDCA Best-Effort service is 6 pps.
Format
dynamic-edca threshold be-service be-service-threshold
undo dynamic-edca threshold be-service
Parameters
be-service be-service- Specifies the threshold The value is an integer

threshold for the dynamic EDCA that ranges from 1 to
Best-Effort service. 1000, in pps.
Views
RRM profile view
Default Level
Usage Guidelines
When dynamic EDCA is enabled, the system dynamically adjusts EDCA parameters
for the Best-Effort service and Background service based on the number of Best-
Effort users, improving user experience.
If the number of Best-Effort service packets from a user in the radio's internal
statistics queue exceeds the threshold (specified using the dynamic-edca
threshold command) per unit time (1s), the user is considered a Best-Effort user.

Before running this command, you must run the dynamic-edca enable command
to enable dynamic EDCA.
Example
# Set the threshold for the dynamic EDCA Best-Effort service to 10 pps.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] dynamic-edca enable
[HUAWEI-wlan-rrm-prof-default] dynamic-edca threshold be-service 10
11.56 high-density amc-optimize enable

Function
The high-density amc-optimize enable command enables the adaptive
modulation and coding (AMC) optimization function in high-density scenarios.
The undo high-density amc-optimize enable command disables the AMC

optimization function in high-density scenarios.
By default, the AMC optimization function is disabled in high-density scenarios.
Format
high-density amc-optimize enable
undo high-density amc-optimize enable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
In typical high-density scenarios, a large number of hidden nodes exist, which

interfere in communication between APs and STAs and affect product
performance. The AMC optimization function can reduce such interference and
improve the AMC algorithm performance.
● It is recommended that this function be enabled in high-density scenarios
where directional antennas are used.

● This function is not applicable to scenarios where STAs move fast between
APs.
Precautions
● This function is available only for 802.11ac Wave 2 and 802.11ax series APs.
Currently, the adaptive modulation and coding (AMC) optimization function
in high-density scenarios is not supported by AirEngine series APs (except the
AirEngine 5760-10).
● This function does not take effect in MU-MIMO mode.
Example
# Enable the AMC optimization function in high-density scenarios on the RRM
profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] high-density amc-optimize enable
11.57 interference adjacent-channel threshold

Function
The interference adjacent-channel threshold command configures the alarm
threshold for adjacent-channel interference.
The undo interference adjacent-channel threshold command restores the

default alarm threshold for adjacent-channel interference.
By default, the alarm threshold for adjacent-channel interference is 50%.
Format
interference adjacent-channel threshold threshold-value
undo interference adjacent-channel threshold
Parameters
threshold- Specifies the alarm threshold, which is The value is an

value the percentage of the adjacent-channel integer that ranges
interference power against the maximum from 1 to 100, in
power. percentage.
Views

Default Level
Usage Guidelines
Two APs with different center frequencies have overlapping areas, resulting in
adjacent-channel interference. When APs are placed too close to each other or
have strong signals, more noise is produced, degrading network performance.
After the interference detect-enable command is executed to enable interference

detection, an AP can detect adjacent-channel interference. When the AP detects
that adjacent-channel interference exceeds the alarm threshold configured using
the interference adjacent-channel threshold command, an alarm is generated.
Example
# Set the alarm threshold for adjacent-channel interference to 52%.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] interference detect-enable
[HUAWEI-wlan-radio-2g-prof-default] interference adjacent-channel threshold 52
11.58 interference co-channel threshold

Function
The interference co-channel threshold command configures the alarm threshold
for co-channel interference.
The undo interference co-channel threshold command restores the default

alarm threshold for co-channel interference.
By default, the alarm threshold for co-channel interference is 50%.
Format
interference co-channel threshold threshold-value
undo interference co-channel threshold
Parameters
threshold- Specifies the alarm threshold, which is The value is an

value the percentage of the co-channel integer that ranges
interference power against the maximum from 1 to 100, in
power. percentage.

Views
Default Level
Usage Guidelines
Two APs working in the same frequency band interfere with each other. For
example, on a large-scale WLAN (a university campus network), different APs
often use the same channel. When there are overlapping areas among these APs,
co-channel interference exists, degrading network performance.

detection, an AP can detect adjacent-channel interference. When the AP detects
that co-channel interference exceeds the alarm threshold configured using the
interference co-channel threshold command, an alarm is generated.
Example
# Set the alarm threshold for co-channel interference to 60%.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] interference co-channel threshold 60
11.59 interference detect-enable

Function
The interference detect-enable command enables interference detection.
The undo interference detect-enable command disables interference detection.
By default, interference detection is disabled.
Format
undo interference detect-enable
Parameters
None
Views

Default Level
Usage Guidelines
WLAN wireless channels are vulnerable to interference in surrounding radio
environments, and the service quality is therefore degraded. If interference
detection is configured, a monitor AP can know the radio environment in real time
and generate alarms in a timely manner.
Interference detection enables an AP to detect AP co-channel interference, AP

adjacent-channel interference, and STA interference.
● AP co-channel interference: Two APs working on the same frequency band
interfere with each other. For example, on a large-scale WLAN (a university
campus network), different APs often use the same channel. When there are
overlapping areas among these APs, co-channel interference exists, degrading
network performance.
● AP adjacent-channel interference: Two APs with different center frequencies
have overlapping areas, resulting in adjacent-channel interference. Therefore,
if APs are placed too close to each other or they have strong signals, more
noise will be produced, degrading network performance.
● STA interference: If there are many STAs that are managed by other APs
around an AP, services of the STAs managed by the local AP may be affected.
Example
# Enable interference detection.
[HUAWEI] wlan
11.60 interference station threshold

Function
The interference station threshold command configures the alarm threshold for
STA interference.
The undo interference station threshold command restores the default alarm
threshold for STA interference.
By default, the alarm threshold for STA interference is 32.
Format
interference station threshold threshold-value
undo interference station threshold

Parameters
threshold- Specifies the alarm threshold. The value is an

value integer that ranges
from 1 to 256.
Views
Default Level
Usage Guidelines
If there are many STAs that are managed by other APs around an AP, services of
the STAs managed by the local AP may be affected.

detection, an AP can detect STAs that are managed by other APs. When the AP
detects that the number of such STAs exceeds the alarm threshold configured
using the interference station threshold command, an alarm is generated.
Example
# Set the alarm threshold for STA interference to 50.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] interference station threshold 50
11.61 power auto-adjust enable

Function
The power auto-adjust enable command enables signal-strength-based power
adjustment for APs.
The undo power auto-adjust enable command disables signal-strength-based

power adjustment for APs.
By default, signal-strength-based power adjustment is disabled for an AP.
Format
power auto-adjust enable
undo power auto-adjust enable

Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
The traditional radio power control function sets the power of an AP to a fixed
value to keep the power of all STAs connecting to the AP the same.
You can run the power auto-adjust enable command to enable signal-strength-
based power adjustment. This function enables an AP to detect the signal strength
of a STA in a timely manner. If the AP detects that the signal strength of the STA is
strong (for example, the STA is near the AP), the AP reduces its transmit power
when sending packets. If the AP detects that the signal strength of the STA is
weak (for example, the STA is far from the AP), the AP uses the normal transmit
power to send radio signals.
Prerequisites
The power mode has been set to automatic using the calibrate auto-txpower-
select enable command.
Example
# Enable signal-strength-based power adjustment for APs.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] power auto-adjust enable
11.62 reset ap traffic statistics wireless

Function
The reset ap traffic statistics wireless command clears packet statistics on a
specified AP radio.
Format
reset ap traffic statistics wireless radio radio-id

Parameters
radio radio-id Clears packet statistics The value is an integer

on a specified radio. that ranges from 0 to 2.
Three radios are
available only on the ,
AP4030TN, AP4051TN,
AP6750-10T, AP8050TN-
HD.
Views
WLAN view
Default Level
3: Management level
Usage Guidelines
You can run this command to clear packet statistics on a specified AP radio.
Example
# Clear packet statistics on radio 2 of the AP.
[HUAWEI] wlan
[HUAWEI-wlan-view] reset ap traffic statistics wireless radio 2
11.63 reset station steer-history

Function
The reset station steer-history command deletes historical information about
STA migrations.
Format
reset station steer-history
Parameters
None
Views
All views

Default Level
3: Management level
Usage Guidelines
You can run this command to delete historical information about STA migrations.
Example
# Delete historical information about migrations of all STAs.
<HUAWEI> reset station steer-history
11.64 reset station steer-statistics

Function
The reset station steer-statistics command deletes statistics about STA steering.
Format
reset station steer-statistics
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
You can run this command to delete statistics about STA steering.
Example
# Delete statistics about STA steering.
<HUAWEI> reset station steer-statistics
11.65 reset flexible-radio switch-record

Function
The reset flexible-radio switch-record command clears switching records of
redundant radios.

Format
reset flexible-radio switch-record all
Parameters
all Clears switching records of all redundant -

radios.
Views
All views
Default Level
3: Management level
Usage Guidelines
You can run the reset flexible-radio switch-record command to clear switching
records of redundant radios.
Example
# Clear switching records of all redundant radios.
<HUAWEI> reset flexible-radio switch-record all
11.66 reset wlan calibrate statistics

Function
The reset wlan calibrate statistics command clears radio calibration statistics.
Format
reset wlan calibrate statistics radio radio-id

Parameters
radio radio-id Clears calibration The value is an integer

statistics about the radio that ranges from 0 to 2.
with the specified radio Three radios are
ID. available only on the ,
AP4030TN, AP4051TN,
AP6750-10T, AP8050TN-
HD.
Views
User view
Default Level
3: Management level
Usage Guidelines
Run the reset wlan calibrate statistics command to clear radio calibration
statistics, including the number of times the radio environment deteriorates and
number of times the radio channel and power are calibrated.
Example
# Clear calibration statistics about radio 0.
<HUAWEI> reset wlan calibrate statistics radio 0
11.67 rrm-profile (WLAN view)

Function
The rrm-profile command displays the RRM profile view.
The undo rrm-profile command deletes an RRM profile.
By default, the system provides the RRM profile default.
Format
rrm-profile name profile-name
undo rrm-profile { name profile-name | all }

Parameters
name profile- Specifies the name of an RRM profile. The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all RRM profiles. The RRM profile

default can be
modified but cannot
be deleted.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
WLAN technology uses radio signals (such as 2.4 GHz or 5 GHz radio waves) as
transmission medium. Radio signals will attenuate when transmitted over the air,
degrading service quality for wireless users. Radio resource management (RRM)
enables a WLAN to adapt to changes in the radio environment by dynamically
adjusting radio resources. This improves service quality for wireless users.
Follow-up Procedure
Run the rrm-profile (radio profile view) command to bind the RRM profile to a
radio profile so that the RRM profile can take effect.
Example
# Display the view of the RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default]

11.68 rrm-profile (radio profile view)

Function
The rrm-profile command binds an RRM profile to a radio profile.
The undo rrm-profile command unbinds an RRM profile from a radio profile.
By default, the RRM profile default is bound to a radio profile.
Format
rrm-profile profile-name
undo rrm-profile
Parameters
profile-name Specifies the name of an RRM profile. The RRM profile

name must already
exist.
Views
Default Level
Usage Guidelines
After you create an RRM profile using the rrm-profile (WLAN view) command,
bind the RRM profile to a radio profile so that the RRM profile can take effect.
Example
# Bind the RRM profile default to the radio profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] quit
[HUAWEI-wlan-radio-2g-prof-default] rrm-profile default

11.69 scan-channel-set
Function
The scan-channel-set command configures an air scan channel set.
The undo scan-channel-set command restores the default air scan channel set.
By default, an air scan channel set contains all channels supported by the country
code of an AP.
Format
scan-channel-set { country-channel | dca-channel | work-channel }
undo scan-channel-set
Parameters
country- Specifies an air scan channel set that -

channel contains all channels supported by the
country code of an AP.
dca-channel Specifies a calibration channel set as the -

air scan channel set. To configure a
calibration channel set, run the dca-
channel channel-set command.
work- Specifies an air scan channel set that -

channel contains working channels of APs.
Views
Air scan profile view
Default Level
Usage Guidelines
Usage Scenario
After you run the scan-channel-set command to specify an air scan channel set
for an AP, the AP scans channels in the channel set. The collected information is
reported to the server for radio calibration, smart roaming, terminal location, or
WIDS data analysis.
Precautions

● If the air scan channel set you specified contains all channels supported by
the country code of the AP, the AP scans data on many channels but the
channel scanning lasts for a long time, which may affect real-time data
analysis.
● If you specify a calibration channel set as the air scan channel set, the AP
scans data on a few channels. This reduces the channel scanning time,
increases the terminal location accuracy, and reduces burden on the device.
● If you add only working channels of an AP to the air scan channel set, the AP
only scans the working channels.
Example
# Configure an air scan channel set that contains all calibration channels.
[HUAWEI] wlan
[HUAWEI-wlan-view] air-scan-profile name test
[HUAWEI-wlan-air-scan-prof-test] scan-channel-set dca-channel
11.70 scan-disable
Function
The scan-disable command disables the air scan function.
The undo scan-disable command enables the air scan function.
By default, the air scan function is enabled.
Format
scan-disable
undo scan-disable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
When an AP does not require air scan, you can run the scan-disable command to
disable the air scan function. The AP then will stop scanning surrounding wireless
signals.

Precautions
Disabling air scan will affect scanning functions, such as radio calibration,
spectrum analysis, terminal location, WIDS, smart roaming, and DFS smart
selection.
Example
# Disable the air scan function.
[HUAWEI] wlan
[HUAWEI-wlan-air-scan-prof-test] scan-disable
Warning: This operation will affect scanning-related services such as radio calibration, spectrum analysis,
terminal location, WIDS
function, smart roaming and DFS smart selection.Continue? [Y/N]y
11.71 scan-enhancement
Function
The scan-enhancement command enables the scanning enhancement function.
The undo scan-enhancement command disables the scanning enhancement
function.
By default, the scanning enhancement function is disabled.
Format
scan-enhancement
undo scan-enhancement
Parameters
None
Views
Default Level
Usage Guidelines
The third radio of some APs is used specifically for radio scanning and does not
support configuration or STA access. After the scanning enhancement function is
enabled, the current radio works with the third radio to perform radio scanning
and provide scanning feature data. When multiple radios collect and provide data
simultaneously, the scanning performance and precision are improved. After the
scanning enhancement function is disabled, scanning feature data on the current

radio is provided by the third radio. The third radio does not involve in scanning.
Therefore, scanning features on the radio do not affect STA access.
The third radio of these APs supports scanning only on the single spatial stream.
When functions such as location and WIDS detection, it is recommended that the
scanning enhancement function be enabled if high performance and precision are
required.
When services that are sensitive to packet loss or delay (for example, voice or
video services) are used, it is recommended that the scanning enhancement
function be disabled.
Example
# Enable the scanning enhancement function.
[HUAWEI] wlan
[HUAWEI-wlan-air-scan-prof-test] scan-enhancement
11.72 scan-interval
Function
The scan-interval command sets an air scan interval.
The undo scan-interval command restores the default air scan profile.
By default, the air scan interval is 10000 ms.
Format
scan-interval scan-time
undo scan-interval
Parameters
scan-time Specifies an air scan interval. The value is an

With a smaller air scan interval, more integer that ranges
sampling data can be obtained, which from 300 to 600000,
increases the performance overhead in in milliseconds.
turn. An air scan interval of less than
2000 ms may affect service running.
Views

Default Level
Usage Guidelines
Usage Scenario
After an air scan interval is specified using the scan-interval command, APs scan
channels at the specified intervals.
Precautions
The air scan interval also applies to radio calibration, smart roaming, WLAN
location, and WIDS functions.
If the customer has high requirements on real-time data analysis, configure a

small air scan interval using the scan-interval command to improve the scan
frequency. However, higher scan frequency indicates much larger impact on the
services.
Ensure that the air scan interval meets the following condition: scan-interval ≥
beacon-interval + 100 ms
In vehicle-ground communication scenarios, the air scan interval ranges from 300
ms to 1000 ms.
Example
# Set the air scan interval to 3000 ms for APs.
[HUAWEI] wlan
[HUAWEI-wlan-air-scan-prof-test] scan-interval 3000
11.73 scan-period
Function
The scan-period command sets the air scan period.
The undo scan-period command restores the default air scan period.
By default, the air scan period is 60 ms.
Format
scan-period scan-time
undo scan-period

Parameters
scan-time Specifies the air scan period. The value is an

integer that ranges
from 60 to 100, in
milliseconds.
Views
Default Level
Usage Guidelines
Usage Scenario
After the air scan period is configured using the scan-period command, an AP
continuously scans surrounding radio signals in the configured period. After the
period expires, the AP reports the collected information to server. The information
is used for radio calibration, smart roaming, WLAN location, or WIDS data
analysis.
Precautions
A longer air scan period indicates more collected data and a more accurate data
analysis result. However, if the air scan period is set too large, WLAN services are
affected. You are advised to use the default value.
Example
# Set the air scan period to 80 ms for APs.
[HUAWEI] wlan
[HUAWEI-wlan-air-scan-prof-test] scan-period 80
11.74 smart-antenna { enable | disable }

Function
The smart-antenna { enable | disable } command enables or disables the smart
antenna selection algorithm for an AP.
The undo smart-antenna command restores the smart antenna selection
algorithm of an AP to the default state.
By default, the smart antenna selection algorithm is disabled for AP7030DE,
AP7050DE, and AP7052DE.

Format
undo smart-antenna
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
With the smart antenna selection algorithm, an AP can adjust the antenna mode
for transmitting signals based on STA locations and select a proper combination of
antenna arrays to communicate with STAs. This improves the RSSIs of STAs and
improves user experience.
Precautions
The AP2051DN, AP2051DN-E, AP2051DN-S, AP3050DE, AP4050DE-B-S,
AP4050DE-M, AP4050DE-M-S, AP5510-W-GP, AP6750-10T, AP7030DE, AP7050DE,
AP7052DE, R251D, R251D-E support the smart antenna selection algorithm.
Example
# Enable the smart antenna selection algorithm for an AP.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] smart-antenna enable
11.75 smart-antenna throughput-triggered-training

Function
The smart-antenna throughput-triggered-training command sets a sudden
performance change threshold that triggers smart antenna training.
The undo smart-antenna throughput-triggered-training command restores the
default sudden performance change threshold that triggers smart antenna
training.
The default sudden performance change threshold that triggers smart antenna
training is 10%.

Format
smart-antenna throughput-triggered-training threshold threshold
undo smart-antenna throughput-triggered-training threshold
Parameters
threshold Specifies a sudden performance change The value is an

threshold threshold that triggers antenna training. integer that ranges
from 10 to 50, in
percentage. In
addition, the value
must be a multiple
of 10.
Views
Default Level
Usage Guidelines
In a smart antenna system, the device monitors performance (throughput) of
transmit ends. If the detected throughput of a transmit end exceeds the sudden
performance change threshold specified using the smart-antenna throughput-
triggered-training command, a new round of antenna training is triggered.
● In a good air interface environment, set a high sudden performance change
threshold to prevent frequent antenna training from affecting user services.
● In a poor air interface environment, set a low sudden performance change
threshold to improve the WLAN's anti-interference capability.
Example
# Set the sudden performance change threshold that triggers antenna training to
10%.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] smart-antenna throughput-triggered-training threshold 10

11.76 smart-antenna training-interval

Function
The smart-antenna training-interval command sets the smart antenna training
interval.
The undo smart-antenna training-interval command restores the default smart

antenna training interval.
The default smart antenna training interval is auto, indicating that a smart
antenna is trained in self-adaptation mode.
Format
smart-antenna training-interval { training-interval | auto }
undo smart-antenna training-interval
Parameters
training- Indicates the smart antenna training The value is an

interval interval. integer that ranges
from 10 to 600, in
seconds.
auto Indicates that a smart antenna is trained -

in self-adaptation mode.
Views
Default Level
Usage Guidelines
You can run the smart-antenna training-interval command to set the smart
antenna training interval. When the period since the last round of smart antenna
training exceeds the specified interval, a new round of smart antenna training is
triggered.
Configure the smart antenna training interval based on actual situations.

● A short antenna training interval causes frequency antenna training and
affects user services.

● A long antenna training interval causes the device's failure to switch the
antenna combination in time to adapt to WLAN environment changes.
When the default smart antenna training interval is restored, that is, smart
antennas are trained in self-adaptation mode, the device adaptively calculates the
antenna training interval based on the number of concurrent STAs.
Example
# Set the smart antenna training interval to 100 seconds.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] smart-antenna training-interval 100
11.77 smart-antenna training-mpdu-number

Function
The smart-antenna training-mpdu-number command sets the number of MAC
protocol data units (MPDUs) sent by an AP to a STA during smart antenna
training.
The undo smart-antenna training-mpdu-number command restores the default

number of MPDUs sent by an AP to a STA during smart antenna training.
By default, 640 MPDUs are sent by an AP to a STA during smart antenna training.
Format
smart-antenna training-mpdu-number training-mpdu-number
undo smart-antenna training-mpdu-number
Parameters
training- Specifies the number of MPDUs sent by The value is an

mpdu- an AP to a STA during smart antenna integer that ranges
number training. from 10 to 1000.
Views
Default Level

Usage Guidelines
In the smart antenna algorithm, an AP uses different antenna combinations to
send training packets for antenna training. During smart antenna training, the
transmit end (AP) sends training packets to a receive end (STA). The receive end
measures the PER and RSSI in the received packets, and then sends the PER and
RSSI to the transmit end. The transmit end collects information about all antenna
combinations and corresponding PERs and RSSIs to determine the optimal
antenna combination for the receiver.
You can run the smart-antenna training-mpdu-number command to set the
number of MPDUs sent by an AP to a STA during smart antenna training.
If the traffic rate, bandwidth, and air interface rate of the STA are high, set a small
value. Otherwise, set a large value.
Example
# Set the number of MPDUs sent by an AP to a STA during smart antenna training
to 600.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] smart-antenna training-mpdu-number 600
11.78 smart-antenna valid-per-scope

Function
The smart-antenna valid-per-scope command sets the upper and lower valid
packet error rate (PER) thresholds in the smart antenna algorithm.
The undo smart-antenna valid-per-scope command restores the default upper
and lower valid PER thresholds in the smart antenna algorithm.
The default upper and lower valid PER thresholds are 80% and 20%, respectively.
Format
smart-antenna valid-per-scope { high-per-threshold high-per-threshold | low-
per-threshold low-per-threshold }
undo smart-antenna valid-per-scope { high-per-threshold | low-per-
threshold }

Parameters
high-per- Specifies the upper valid PER threshold. The value is an

high-per- from 50 to 90, in
threshold percentage. In
addition, the value
must be a multiple
of 10.
low-per- Specifies the lower valid PER threshold. The value is an

low-per- from 10 to 30, in
threshold percentage. In
addition, the value
must be a multiple
of 10.
Views
Default Level
Usage Guidelines
In the smart antenna algorithm, an AP uses different antenna combinations to
send training packets for antenna training. During smart antenna training, the
transmit end (AP) sends training packets to a receive end (STA). The receive end
measures the PER and RSSI in the received packets, and then sends the PER and
RSSI to the transmit end. The transmit end collects information about all antenna
combinations and corresponding PERs and RSSIs to determine the optimal
antenna combination for the receiver.
The PER is a key basis for the smart antenna algorithm. After proper upper and
lower valid PER thresholds are configured, the smart antenna algorithm can select
a proper antenna combination to improve the coverage and anti-interference
capability of a WLAN in indoor coverage scenarios.
Example
# Set the upper valid PER threshold to 80%.
[HUAWEI] wlan
[HUAWEI-wlan-radio-2g-prof-default] smart-antenna valid-per-scope high-per-threshold 80

11.79 smart-roam advanced-scan disable

Function
The smart-roam advanced-scan disable command disables the coordinated
scanning function of smart roaming.
The undo smart-roam advanced-scan disable command enables the coordinated

scanning function of smart roaming.
By default, the coordinated scanning function of smart roaming is enabled.
Format
smart-roam advanced-scan disable
undo smart-roam advanced-scan disable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
During the roaming steering for sticky STAs, real-time information about
neighboring APs is required to determine the target AP. If STAs do not support
802.11k radio resource measurement, you can run the undo smart-roam
advanced-scan disable command to enable the coordinated scanning function of
smart roaming. In this way, APs can collect real-time information about
neighboring APs through synchronized radio resource measurement, and generate
a neighbor AP table of the STAs.
After the coordinated scanning function of smart roaming is enabled, radios

switch channels to scan STA information while ensuring voice and video services. If
voice and video services are affected, you can disable this function.
Prerequisites
Smart roaming has been enabled using the undo smart-roam disable command.

Example
# Enable the coordinated scanning function of smart roaming.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] undo smart-roam disable
[HUAWEI-wlan-rrm-prof-default] undo smart-roam advanced-scan disable
11.80 smart-roam disable

Function
The smart-roam disable command disables smart roaming.
The undo smart-roam disable command enables smart roaming.
By default, smart roaming is enabled.
Format
smart-roam disable
undo smart-roam disable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
When STAs connected to an AP have weak signals, their network access rates are
low. In this situation, if many low-rate STAs connect to the AP, air interface
occupation time of other STAs is reduced. As a result, the AP throughput
decreases, degrading user experience. To prevent this situation, configure forced
logout of weak-signal STAs. When detecting that the SNR or access rate of a STA
is lower than the specified threshold, the AP sends a Disassociation packet to the
STA to force the STA offline so that the STA can reconnect to the WLAN.
Follow-up Procedure
Run the smart-roam roam-threshold { check-snr | check-rate } command to
configure the trigger mode of smart roaming and the smart-roam roam-

threshold { snr | rate } command to configure the smart roaming threshold. After
that, APs forcibly disconnect STAs with SNR or access rate lower than the
threshold.
Example
# Enable smart roaming.
[HUAWEI] wlan
11.81 smart-roam quick-kickoff back-off-time

Function
The smart-roam quick-kickoff back-off-time command sets the backoff time for
The undo smart-roam quick-kickoff back-off-time command restores the
default backoff time for quickly disconnecting STAs.
By default, the backoff time for quickly disconnecting STAs is 60 seconds.
Format
smart-roam quick-kickoff back-off-time back-off-time
undo smart-roam quick-kickoff back-off-time
Parameters
back-off-time Specifies the backoff time for quickly The value is an

disconnecting STAs. integer that ranges
from 1 to 600, in
seconds.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the function of quickly disconnecting STAs is enabled, you can run the
smart-roam quick-kickoff back-off-time command to set the backoff time for

quickly disconnecting STAs to prevent STAs from being disconnected frequently.

STAs are not disconnected within the backoff time.
Precautions
Do not set the backoff time to a too small value. Otherwise, STAs may be
disconnected frequently.
Example
# Set the backoff time for quickly disconnecting STAs to 60 seconds.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff back-off-time 60
11.82 smart-roam quick-kickoff-snr check-interval

Function
The smart-roam quick-kickoff-snr check-interval command configures the
interval for checking the SNR to determine whether to quickly disconnect STAs.
The undo smart-roam quick-kickoff-snr check-interval command restores the
default interval for checking the SNR to determine whether to quickly disconnect
STAs.
The default interval for checking the SNR to determine whether to quickly
disconnect STAs is 500 ms.
Format
smart-roam quick-kickoff-snr check-interval check-interval
undo smart-roam quick-kickoff-snr check-interval
Parameters
check- Specifies an interval for checking the The value is an

interval SNR to determine whether to quickly integer that ranges
check-interval disconnect STAs. from 300 to 3000, in
milliseconds.
Views
RRM profile view
Default Level

Usage Guidelines
Usage Scenario
When the mode for quickly disconnecting STAs is set to check-snr, you can run
the smart-roam quick-kickoff-snr check-interval command to set the interval
for checking the SNR to determine whether to quickly disconnect STAs. A shorter
interval allows the system to determine whether to disconnect STAs more quickly.
Prerequisites
The function of quickly disconnecting STAs has been enabled using the undo
smart-roam quick-kickoff-threshold disable command.
Example
# Set the interval for checking the SNR to determine whether to quickly
disconnect STAs to 600 ms.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] undo smart-roam quick-kickoff-threshold disable
[HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-snr check-interval 600
11.83 smart-roam quick-kickoff-snr p-n criteria

Function
The smart-roam quick-kickoff-snr p-n criteria command configures the PN
threshold for quickly disconnecting STAs.
The undo smart-roam quick-kickoff-snr p-n criteria command restores the

default PN threshold for quickly disconnecting STAs.
By default, the number of PN observation times is 6, and the number of times

criteria are met is 4.
Format
smart-roam quick-kickoff-snr p-n criteria observe-time observe-value qualify-
time qualify-value
undo smart-roam quick-kickoff-snr p-n criteria
Parameters
observe-time Specifies the number of PN observation The value is an

observe-value times. integer that ranges
from 1 to 10.

qualify-time Specifies the number of PN observation The value is an

qualify-value times criteria are met. integer that ranges
from 1 to 10.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
When the mode for quickly disconnecting STAs is set to check-snr, you can run
the smart-roam quick-kickoff-snr p-n criteria command to configure the PN
PN criteria: When N conditions are met in the P range, an event is triggered.
Assume that the value of observe-value is 6 and that of qualify-value is 4, and
the interval for checking the SNR to determine whether to quickly disconnect STAs
is 500 ms. The system detects the SNR of a STA for six consecutive times and
calculates the average SNR value. If the average value is smaller than the total
average value four times, the STA is forced offline.
Prerequisites
Precautions
The value of observe-value must be greater than or equal to that of qualify-
value.
Example
# Set the value of observe-value to 10 and that of qualify-value to 5.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-snr p-n criteria observe-time 10 qualify-
time 5

11.84 smart-roam quick-kickoff-threshold

Function
The smart-roam quick-kickoff-threshold command sets the threshold for quickly
disconnecting STAs.
The undo smart-roam quick-kickoff-threshold command restores the default
By default, the SNR-based threshold for quickly disconnecting STAs is 15 dB, and
the rate-based threshold is 20%.
Format
smart-roam quick-kickoff-threshold { snr snr-threshold | rate rate-threshold }
undo smart-roam quick-kickoff-threshold { snr | rate }
Parameters
snr snr- Specifies the SNR-based threshold for The value is an

threshold quickly disconnecting STAs. integer that ranges
from 5 to 25, in dB.
rate rate- Specifies the rate-based threshold for The value is an

threshold quickly disconnecting STAs. integer that ranges
The rate here refers to the negotiated from 1 to 100, in
rate based on the protocol and signal percentage.
strength when a STA associates with an
AP, instead of the actual rate of the STA.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the function of quickly disconnecting STAs is enabled and the threshold for
quickly disconnecting STAs is specified for an AP using this command, the AP
acquires a STA's SNR or rate from data packets sent from the STA. If the STA's SNR
or rate is lower than the specified threshold, the AP forcibly disconnects the STA so

that the STA can reinitiate a connection with the AP or roam to another AP with
strong signals.
● A large threshold may cause STAs to go offline frequently.
● A small threshold may disable STAs from roaming to an AP with stronger
signals.
This command is applicable to scenarios that have high requirements on real-time
transmission, such as voice and video scenarios.
Prerequisites
The mode for triggering the function of quickly disconnecting STAs has been set
using the smart-roam quick-kickoff-threshold { check-snr | check-rate }
command.
Precautions
STAs may be forced to go offline through the smart roaming function or the
function of quickly disconnecting STAs. If the SNR-based thresholds for the two
functions are both configured, the function with a larger value is preferentially
effective.
Example
# Set the mode for triggering the function of quickly disconnecting STAs to check-
snr and the threshold for quickly disconnecting STAs to 20 dB.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-threshold check-snr
[HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-threshold snr 20
11.85 smart-roam quick-kickoff-threshold { check-snr |

check-rate }
Function
The smart-roam quick-kickoff-threshold { check-snr | check-rate } command
sets the mode for triggering the function of quickly disconnecting STAs.
The undo smart-roam quick-kickoff-threshold command restores the default
mode for triggering the function of quickly disconnecting STAs.
The default mode for triggering the function of quickly disconnecting STAs is
check-snr.
Format
smart-roam quick-kickoff-threshold { check-snr | check-rate } *
undo smart-roam quick-kickoff-threshold

Parameters
check-snr Specifies that the function of quickly -

disconnecting STAs is triggered by
checking the SNR of STAs.
check-rate Specifies that the function of quickly -

disconnecting STAs is triggered by
checking the rate of STAs.
The rate here refers to the negotiated
rate based on the protocol and signal
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the function of quickly disconnecting STAs is enabled, you can run the
smart-roam quick-kickoff-threshold { check-snr | check-rate } command to set
the mode for triggering the function of quickly disconnecting STAs, and set the
threshold for quickly disconnecting STAs. When the SNR or access rate of a STA
detected by an AP is lower than the specified threshold, the AP disconnects the
STA. The STA then can connect to another AP with stronger signals.
Prerequisites
Follow-up Procedure
Run the smart-roam quick-kickoff-threshold command to set the threshold for
Example
# Set the mode for triggering the function of quickly disconnecting STAs to check-
rate.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-threshold check-rate

11.86 smart-roam quick-kickoff-threshold disable

Function
The smart-roam quick-kickoff-threshold disable command disables the function
of quickly disconnecting STAs.
The undo smart-roam quick-kickoff-threshold disable command enables the
function of quickly disconnecting STAs.
By default, the function of quickly disconnecting STAs is enabled for cloud APs and
disabled for Fat APs.
Format
smart-roam quick-kickoff-threshold disable
undo smart-roam quick-kickoff-threshold disable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the function of quickly disconnecting STAs is enabled and the threshold for
quickly disconnecting STAs is specified, the AP disconnects STAs whose SNR or
access rate is lower than the specified threshold. The STAs then can connect to
another AP with stronger signals.
Follow-up Procedure
Run the smart-roam quick-kickoff-threshold { check-snr | check-rate }
command to set the mode for triggering the function of quickly disconnecting
STAs, and the smart-roam quick-kickoff-threshold command to set the
threshold for quickly disconnecting STAs. The AP will disconnect STAs whose SNR
or access rate is lower the specified threshold.
Example
# Enable the function of quickly disconnecting STAs.
[HUAWEI] wlan


11.87 smart-roam roam-threshold { check-snr | check-

rate }
Function
The smart-roam roam-threshold { check-snr | check-rate } command configures
the trigger mode of smart roaming.
The undo smart-roam roam-threshold command restores the default trigger
mode of smart roaming.
By default, the trigger mode of smart roaming is check-snr.
Format
smart-roam roam-threshold { check-snr | check-rate }*
undo smart-roam roam-threshold
Parameters
check-snr Specifies the trigger mode of smart -

roaming as check SNR.
check-rate Specifies the trigger mode of smart -

roaming as check rate.
The rate here refers to the negotiated
rate based on the protocol and signal
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the smart roaming function is enabled, the AP forces STAs to log out based
on the configured trigger mode and threshold of smart roaming. When an AP

receives a STA's data packet, the AP learns the STA's SNR or rate from the data
packet. If the STA's SNR or rate is lower than the configured threshold, roaming is
triggered. Then, the AP sends a Disassociation frame to the STA so that the STA
can reinitiate a connection with the AP.
Prerequisites
Smart roaming has been enabled.
Follow-up Procedure
Run the smart-roam roam-threshold { snr | rate } command to configure the
smart roaming threshold.
Example
# Set the trigger mode of smart roaming to check-rate.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam roam-threshold check-rate
11.88 smart-roam roam-threshold { snr | rate }

Function
The smart-roam roam-threshold { snr | rate } command sets the smart roaming
threshold.
The undo smart-roam roam-threshold command restores the default smart
roaming threshold.
By default, the SNR threshold for smart roaming is 20 dB, and the rate threshold is
20%.
Format
smart-roam roam-threshold { snr snr-threshold | rate rate-threshold }
undo smart-roam roam-threshold { snr | rate }

Parameters
snr snr- Specifies the SNR threshold for smart The value is an
threshold roaming. integer that ranges
If the SNR threshold is 25 dB and noise from 15 to 35, in
floor is -95 dBm, a STA's SNR is lower dB.
than the threshold when the STA's RSSI is
lower than -70 dBm (25 dB + (-95 dBm)
= -70 dBm).
rate rate- Specifies the rate threshold for smart The value is an
threshold roaming. integer that ranges
The rate here refers to the negotiated from 1 to 100, in
rate based on the protocol and signal percentage.
If the maximum capability of the AP and
STA is 54 Mbit/s and the rate threshold is
50%, the lower rate threshold is
considered 27 Mbit/s (54 Mbit/s x 50% =
27 Mbit/s).
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the smart roaming function is enabled, the AP forces STAs to log out based
on the configured trigger mode and threshold of smart roaming. When an AP
receives a STA's data packet, the AP learns the STA's SNR or rate from the data
packet. If the STA's SNR or rate is lower than the configured threshold, smart
roaming is triggered. Then, the AP sends a Disassociation frame to the STA so that
the STA can reinitiate a connection with the AP.
● A large threshold may cause STAs to go offline frequently.
● A small threshold may disable STAs from roaming to an AP with stronger
signals.
Prerequisites
The trigger mode of smart roaming has been configured using the smart-roam
roam-threshold { check-snr | check-rate } command.

Precautions
STAs may be forced to go offline through the smart roaming function or the
function of quickly disconnecting STAs. If the SNR-based thresholds for the two
functions are both configured, the function with a larger value is preferentially
effective.
Example
# Set the trigger mode of smart roaming to check-snr and set the smart roaming
threshold to 25 dB.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam roam-threshold check-snr
[HUAWEI-wlan-rrm-prof-default] smart-roam roam-threshold snr 25
11.89 smart-roam snr-margin

Function
The smart-roam snr-margin command sets the RSSI difference thresholds that
trigger STA roaming steering.
The undo smart-roam snr-margin command restores the default RSSI difference
thresholds that trigger STA roaming steering.
By default, the upper and lower RSSI difference thresholds that trigger STA
roaming steering are 15 dB and 6 dB, respectively.
Format
smart-roam snr-margin high-level-margin high-level-margin low-level-margin
low-level-margin
undo smart-roam snr-margin
Parameters
high-level-margin high- Specifies the upper RSSI The value is an integer

level-margin difference threshold for that ranges from 10 to
triggering STA roaming 20, in dB.
steering.
low-level-margin low- Specifies the lower RSSI The value is an integer

level-margin difference threshold for that ranges from 3 to 15,
triggering STA roaming in dB.
steering.

Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
In smart roaming scenarios, you can configure the thresholds for determining
whether to steer STA roaming. When determining whether to steer a STA to roam
to a neighboring AP, the AP compares the RSSIs of the STA on the neighboring AP
with that on the current AP, which are reported by the STA through coordinated
measurement. If the RSSI difference is higher than a specified threshold, that is,
the STA has a significantly increased RSSI after associating with the neighboring
AP, the AP steers the STA to roam to the neighboring AP.
The parameters low-level-margin and high-level-margin are used to determine
whether to steer sticky STAs and common STAs, respectively, to roam to
neighboring APs. In most cases, you are advised to set high-level-margin larger
than low-level-margin so that sticky STAs can roam to neighboring APs with
better experience as soon as possible.
The default difference thresholds are recommended. If APs are deployed close to
each other and have high transmit power, set larger values for the upper and
lower RSSI difference thresholds.
Prerequisites
Example
# Set the upper and lower RSSI difference thresholds that trigger STA roaming
steering to 10 dB and 6 dB, respectively.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam snr-margin high-level-margin 10 low-level-margin 6
11.90 smart-roam unable-roam-client expire-time

Function
The smart-roam unable-roam-client expire-time command sets the aging time
of the "unable to roam" record for STAs.
The undo smart-roam unable-roam-client expire-time command restores the
default aging time of the "unable to roam" record for STAs.
By default, the aging time of the "unable to roam" record is 120 minutes.

Format
smart-roam unable-roam-client expire-time expire-time
undo smart-roam unable-roam-client expire-time
Parameters
expire-time Specifies the aging time of the "unable The value is an

to roam" record. integer that ranges
from 30 to 2880, in
minutes.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After smart roaming is enabled, you can run the smart-roam unable-roam-client
expire-time command to set the aging time of the "unable to roam" record for
STAs. When the device requests a STA to roam but the STA keeps sending
association requests to the original AP or does not initiate an association request,
the device records the terminal as "unable to roam" and does not trigger STA
roaming within the specified time. After the aging time is reached, the "unable to
roam" record for STAs is automatically cleared, and the system can trigger
roaming of the STAs.
A STA is recorded as "unable to roam" due to the following reasons:
● Due to different software configurations, some STAs preferentially send
association requests to APs with which they have once associated.
● In some environments, STAs cannot scan APs with strong signals.
● STAs enter the dormancy state and do not roam once they are forcibly
disconnected.
The aging time to configure varies for different reasons. A large aging time is used
for the software configuration reason so that the AP will trigger roaming of the
STAs as less as possible. However, a small aging time is used in other situations so
that the AP will attempt to trigger roaming of the STAs marked "unable to roam."
Prerequisites

Example
# Set the aging time of the "unable to roam" record to 50 minutes.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] smart-roam unable-roam-client expire-time 50
11.91 sta-load-balance dynamic btm-fail-times

Function
The sta-load-balance dynamic btm-fail-times command sets the maximum
number of attempts to steer STAs in BTM mode.
The undo sta-load-balance dynamic btm-fail-times command restores the
default maximum number of attempts to steer STAs in BTM mode.
By default, the maximum number of attempts to steer STAs in BTM mode is 5.
Format
sta-load-balance dynamic btm-fail-times btm-fail-times
undo sta-load-balance dynamic btm-fail-times
Parameters
btm-fail- Specifies the maximum number of The value is an

times attempts to steer STAs in BTM mode. integer that ranges
from 0 to 10.
The value 0
indicates that the
BTM mode is not
used to steer STAs.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario

The device preferentially uses the BTM mode to trigger STA steering to the target
AP. Due to differences of STAs, some STAs can be successfully steered in BTM
mode after multiple attempts. You can run the sta-load-balance dynamic btm-
fail-times command to set the maximum number of attempts to steer STAs in
BTM mode. If the number of attempts exceeds the specified value, the device
attempts to steer STAs in deauthentication mode.
Precautions
You are advised to retain the default value. If the success rate of STA steering in
BTM mode is low, you can set a smaller value to improve the steering efficiency.
This command takes effect only in sta-number mode.
Example
# Set the maximum number of attempts to steer STAs in BTM mode to 4 in RRM
profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic btm-fail-times 4
11.92 sta-load-balance dynamic deauth-fail-times

Function
The sta-load-balance dynamic deauth-fail-times command sets the maximum
number of attempts to steer STAs in deauthentication mode.
The undo sta-load-balance dynamic deauth-fail-times command restores the
default maximum number of attempts to steer STAs in deauthentication mode.
By default, the maximum number of attempts to steer STAs in deauthentication
mode is 2.
Format
sta-load-balance dynamic deauth-fail-times deauth-fail-times
undo sta-load-balance dynamic deauth-fail-times

Parameters
deauth-fail- Specifies the maximum number of The value is an

times attempts to steer STAs in integer that ranges
deauthentication mode. from 0 to 5.
The value 0
indicates that the
deauthentication
mode is not used to
steer STAs.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
The device attempts to use the 802.11v and deauthentication modes to trigger
STA steering to the target AP. Due to differences of STAs, some STAs can be
successfully steered in deauthentication mode after multiple attempts. You can
run the sta-load-balance dynamic deauth-fail-times command to set the
maximum number of attempts to steer STAs in deauthentication mode. If the
number of attempts exceeds the specified value, STAs cannot be steered.
Precautions
You are advised to retain the default value. If the success rate of STA steering in
deauthentication mode is low or STA services are affected, set the parameter value
to 0 to disable STA steering in deauthentication mode.
Example
# Set the maximum number of attempts to steer STAs in deauthentication mode
to 1 in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic deauth-fail-times 1

11.93 sta-load-balance dynamic deny-threshold

Function
The sta-load-balance dynamic deny-threshold command sets the maximum
number of times an AP rejects association requests of a STA for dynamic load
balancing.
The undo sta-load-balance dynamic deny-threshold command restores the
default maximum number of times an AP rejects association requests of a STA for
dynamic load balancing.
By default, the maximum number of rejections is 3.
Format
sta-load-balance dynamic deny-threshold deny-threshold
undo sta-load-balance dynamic deny-threshold
Parameters
deny- Specifies the maximum number of times The value is an

threshold an AP rejects association requests of a integer that ranges
STA. from 1 to 10.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
If a STA requests to associate with an AP enabled with load balancing but the AP
forbids the association according to the dynamic load balancing algorithm, the AP
will reject the STA's request. However, after the number of rejections exceeds the
maximum value specified by sta-load-balance dynamic deny-threshold
command, the AP allows the STA to associate.
Precautions
This command takes effect only in channel-utilization mode.

Example
# Set the maximum number of rejections to 8 for the terminal.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic deny-threshold 8
11.94 sta-load-balance dynamic disable

Function
The sta-load-balance dynamic disable command disables the dynamic load
balancing function.
The undo sta-load-balance dynamic disable command enables the dynamic load
balancing function.
By default, the dynamic load balancing function is enabled.
Format
sta-load-balance dynamic disable
undo sta-load-balance dynamic disable
Parameters
None
Views
RRM profile view
Default Level
Usage Guidelines
On a Layer 2 network, multiple APs (less than 50) that can discover each other
can form a dynamic load balancing group and elect a leader AP. After a STA
connects to an AP, the leader AP checks whether the AP reaches the load
balancing threshold, and determines whether to steer the STA to a neighboring AP
that meets load balancing requirements based on the load balancing algorithm.
Example
# Disable dynamic load balancing.
[HUAWEI] wlan


[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic disable
11.95 sta-load-balance dynamic sta-number gap-

threshold
Function
The sta-load-balance dynamic sta-number gap-threshold command sets the
load difference threshold for dynamic load balancing based on the number of
users.
The undo sta-load-balance dynamic sta-number gap-threshold command
restores the default load difference threshold for dynamic load balancing based on
the number of users.
By default, the load difference threshold of a dynamic load balancing group is
specified based on the number of users, and the default value is 3.
Format
sta-load-balance dynamic sta-number gap-threshold { percentage percentage-
value | number number-value }
undo sta-load-balance dynamic sta-number gap-threshold
Parameters
percentage Specifies the load difference threshold The value is an

percentage- for dynamic load balancing based on the integer that ranges
value percentage of users. from 1 to 100. It
indicates the
threshold of the
load difference
among radios in a
load balancing
group, in
percentage. The
load difference
refers to the
difference between
the percentages of
users on radios.

number Specifies the load difference threshold The value is an

number-value for dynamic load balancing based on the integer that ranges
number of users. from 1 to 20. It
indicates the
threshold of the
load difference
among radios in a
load balancing
group. The load
difference refers to
the difference
between the
numbers of users on
radios.
Views
RRM profile view
Default Level
Usage Guidelines
When a user requests to connect to an AP, the AP counts the total number of
access users on all radios. If the total number of access users does not exceed the
start threshold configured using the sta-load-balance dynamic sta-number
start-threshold command, the AP does not implement dynamic load balancing.
The AP implements dynamic load balancing only when the total number of access
users on all radios exceeds the start threshold.
If the AP version is V200R010C00 or later, the new load balancing algorithm is

used after the STA access to determine whether to direct a STA to a new AP.
One of the conditions for directing a STA to a new AP is that the radio of the
target load is lower than that of the current access radio. The radio load is
identified by the number or percentage (Number of users associated with the
current radio/Maximum number of access users supported by the radio x 100%) of
access users. If the load difference between the target radio and current radio
exceeds the specified threshold, the condition is met.
NOTE
The start threshold and load difference threshold for dynamic load balancing are used to adjust
the sensitivity for triggering load balancing, and the default values are recommended. If the
start and load difference thresholds are set low, load balancing becomes far easier to be
triggered. As a result, STAs are frequently switched between APs, affecting user experience. If
the start and load difference thresholds are set high, the load balancing mechanism may
become invalid.

Example
# Set the load difference threshold for dynamic load balancing based on the
number of users to 25% in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic sta-number gap-threshold percentage 25
11.96 sta-load-balance dynamic sta-number start-

threshold
Function
The sta-load-balance dynamic sta-number start-threshold command sets the
start threshold for dynamic load balancing based on the number of users.
The undo sta-load-balance dynamic sta-number start-threshold command

restores the default start threshold for dynamic load balancing based on the
number of users.
By default, the start threshold for dynamic load balancing based on the number of
users is 10.
Format
sta-load-balance dynamic sta-number start-threshold start-threshold
undo sta-load-balance dynamic sta-number start-threshold
Parameters
start- Specifies the start threshold for dynamic The value is an

threshold load balancing based on the number of integer that ranges
start- users. from 1 to 40.
threshold
Views
RRM profile view
Default Level

Usage Guidelines
When a user requests to connect to an AP, the AP counts the total number of
access users on all radios. If the number of access users on the requested radio
does not exceed the start threshold, the AP does not implement dynamic load
balancing based on the number of users. The AP implements dynamic load
balancing based on the number of users only after the number of access users
exceeds the start threshold.
NOTE
The start and load difference thresholds for dynamic load balancing configured using the sta-
load-balance dynamic sta-number gap-threshold command can be used to adjust sensitivity
for triggering load balancing. The default values are recommended in typical scenarios. A higher
threshold is recommended in high-density scenarios. If the start and load difference thresholds
are set low, load balancing becomes far easier to be triggered. As a result, STAs are frequently
switched between APs, affecting user experience. If the start and load difference thresholds are
set high, the load balancing mechanism may become invalid.
Example
# Set the start threshold for dynamic load balancing based on the number of
users to 20 in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic sta-number start-threshold 20
11.97 sta-load-balance dynamic channel-utilization

gap-threshold
Function
The sta-load-balance dynamic channel-utilization gap-threshold command
sets the channel utilization difference threshold for load balancing in a dynamic
load balancing group.
The undo sta-load-balance dynamic channel-utilization gap-threshold

command restores the default channel utilization difference threshold for load
balancing in a dynamic load balancing group.
By default, the channel utilization difference threshold for load balancing in a

dynamic load balancing group is 20%.
Format
sta-load-balance dynamic channel-utilization gap-threshold gap-threshold
undo sta-load-balance dynamic channel-utilization gap-threshold

Parameters
gap-threshold gap- Specifies the channel The value is an integer

threshold utilization difference that ranges from 1 to 99,
threshold for load in percentage.
balancing in a dynamic
load balancing group.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
When dynamic load balancing based on the channel usage is implemented, the
SDN controller calculates the channel usage of each member in a dynamic load
balancing group. The SDN controller then compares the channel usage values of
all members in the dynamic load balancing group and obtains the smallest
channel usage value. When a STA requests to associate with an AP radio, the SDN
controller calculates the difference between the radio's channel usage and the
smallest channel usage value, and compares this difference with the specified
threshold. If the difference is smaller than the threshold, the SDN controller allows
the STA to associate with the radio. If not, the SDN controller performs dynamic
load balancing calculation and allows the STA to associate with the radio with a
lower load.
Example
# Set the channel usage difference threshold for load balancing in the dynamic
load balancing group to 30%.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic channel-utilization gap-threshold 30
11.98 sta-load-balance dynamic channel-utilization

start-threshold
Function
The sta-load-balance dynamic channel-utilization start-threshold command
sets the start threshold for dynamic load balancing based on the channel usage.

The undo sta-load-balance dynamic channel-utilization start-threshold

command restores the default start threshold for dynamic load balancing based
on the channel usage.
By default, the start threshold for dynamic load balancing based on the channel
usage is 50%.
Format
sta-load-balance dynamic channel-utilization start-threshold start-threshold
undo sta-load-balance dynamic channel-utilization start-threshold
Parameters
start-threshold start- Specifies the start The value is an integer

threshold threshold for dynamic that ranges from 1 to 99,
load balancing based on in percentage.
the channel usage.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the start threshold is configured for dynamic load balancing based on the
channel usage, an AP calculates the channel usage of the radio with which a STA
associates when the STA requests to connect to the AP. If the channel usage does
not exceed the start threshold, the STA access is permitted. If the channel usage
exceeds the start threshold, the AP calculates the load difference for dynamic load
balancing based on the channel usage. You can run the sta-load-balance
dynamic channel-utilization gap-threshold command to configure the load
difference threshold for dynamic load balancing based on the channel usage.
Example
# Set the start threshold for dynamic load balancing based on the channel usage
to 60%.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic channel-utilization start-threshold 60

11.99 sta-load-balance dynamic probe-report interval

Function
The sta-load-balance dynamic probe-report interval command sets the interval
for reporting Probe frames.
The undo sta-load-balance dynamic probe-report interval command restores
the default interval for reporting Probe frames.
By default, Probe frames are reported at an interval of 120 seconds.
Format
sta-load-balance dynamic probe-report interval interval
undo sta-load-balance dynamic probe-report interval
Parameters
interval Specifies the interval for reporting Probe The value is an

frames. integer that ranges
from 30 to 300, in
seconds.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After an AP receives information about neighboring APs of STAs, it reports the
information to the Leader AP for determining the target APs to which the STAs
will roam. You can run the sta-load-balance dynamic probe-report interval
command to set the interval at which the AP reports information about
neighboring APs of the STAs.
Precautions
You are advised to retain the default value. If the device has high performance
pressure, you can set a longer interval.

Example
# Set the interval for reporting Probe frames to 125 seconds in RRM profile
default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic probe-report interval 125
11.100 sta-load-balance dynamic rssi-diff-gap

Function
The sta-load-balance dynamic rssi-diff-gap command sets the RSSI difference
threshold for members in a dynamic load balancing group.
The undo sta-load-balance dynamic rssi-diff-gap command restores the default
RSSI difference threshold of members in a dynamic load balancing group.
By default, the RSSI difference threshold of members in a dynamic load balancing
group is 5 dB.
Format
sta-load-balance dynamic rssi-diff-gap diff-gap-threshold
undo sta-load-balance dynamic rssi-diff-gap
Parameters
diff-gap- Specifies the RSSI difference threshold of The value is an

threshold members in a dynamic load balancing integer that ranges
group. from 0 to 15, in dB.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario

To achieve load balancing, an AP may steer connected STAs to other APs with
smaller RSSIs. If the RSSI of the AP with which a STA currently associates minus
the RSSI of the target AP is larger than the specified RSSI difference threshold, the
STA is denied from being steered to the target AP; otherwise, the STA can be
steered to the target AP.
Precautions
If STAs have high signal quality deterioration tolerance for the target AP, you can
set a larger RSSI difference threshold to achieve better load balancing effect. If
STAs have low signal quality deterioration tolerance for the target AP, set a
smaller RSSI difference threshold. You are advised to retain the default value.
Example
# Set the RSSI difference threshold of members in a dynamic load balancing
group to 6 dB in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic rssi-diff-gap 6
11.101 sta-load-balance dynamic rssi-threshold

Function
The sta-load-balance dynamic rssi-threshold command sets an RSSI threshold
for member devices in a dynamic load balancing group.
The undo sta-load-balance dynamic rssi-threshold command restores the
default RSSI threshold of member devices in a dynamic load balancing group.
By default, the RSSI threshold of member devices in a dynamic load balancing
group is –65 dBm.
Format
sta-load-balance dynamic rssi-threshold rssi-threshold
undo sta-load-balance dynamic rssi-threshold
Parameters
rssi-threshold Specifies the RSSI threshold of member The value is an

devices in a dynamic load balancing integer that ranges
group. from –75 to –55, in
dBm.

Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
After the RSSI threshold of member devices in a dynamic load balancing group is
set an AP compares the RSSI of a STA with the configured RSSI threshold after
receiving the Probe Request packet sent by the STA. If the STA's RSSI exceeds the
configured RSSI threshold, the AP reports the STA information to the leader AP,
and the AP is added to the dynamic load balancing group. Otherwise, the AP
directly filters the STA information and does not report the information to the
leader AP, and the AP will not be added to the dynamic load balancing group.
Setting an RSSI threshold for member devices in a dynamic load balancing group
is to filter APs with weak signals, so that STAs can be load-balanced between APs
with better signals. This prevents STAs from associating with APs with weak
signals but light loads. This function does not affect STAs' going online.
Precautions
Example
# Set the RSSI threshold for members in a dynamic load balancing group to –70
dBm in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic rssi-threshold -70
11.102 sta-load-balance dynamic steer-restrict auth-

threshold
Function
The sta-load-balance dynamic steer-restrict auth-threshold command sets the
maximum number of times non-target APs suppress authentication of STAs during
STA steering.
The undo sta-load-balance dynamic steer-restrict auth-threshold command

restores the default maximum number of times non-target APs suppress
authentication of STAs during STA steering.
By default, the maximum number of times non-target APs suppress authentication

of STAs during STA steering is 0.

Format
sta-load-balance dynamic steer-restrict auth-threshold auth-threshold
undo sta-load-balance dynamic steer-restrict auth-threshold
Parameters
auth- Specifies the maximum number of times The value is an

threshold non-target APs suppress authentication integer that ranges
of STAs during STA steering. from 0 to 5.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
When a STA is triggered to steer to a specified target AP, non-target APs will
suppress association of the STA temporarily to improve the STA's steering success
rate. You can run the sta-load-balance dynamic steer-restrict auth-threshold
command to set the maximum number of times non-target APs suppress
authentication of STAs during STA steering.
Precautions
You can set a larger value of this parameter to improve the STAs' steering success
rate, which, however, may affect users' network experience.
The default value is applicable to mainstream STAs. You are advised to retain the
default value. If users' service experience deteriorates due to STA steering, set a
smaller value for this parameter.
Example
# Set the maximum number of times non-target APs suppress authentication of
STAs during STA steering to 1 in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic steer-restrict auth-threshold 1

11.103 sta-load-balance dynamic steer-restrict probe-

threshold
Function
The sta-load-balance dynamic steer-restrict probe-threshold command sets the
maximum number of times non-target APs suppress probing of STAs during STA
steering.
The undo sta-load-balance dynamic steer-restrict probe-threshold command
restores the default maximum number of times non-target APs suppress probing
of STAs during STA steering.
By default, the maximum number of times non-target APs suppress probing of
STAs during STA steering is 5.
Format
sta-load-balance dynamic steer-restrict probe-threshold probe-threshold
undo sta-load-balance dynamic steer-restrict probe-threshold
Parameters
probe- Specifies the maximum number of times The value is an

threshold non-target APs suppress probing of STAs integer that ranges
during STA steering. from 0 to 10.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
rate. You can run the sta-load-balance dynamic steer-restrict probe-threshold
command to set the maximum number of times non-target APs suppress probing
of STAs during STA steering.
Precautions

Example
# Set the maximum number of times non-target APs suppress probing of STAs
during STA steering to 4 in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic steer-restrict probe-threshold 4
11.104 sta-load-balance dynamic steer-restrict restrict-

time
Function
The sta-load-balance dynamic steer-restrict restrict-time command sets the
duration within which non-target APs suppress association of STAs during STA
steering.
The undo sta-load-balance dynamic steer-restrict restrict-time command

restores the default duration within which non-target APs suppress association of
STAs during STA steering.
By default, the duration within which non-target APs suppress association of STAs
during STA steering is 5 seconds.
Format
sta-load-balance dynamic steer-restrict restrict-time restrict-time
undo sta-load-balance dynamic steer-restrict restrict-time
Parameters
restrict-time Specifies the duration within which non- The value is an

target APs suppress association of STAs integer that ranges
during STA steering. from 0 to 10, in
seconds.

Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
rate. You can run the sta-load-balance dynamic steer-restrict restrict-time
command to set the duration within which non-target APs suppress association of
STAs during STA steering.
Precautions
Example
# Set the duration within which non-target APs suppress association of STAs
during STA steering to 4 seconds in RRM profile default.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance dynamic steer-restrict restrict-time 4
11.105 sta-load-balance mode

Function
The sta-load-balance mode command configures the dynamic load balancing
mode.
The undo sta-load-balance mode command restores the default dynamic load
balancing mode.
By default, dynamic load balancing based on the number of users is used.
Format
sta-load-balance mode { sta-number | channel-utilization }

undo sta-load-balance mode
Parameters
sta-number Controls user access -

based on the number of
users.
channel-utilization Controls user access -

based on the channel
usage.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
You can run the sta-load-balance mode command to configure the dynamic load
balancing mode based on the actual environment to provide better network
experience for users.
● Dynamic load balancing based on the channel usage uses a complex
algorithm but is accurately implemented to ensure service quality. This mode
is recommended when service types and traffic volumes differ greatly among
users.
● Dynamic load balancing based on the number of users is less accurate but
uses a simple algorithm. This mode is recommended when most users have
the same type of services and similar service traffic volumes.
Example
# Configure dynamic load balancing based on the channel usage.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] sta-load-balance mode channel-utilization

11.106 uac channel-utilization threshold

Function
The uac channel-utilization threshold command configures the user CAC
threshold based on channel usage.
The undo uac channel-utilization threshold command restores the default user
CAC threshold based on channel usage.
By default, the user CAC access and roaming thresholds based on channel usage
are both 80%.
Format
uac channel-utilization threshold access access-threshold [ roam roam-
threshold ]
undo uac channel-utilization threshold
Parameters
access access- Specifies the user CAC access The value is an integer that
threshold threshold based on channel ranges from 1 to 100, in
usage. percentage.
roam roam- Specifies the user CAC roaming The value is an integer that
threshold threshold based on channel ranges from 1 to 100, in
utilization, that is, the channel percentage.
utilization threshold for
reassociated roaming STAs.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
On WLANs where many users exist, such as WLANs in high density scenarios,
users compete fiercely to occupy resources as the number of online users
increases. As a result, network quality deteriorates. To ensure network access
experience of online users, configure the user CAC function. The user CAC function
allows an AP to control user access based on the number of online usersradio

channel utilization, or terminal SNR, which enables provisioning of high-quality

network access services.
CAC is implemented in the following modes:
● User CAC based on channel utilization uses a complex algorithm but is
accurately implemented to ensure service quality. This mode is recommended
when service types and traffic volumes differ greatly among users.
● User CAC based on the number of users is less accurate but uses a simple
algorithm. This mode is recommended when most users have the same type
of services and similar service traffic volumes.
● SNR-based user CAC controls access from weak-signal users, and is applicable
to scenarios where the WLAN has good signal coverage and weak signals only
at the edge of WLAN coverage areas.
CAC based on channel utilization and CAC based on the number of users cannot
be configured together, but either of them can be configured together with SNR-
based CAC.
Prerequisites
The user CAC function based on channel usage has been enabled using the uac
channel-utilization enable command.
Example
# Set the user CAC access and roaming thresholds both to 50%.
[HUAWEI] wlan
[HUAWEI-wlan-view] rrm-profile name huawei
[HUAWEI-wlan-rrm-prof-huawei] uac channel-utilization enable
[HUAWEI-wlan-rrm-prof-huawei] uac channel-utilization threshold access 50 roam 50
11.107 uac enable

Function
The uac enable command enables user CAC.
The undo uac enable command disables user CAC.
By default, user CAC is disabled.
Format
uac { client-number | channel-utilization | client-snr } enable
undo uac { client-number | channel-utilization | client-snr } enable
Parameters
client-number Controls user access based on the number of users. -

channel-utilization Controls user access based on the channel -

utilization.
client-snr Controls user access based on the terminal SNR. -
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
based CAC.
Follow-up Procedure
Run the uac client-number threshold command to set the user CAC threshold
based on the number of users, or run the uac channel-utilization threshold
command to set the user CAC threshold based on channel utilization.
Run the uac client-snr threshold command to set the user CAC threshold based
on terminal SNR.
Run the uac reach-access-threshold hide-ssid command to configure the AP to
automatically hide its SSID when the number of users reaches the user CAC
threshold for new users.

Example
# Enable user CAC based on the number of users.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-test] uac client-number enable
11.108 uac client-number threshold

Function
The uac client-number threshold command configures the user CAC threshold
based on the number of users.
The undo uac client-number threshold command restores the default user CAC
threshold based on the number of users.
By default, the user CAC access and roaming thresholds based on the number of
users are both 64.
Format
uac client-number threshold access access-threshold [ roam roam-threshold ]
undo uac client-number threshold
Parameters
access access- Specifies the user CAC access The value is an integer.
threshold threshold based on the number of The range of the integer is
users. dependent on the specific
device.
roam roam- Specifies the user CAC roaming The value is an integer.
threshold threshold based on the number of The range of the integer is
users. This threshold is the total dependent on the specific
number of users who can be device.
associate with the AP, including all
local and reassociated roaming
users.
Views
RRM profile view
Default Level

Usage Guidelines
Usage Scenario
NOTE
The user CAC access threshold is invalid for roaming users. For example, the user CAC access
threshold is 20, and the user CAC roaming threshold is 24. If 20 local users have already
connected to the network, not more local users can connect to the network but another four
roaming users can.

based CAC.
Prerequisites
The user CAC function based on the number of users has been enabled using the
uac client-number enable command.
Example
# Set the user CAC access threshold based on the number of users to 50 and the
roaming threshold to 60.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-test] uac client-number threshold access 50 roam 60
11.109 uac client-snr threshold

Function
The uac client-snr threshold command configures the user CAC threshold based
on terminal SNR.

The undo uac client-snr threshold command restores the default user CAC
threshold based on terminal SNR.
By default, the user CAC threshold based on terminal SNR is 15 dB.
Format
uac client-snr threshold threshold
undo uac client-snr threshold
Parameters
threshold Specifies the user CAC threshold The value is an integer that ranges
based on terminal SNR. from 5 to 25, in dB.
Views
RRM profile view
Default Level
Usage Guidelines
Usage Scenario
The configured user CAC threshold based on terminal SNR takes effect for new
STAs. When a new STA (or a roaming STA) attempts to connect to an AP, the AP
checks the STA's SNR. If the SNR is smaller than the threshold, the AP denies the
STA's access.
SNR-based user CAC controls access from weak-signal users, applicable to
scenarios where the WLAN has good signal coverage and weak signals only at the
edge of WLAN coverage areas.

based CAC.
Prerequisites
The user CAC function based on terminal SNR has been enabled using the uac
client-snr enable command.
Example
# Set the user CAC threshold based on terminal SNR to 16 dB.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-default] uac client-snr enable
[HUAWEI-wlan-rrm-prof-default] uac client-snr threshold 16
11.110 uac reach-access-threshold

Function
The uac reach-access-threshold command configures the user CAC function and
specifies the action to take when the number of access users reaches the user CAC
threshold.
The undo uac reach-access-threshold command disables SSID hiding or priority-

based user replacement.
By default, SSID hiding and priority-based user replacement are disabled.
Format
uac reach-access-threshold { hide-ssid | priority-replace }
undo uac reach-access-threshold
Parameters
hide-ssid Indicates SSID hiding. -
priority-replace Indicates priority-based user replacement. -
Views
RRM profile view

Default Level
Usage Guidelines
Usage Scenario
After user CAC is configured, you can configure the action to take when the
number of access users reaches the threshold. The following actions are available:
● Deny new user access. This is the default configuration.
● Deny new user access and hide the SSID.
● Disconnect common users to make room for access of high-priority users.
Prerequisites
User CAC has been enabled using the uac { client-number | channel-utilization |
client-snr } enable command.
Precautions
● When you run the undo uac { client-number | channel-utilization | client-
snr } enable command to disable user CAC and automatically cancel SSID
hiding.
● The uac reach-access-threshold priority-replace command takes effect only
when UAC based on the number of users is enabled.
Example
# Enable SSID hiding.
[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-test] uac reach-access-threshold hide-ssid
# Enable priority-based user replacement.

[HUAWEI] wlan
[HUAWEI-wlan-rrm-prof-test] uac reach-access-threshold priority-replace
Info: This configuration only takes effective when uac client-number enabled.
# Deny new user access.

[HUAWEI-wlan-rrm-prof-test] undo uac reach-access-threshold

Fat AP and Cloud AP
Command Reference 12 WLAN Roaming Commands (Common AP)
12 WLAN Roaming Commands

(Common AP)
About This Chapter
12.1 display station roam-track

12.2 display station roam-statistics
12.3 dot11r enable
12.1 display station roam-track

Function
The display station roam-track command displays the roaming track of a STA.
NOTE
Format
display station roam-track sta-mac mac-address
Parameters
sta-mac mac-address Specifies the MAC The value is in H-H-H

address of a specified format. An H is a
STA. hexadecimal number of
4 digits.

Fat AP and Cloud AP
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
During the roaming process of a STA, the device records the STA's roaming track
(that is, information about the APs that the STA connects to). You can run the
display station roam-track command to view the roaming track of the STA.
Example
# Display the roaming track of the STA with the MAC address 00e0-fc00-0001.
<HUAWEI> display station roam-track sta-mac 00e0-fc00-0001
Access SSID:test
Rx/Tx:link receive rate/link transmit rate(Mbps)
c:PMK Cache Roam r:802.11r Roam
------------------------------------------------------------------------------
L2/L3 AP IP AP name Radio ID
BSSID TIME In/Out RSSI Out Rx/Tx
------------------------------------------------------------------------------
-- 192.168.109.1 test1 1
00e0-fc76-e360 2015/01/12 16:52:58 -51/-48 46/13
L2 192.168.109.1 test2 1
00e0-fc74-9640 2015/01/12 16:55:45 -58/- -/-
------------------------------------------------------------------------------
Number: 1
Table 12-1 Description of the display station roam-track command output
Item Description
Access SSID SSID associated with a STA.
Rx/Tx Negotiated rate between the STA and

AP.
L2/L3 Whether a STA roams at Layer 2 or

Layer 3.
Suffix description:
● c: PMK fast roaming.
● r: 802.11r fast roaming
AP IP IP address of an AP that the STA is

associated with.
AP name Name of an AP that the STA is

associated with.
Radio ID ID of a radio that the STA is associated

with.

Fat AP and Cloud AP
Item Description
BSSID BSSID of an AP that the STA is

associated with.
TIME Time duration when the STA is

associated with an AP.
In/Out RSSI RSSI of the AP that the STA is

associated with and RSSI of the AP
away from which the STA has left.
Out Rx/Tx Negotiated rate of the STA when it

disconnects from an AP.
Number Number of STA roaming tracks.
12.2 display station roam-statistics

Function
The display station roam-statistics command displays STA roaming statistics.
NOTE
Format
display station roam-statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display station roam-statistics command to view STA roaming
statistics.
Example
# Display roaming statistics about all STAs.

Fat AP and Cloud AP
<HUAWEI> display station roam-statistics

----------------------------------------------------------------------------------
Online STAs :0
Online roaming stations :0
Online L3 roam stations :0
Station roam from/to other AC statistic:
Description AC IP L3 roam-in L3 roam-out
---------------------------------------------------------------------------------
----------------------------------------------------------------------------------
Number: 0
Table 12-2 Description of the display station roam-statistics command output
Item Description
Online STAs Number of online STAs.
Online roaming stations Number of online roaming STAs.
Online L3 roam stations Number of Layer 3 roaming STAs.
Station roam from/to other AC statistic Statistics about STAs roaming from
another AP to the local AP or STAs
roaming from the local AP to another
AP.
Description Description of the AP.
AC IP IP address of another AP.
L3 roam-in Number of STAs roaming from another

AP to the local AP.
L3 roam-out Number of STAs roaming from the

local AP to another AP.
12.3 dot11r enable

Function
The dot11r enable command enables 802.11r.
The undo dot11r enable command disables 802.11r.
By default, 802.11r is disabled.
NOTE
Format
dot11r enable [ reassociate-timeout time ]
undo dot11r enable

Fat AP and Cloud AP
Parameters
reassociate- STA re-association timeout period. The value is an integer

timeout timeok that ranges from 1 to
After successful authentication, if 10, in seconds. The
the STA does not initiate a default value is 1.
reassociation request within this
period, the roaming fails.
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
During roaming, the STA needs to be reauthenticated and re-negotiate a key, so
services are interrupted for a short period of time. You can enable 802.11r to
reduce the number of information exchanges during roaming, thus reducing
latency.
Precautions
● Security policies supported by 802.11r include open system, WPA2+PSK+AES,
WPA2+PPSK+AES, and WPA2+802.1X+AES.
Example
# Enable the 802.11r function.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] dot11r enable

Fat AP and Cloud AP 13 WLAN Location Configuration Commands
13 WLAN Location Configuration

Commands (Common AP)
About This Chapter
13.1 ble
13.2 ble low-power-threshold
13.3 ble monitoring-list
13.4 broadcaster enable
13.5 broadcasting-content
13.6 broadcasting-interval
13.7 display ble-profile
13.8 display location-profile
13.9 display references ble-profile
13.10 display references location-profile
13.11 display wlan ble global configuration
13.12 display wlan ble monitoring-list
13.13 display wlan ble site-info
13.14 location-profile
13.15 location-profile (WLAN view)
13.16 private mu protocol-version
13.17 private mu-enable
13.18 private report-frequency
13.19 private server
13.20 report-mode

13.21 report-to-server
13.22 reset wlan ble site-info
13.23 sniffer enable
13.24 tx-power (BLE profile view)
13.1 ble
Function
The ble command enters the default BLE profile view.
NOTE
Format
ble
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
To perform BLE-related configurations on cloud APs, run this command to enter
the default BLE profile view.
Example
# Enter the default BLE profile view.
[HUAWEI] wlan
[HUAWEI-wlan-view] ble
[HUAWEI-wlan-ble-prof-default]
13.2 ble low-power-threshold

Function
The ble low-power-threshold command sets a low power alarm threshold for
BLE devices.
The undo ble low-power-threshold command restores the low power alarm
threshold of BLE devices to the default value.
By default, the low power alarm threshold of BLE devices is 20%.
Format
ble low-power-threshold low-power-threshold
undo ble low-power-threshold
Parameters
low-power- Specifies the low power The value is an enumerated type. The
threshold alarm threshold of BLE options are as follows:
devices.
● 0: 0%
● 20: 20%
● 40: 40%
● 60: 60%
● 80: 80%
Views
WLAN view
Default Level
Usage Guidelines
After the sniffer enable command is executed to enable the Bluetooth monitoring
function of an AP's built-in Bluetooth module, the built-in Bluetooth module will
scan and obtain information about surrounding BLE devices. The information
includes battery power of BLE devices. When the obtained battery power of a BLE
device is lower than the low power alarm threshold, the AP generates an alarm
indicating that the BLE device has low battery power.
Example
# Set the low power alarm threshold for BLE devices to 40%.
[HUAWEI] wlan
[HUAWEI-wlan-view] ble low-power-threshold 40

13.3 ble monitoring-list
Function
The ble monitoring-list command adds specified Bluetooth devices to the
Bluetooth device monitoring list.
The undo ble monitoring-list command deletes specified Bluetooth devices from
the Bluetooth device monitoring list.
By default, no Bluetooth devices are added to the monitoring list.
NOTE
Format
ble monitoring-list mac mac-address1 [ to mac-address2 ]
undo ble monitoring-list [ mac mac-address1 [ to mac-address2 ] ]
Parameters
mac mac- Specifies the MAC address of a The value is in H-H-H

address1 Bluetooth device to be monitored. format. An H is a
digits.
to mac- Specifies the end MAC address of a The value is in H-H-H

address2 Bluetooth device when Bluetooth format. An H is a
devices are added to or deleted from hexadecimal number of 4
the monitoring list in batches. The digits.
mac-address2 value must be equal
to or larger than the mac-address1
value. mac-address1 and mac-
address2 jointly specify a range of
MAC addresses.
Views
WLAN view
Default Level

Usage Guidelines
Bluetooth devices with all-0 or all-F MAC addresses cannot be added to the
monitoring list.
Example
# Add the Bluetooth device with MAC address 00e0-fc12-3456 to the monitoring
list.
[HUAWEI] wlan
[HUAWEI-wlan-view] ble monitoring-list mac 00e0-fc12-3456
# Add Bluetooth devices with MAC addresses 00e0-fc12-3456 to 00e0-fc12-3458

to the monitoring list.
[HUAWEI] wlan
[HUAWEI-wlan-view] ble monitoring-list mac 00e0-fc12-3456 to 00e0-fc12-3458
13.4 broadcaster enable
Function
The broadcaster enable command enables the Bluetooth broadcast function of
an AP's built-in Bluetooth module.
The undo broadcaster enable command disables the Bluetooth broadcast
function of an AP's built-in Bluetooth module.
By default, the Bluetooth broadcast function of an AP's built-in Bluetooth module
is disabled.
NOTE
● The Bluetooth broadcast function is supported only by the following models:

● AP2050DN-E, AP2051DN-E, AP4050DN-E, AP4051TN, AP6052DN, AP7050DE,
AP7052DE, AP7052DN, AP4050DE-M, AP4050DE-M-S, AP4050DE-B-S, AP7060DN,
AP6750-10T, AP7152DN, AP8050DN, AP8050DN-S, AP8050TN-HD, AP8082DN,
AP8150DN, AP8182DN, R250D-E, R251D-E
Format
broadcaster enable
undo broadcaster enable
Parameters
None
Views
BLE profile view

Default Level
Usage Guidelines
When an AP's built-in Bluetooth module is used as a BLE device, you can run this
command to enable the Bluetooth broadcast function. After this function is
enabled, the built-in Bluetooth module sends BLE broadcast frames to surrounding
devices. The frame content complies with the iBeacon protocol.
Example
# Enable the Bluetooth broadcast function.
[HUAWEI] wlan
[HUAWEI-wlan-view] ble-profile name example
[HUAWEI-wlan-ble-prof-example] broadcaster enable
13.5 broadcasting-content
Function
The broadcasting-content command configures the content of a BLE broadcast
frame sent by an AP's built-in Bluetooth module.
The undo broadcasting-content command restores the default content of a BLE

broadcast frame sent by an AP's built-in Bluetooth module.
By default, the UUID, Major, and Minor fields in a BLE broadcast frame sent by an
AP's built-in Bluetooth module are null, and the RSSI calibration value is -65 dBm.
NOTE

AP8150DN, AP8182DN, R250D-E, R251D-E
Format
broadcasting-content { uuid { uuid-character-string uuid-value | uuid-hex uuid-
value } | major { major-character-string major-value | major-hex major-value |
major-decimal major-value } | minor { minor-character-string minor-value |
minor-hex minor-value | minor-decimal minor-value } | reference-rssi reference-
rssi-value }*
undo broadcasting-content [ uuid | major | minor | reference-rssi ]

Parameters
uuid uuid- Specifies the UUID field in a BLE The value is a string of 1
character-string broadcast frame. UUID is the to 16 characters. The
uuid-value universally unique identifier of a default value is null.
BLE device.
uuid uuid-hex Specifies the UUID field in a BLE The value is in

uuid-value broadcast frame. UUID is the hexadecimal notation.
universally unique identifier of a The value length ranges
BLE device. from 1 to 32 bytes. The
default value is null.
major major- Specifies the Major field in a BLE The value is a string of 1
character-string broadcast frame. This field or 2 characters. The
major-value specifies a major group and is default value is null.
combined with the Minor field to
define information about a BLE
device, for example, location of a
BLE device.
major major- Specifies the Major field in a BLE The value is in

hex major-value broadcast frame. This field hexadecimal notation.
specifies a major group and is The value length ranges
combined with the Minor field to from 1 to 4 bytes. The
define information about a BLE default value is null.
BLE device.
major major- Specifies the Major field in a BLE The value is an integer
decimal major- broadcast frame. This field that ranges from 0 to
value specifies a major group and is 65535. The default value
combined with the Minor field to is null.
BLE device.
minor minor- Specifies the Minor field in a BLE The value is a string of 1
character-string broadcast frame. This field or 2 characters. The
minor-value specifies a minor group and is default value is null.
combined with the Major field to
BLE device.

minor minor- Specifies the Minor field in a BLE The value is in

hex minor-value broadcast frame. This field hexadecimal notation.
specifies a minor group and is The value length ranges
combined with the Major field to from 1 to 4 bytes. The
define information about a BLE default value is null.
BLE device.
minor minor- Specifies the Minor field in a BLE The value is an integer
decimal minor- broadcast frame. This field that ranges from 0 to
value specifies a minor group and is 65535. The default value
combined with the Major field to is null.
BLE device.
reference-rssi Specifies the RSSI calibration value The value is an integer

reference-rssi- of a BLE device. RSSI calibration that ranges from -97 to
value value indicates the RSSI value of a -50, in dBm. The default
BLE device measured at a distance value is -65 that is
of 1 m. It is used to estimate the measured when the
distance between the BLE device transmit power of an APs'
and Bluetooth terminals. built-in Bluetooth module
is 0 dBm.
Views
BLE profile view
Default Level
Usage Guidelines
Usage Scenario
After enabling the broadcast function of an AP's built-in Bluetooth module using
the broadcaster enable command, you can run the broadcasting-content
command to configure the content of BLE broadcast frames sent by the module.
Precautions
The RSSI calibration value in a BLE broadcast frame is set based on the actual
measurement result.
After changing the transmit power of a built-in Bluetooth module using the tx-
power (BLE profile view) command, you need to remeasure and reconfigure the
RSSI calibration value. Therefore, you are advised to run the tx-power (BLE
profile view) command to configure the transmit power of a built-in Bluetooth
module before configuring the RSSI calibration value.

Example
# Configure the content of a BLE broadcast frame sent by an AP's built-in
Bluetooth module. Set UUID uuid-hex to 12345678123456789, Major major-hex
to A22, Minor minor-hex to 011, and reference-rssi to –70.
[HUAWEI] wlan
[HUAWEI-wlan-ble-prof-example] broadcasting-content uuid uuid-hex 12345678123456789 major
major-hex A22 minor minor-hex 011 reference-rssi -70
13.6 broadcasting-interval
Function
The broadcasting-interval command configures the interval for an AP's built-in
Bluetooth module to send BLE broadcast frames.
The undo broadcasting-interval command restores the default interval for an

AP's built-in Bluetooth module to send BLE broadcast frames.
By default, the built-in Bluetooth module of an AP sends BLE broadcast frames at

an interval of 500 ms.
NOTE

AP8150DN, AP8182DN, R250D-E, R251D-E
Format
broadcasting-interval broadcasting-interval-value
undo broadcasting-interval
Parameters
broadcasting- Specifies the interval for an The value is an integer that

interval-value AP's built-in Bluetooth ranges from 100 to 10240,
module to send BLE in milliseconds.
broadcast frames.
Views
BLE profile view

Default Level
Usage Guidelines
After enabling the broadcast function of an AP's built-in Bluetooth module using
the broadcaster enable command, you can run the broadcasting-interval
command to set the interval for the module to send BLE broadcast frames.
Example
# Set the interval for an AP's built-in Bluetooth module to send BLE broadcast
frames to 1000 ms.
[HUAWEI] wlan
[HUAWEI-wlan-ble-prof-example] broadcasting-interval 1000
13.7 display ble-profile
Function
The display ble-profile command displays configuration and reference
information about a BLE profile.
NOTE
Format
display ble-profile { all | name profile-name }
Parameters
all Displays information about all BLE -

profiles.
name profile-name Displays information about the BLE The BLE profile
profile with a specified name. name must exist.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
BLE profiles.
Example
# Display information about all BLE profiles.
<HUAWEI> display ble-profile all
---------------------------------------------------------------------------
---------------------------------------------------------------------------
example 1
---------------------------------------------------------------------------
Total: 1
Table 13-1 Description of the display ble-profile all command output

Item Description
Profile name BLE profile name.
Reference Number of times a BLE profile is

referenced.
# Display information about the BLE profile example.

<HUAWEI> display ble-profile name example
------------------------------------------------------------------------------
Broadcaster switch : disable
Broadcaster interval(ms) : 500
Broadcaster content
UUID : 00000000000000012345678123456789(hex)
major : 0A22(hex)
minor : 0011(hex)
Reference RSSI : -70
Transmit power :0
Sniffer switch : disable
Sniffer mode :-
Source IP address : 0.0.0.0
Report switch : enable
Report mode : immediate
Report interval(s) : 10
Report server : 0.0.0.0
Report server port :-
Report via-AC : disable
Report via-AC port :-
------------------------------------------------------------------------------

Table 13-2 Description of the display ble-profile name profile-name command

output
Item Description
Broadcaster switch Whether the Bluetooth broadcast

● enable
● disable
Broadcaster interval(ms) Interval at which BLE broadcast frames

are sent.
Broadcaster content Content of a BLE broadcast frame.
UUID UUID field in a BLE broadcast frame.

UUID refers to the universally unique
identifier of a Bluetooth device.
major Major field in a BLE broadcast frame.

This field specifies a major group and
is combined with the Minor field to
define information about a BLE device,
for example, location of the BLE
device.
minor Minor field in a BLE broadcast frame.

This field specifies a minor group and
is combined with the Major field to
define information about a BLE device,
for example, location of the BLE
device.
Reference RSSI RSSI calibration value. This value refers

to the RSSI of a BLE device measured
at a distance of 1 m. It is used to
calculate the distance between a BLE
device and a BLE terminal or tag.
Transmit power Transmit power of an AP's built-in

Bluetooth module.
Sniffer switch Whether the Bluetooth function is

enabled.
● enable
● disable
sniffer enable command.
Sniffer mode Bluetooth working mode.

sniffer enable command.

Item Description
Source IP address Source IP address used to report

Bluetooth packets.
Report switch Whether Bluetooth packets are

reported.
● enable
● disable
Report mode Mode in which an AP reports

Bluetooth packets.
report-mode command.
Report interval(s) Interval at which an AP reports

Bluetooth packets.
report-mode command.
Report server IP address of a Bluetooth server.

report-to-server command.
Report server port Port number of a Bluetooth server.

Report via-AC Whether Bluetooth packets are

reported to a server through the AC.
● enable: Bluetooth packets are
reported through the AC.
● disable: Bluetooth packets are
reported not through the AC.
Report via-AC port Port number used by the AC to report

Bluetooth packets.
13.8 display location-profile

Function
The display location-profile command displays configuration information about a
location profile.

Format
display location-profile { all | name profile-name }
Parameters
all Specifies all location profiles. -
name profile- Specifies a location profile. The location profile

name name must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view configuration information about a location
profile to verify the configuration.
Example
# Display all location profiles.
<HUAWEI> display location-profile all
----------------------------------------------------------
----------------------------------------------------------
default 1
----------------------------------------------------------
Total: 1
Table 13-3 Description of the display location-profile all command output
Item Description
Profile name Name of a location profile.
Reference Number of times a location profile is

referenced.
# Display the default configuration of the location profile default.

<HUAWEI> display location-profile name default
------------------------------------------------------------
private mu : disable
private server : 0.0.0.0
private server domain :-
private server port :-

private report-frequency(ms) : 20000

private mu protocol-version : v3
------------------------------------------------------------
Table 13-4 Description of the display location-profile name default command

output
Item Description
private mu Whether terminal location is enabled.

● enable: The function is enabled.
● disable: The function is disabled.
To configure the function, run the
private mu-enable command.
private server IP address of the terminal location

server.
private server command.
private server domain Domain name of the terminal location

server.
private server port Port number of the terminal location

server.
private report-frequency(ms) Interval at which a RU reports channel

scan information.
private report-frequency command.
private mu protocol-version Terminal location protocol version.

private mu protocol-version
command.
13.9 display references ble-profile
Function
The display references ble-profile command displays reference information
about a BLE profile.
Format
display references ble-profile name profile-name

Parameters
name profile-name Displays reference information The BLE profile name

about a specified BLE profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view reference information about a BLE profile.
Example
# Display reference information about BLE profile example.
<HUAWEI> display references ble-profile name example
--------------------------------------------------------------------------
--------------------------------------------------------------------------
AP group default
--------------------------------------------------------------------------
Total: 1
Table 13-5 Description of the display references ble-profile command output
Item Description
Reference type Type of the profile that references a

BLE profile.
Reference name Name of the profile that references a

BLE profile.
13.10 display references location-profile

Function
The display references location-profile command displays reference information
about a location profile.
Format
display references location-profile name profile-name

Parameters
name profile- Specifies a location profile. The location profile

name name must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view reference information about a location profile.
Example
# Display reference information about the location profile default.
<HUAWEI> display references location-profile name default
------------------------------------------------------------
------------------------------------------------------------
Interface Wlan-Radio0/0/0
------------------------------------------------------------
Total: 1
Table 13-6 Description of the display references location-profile command

output
Item Description
Reference type Interface to which the location profile

is applied.
Reference name Name of the interface that references

the location profile.
13.11 display wlan ble global configuration
Function
The display wlan ble global configuration command displays global
configurations of Bluetooth devices.
Format
display wlan ble global configuration

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view global configurations of Bluetooth devices and
know the configuration about the Bluetooth device information report function.
Example
# Display global configurations of Bluetooth devices.
<HUAWEI> display wlan ble global configuration
--------------------------------------------------------------------------------
BLE report interval(min) :10
BLE low power threshold(%) :20
BLE source IP address :0.0.0.0
--------------------------------------------------------------------------------
Table 13-7 Description of the display wlan ble global configuration command
output
Item Description
BLE report interval(min) Interval at which an AP reports

Bluetooth device information.
BLE low power threshold(%) Low power alarm threshold of

Bluetooth devices.
BLE source IP address A global source IP address in packets

sent by an AC to a location server.
13.12 display wlan ble monitoring-list
Function
The display wlan ble monitoring-list command displays BLE devices that have
been added to the monitoring list.
NOTE

Format
display wlan ble monitoring-list
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After running the ble monitoring-list command to add BLE devices to the
monitoring list, you can run the display wlan ble monitoring-list command to
check BLE devices that have been added to the monitoring list.
Example
# Check all BLE devices that have been added to the monitoring list.
<HUAWEI> display wlan ble monitoring-list
--------------------------------------------------------------------------------
Index MAC
--------------------------------------------------------------------------------
0 00e0-fc34-0000
1 00e0-fc34-7777
--------------------------------------------------------------------------------
Total: 2
Table 13-8 Description of the display wlan ble monitoring-list command output
Item Description
Index Index.
MAC MAC address of a BLE device that has

been added to the monitoring list.
13.13 display wlan ble site-info
Function
The display wlan ble site-info command displays information about Bluetooth
devices that are scanned by an AP's built-in Bluetooth module.

NOTE
Format
display wlan ble site-info { all | mac-address mac-address | host-ap { valid |
host-ap-id ap-id | host-ap-name ap-name } }
Parameters
all Displays information about all -

Bluetooth devices.
mac-address mac- Displays information about a The value is in H-H-H

address specified Bluetooth device. format. An H is a
4 digits.
host-ap valid Displays information about APs' -

built-in Bluetooth modules
among all Bluetooth device
information.
host-ap host-ap-id Displays information about the The AP ID must exist.

ap-id Bluetooth module built in an
AP with the specified ID.
host-ap host-ap- Displays information about the The AP name must

name ap-name Bluetooth module built in an exist.
AP with the specified name.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After you enable the Bluetooth monitoring function using the sniffer enable
command, an AP's built-in Bluetooth module scans surrounding Bluetooth devices
and obtains their information. You can then run this command to view obtained
information about Bluetooth devices scanned by the built-in Bluetooth module.
After the Bluetooth broadcast function is enabled for an AP with the built-in
Bluetooth module, the Bluetooth module works as a Bluetooth station, whose

information can be found in Bluetooth device information. If the Bluetooth MAC

address label of an AP is lost, it is time-consuming to locate the mapping between
the AP and built-in Bluetooth module. In this case, configure the host-ap
parameter to filter out information about the AP's built-in Bluetooth module
among all Bluetooth device information.
Example
# Display information about all Bluetooth devices.
<HUAWEI> display wlan ble site-info all
------------------------------------------------------------------------------------------------------------------------------
---------------------
Index MAC Host AP ID Host AP name RSSI Power Type DetachedFlag Aging-Timeout(m)
Broadcast count Advertisement data
------------------------------------------------------------------------------------------------------------------------------
---------------------
0 0000-0101-0202 4 AP4 -30 50% asset-tag N 57 10
02-02-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-fa
------------------------------------------------------------------------------------------------------------------------------
---------------------
Total: 1
Table 13-9 Description of the display wlan ble site-info command output
Item Description
Index Index.
MAC MAC address of a Bluetooth device.
Host AP ID ID of the AP to which a Bluetooth

device belongs. The display of --
indicates that Bluetooth device
information does not belong to the
built-in Bluetooth module of the AP.
Host AP name Name of the AP to which a Bluetooth

device belongs. The display of --
indicates that Bluetooth device
information does not belong to the
built-in Bluetooth module of the AP.
RSSI Signal strength of a Bluetooth device

received by an AP's built-in Bluetooth
module.
Power Battery power of a Bluetooth device. If

no information about battery power is
obtained, this item is displayed as --.
Type Bluetooth device type. The options are

as follows:
● ibeacon: Bluetooth terminal
● asset-tag: Bluetooth tag
● sensor-tag: Bluetooth client

Item Description
DetachedFlag Whether a Bluetooth device is

disconnected. The options are as
follows:
● Y: The Bluetooth device is
disconnected.
● N: The Bluetooth device is
connected.
NOTE
Bluetooth device disconnection check is not
supported in Bluetooth monitoring or
transparent transmission mode. This
parameter is valid only when the Bluetooth
device type is asset-tag.
Aging-Timeout(m) Remaining aging time of a Bluetooth

device. The maximum value is 60
minutes.
Broadcast count Number of broadcast packets sent by

a Bluetooth device.
Advertisement data Content of data carried in a broadcast

frame sent by a Bluetooth device. The
maximum length of a displayed
broadcast frame is 21 bytes.
13.14 location-profile
Function
The location-profile command binds a location profile to an AP radio interface.
The undo location-profile command unbinds a location profile from an AP radio
interface.
By default, no location profile is bound to a radio interface.
Format
location-profile profile-name
undo location-profile

Parameters
profile-name Specifies the name of a location profile. The location profile

name must already
exist.
Views
radio interface view
Default Level
Usage Guidelines
You can also run this command to bind a location profile to a radio interface.
After the binding, the parameters of the location profile will be applied to the
radio interface.
Example
# Bind the location profile default to the 2.4G radio interface.
[HUAWEI-Wlan-Radio0/0/0] location-profile default
13.15 location-profile (WLAN view)

Function
The location-profile command creates a location profile or displays the location
profile view.
The undo location-profile command deletes a location profile.
By default, no location profile is created.
Format
location-profile name profile-name
undo location-profile { name profile-name | all }

Parameters
name profile- Specifies the name of a location profile, The value is a string
name which uniquely identifies a location of 1 to 35 case-
profile. insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all location profiles. -
Views
WLAN view
Default Level
Usage Guidelines
The location-profile command creates or deletes a location profile or displays the
location profile view in which you can configure the profile. If the specified profile
name does not exist, the command creates a new location profile and displays the
view of this location profile, and all parameters in the location profile use default
values. You can also change values of these parameters.
NOTE
A Fat AP supports only one location profile.
Example
# Create the location profile test.
[HUAWEI] wlan
[HUAWEI-wlan-view] location-profile name test
[HUAWEI-wlan-location-prof-test]
13.16 private mu protocol-version

Function
The private mu protocol-version command sets the terminal location protocol
version.
The undo private mu protocol-version command restores the default terminal

location protocol version.
The default terminal location protocol version is v3.
Format
private mu protocol-version { v3 | v5 }
undo private mu protocol-version
Parameters
v3 Sets the protocol version to v3. -
v5 Sets the protocol version to v5. -
Views
Location profile view
Default Level
Usage Guidelines
Usage Scenario
When the terminal location protocol version is v5, APs report more information to
the location server, such as the timestamp (the time when APs scan STAs). The
location server obtains the information to improve location accuracy.
Precautions
The terminal location protocol version must be the supported by the location
server.
Example
# Set the terminal location protocol version to v5.
[HUAWEI] wlan
[HUAWEI-wlan-view] location-profile name example
[HUAWEI-wlan-location-prof-example] private mu protocol-version v5

13.17 private mu-enable
Function
The private mu-enable command enables terminal location of APs.
The undo private mu-enable command disables terminal location of APs.
By default, terminal location of APs is disabled.
Format
private mu-enable
undo private mu-enable
Parameters
None
Views
Default Level
Usage Guidelines
You can run the private mu-enable command to enable terminal location of APs.
Example
# Enable terminal location of APs.
[HUAWEI] wlan
[HUAWEI-wlan-location-prof-example] private mu-enable
13.18 private report-frequency
Function
The private report-frequency command sets the interval at which an AP reports
channel scan information.
The undo private report-frequency command restores the default interval at
which an AP reports channel scan information.
By default, an AP reports channel scan information every 20000 ms.

Format
private report-frequency time
undo private report-frequency
Parameters
time Specifies the interval at which an The value is an integer that
AP reports channel scan ranges from 500 ms to 60000
information. ms.
Views
Default Level
Usage Guidelines
During terminal location, an AP periodically scans channels to collect data. The
collected data is buffered and updated on the AP, then reported to the location
server at specified intervals.
Example
# Set the interval at which an AP reports channel scan information to 30000 ms.
[HUAWEI] wlan
[HUAWEI-wlan-location-prof-example] private report-frequency 30000
13.19 private server
Function
The private server command configures the destination IP address and port
number for APs to report STA location data.
The undo private server command restores the default destination IP address and
port number for APs to report STA location data.
By default, no destination IP address or port number is configured for APs to
report STA location data.
Format
private server { ip-address ip-address | domain domain } port port-num

undo private server
Parameters
ip-address ip- Specifies the server's IPv4 address to The value is in dotted
address which APs report STA location data. decimal notation.
domain domain Specifies the domain name to which The value is a string of
APs report STA location data. 1 to 255 characters.
port port-num Specifies the destination port The value is an integer

number on the location server to that ranges from 1 to
which APs directly report terminal 65535.
location data.
Specifies the destination port
number on the location server to
which APs report terminal location
data through an AC.
Views
Default Level
Usage Guidelines
Usage Scenario
After scanning channels, the AP reports the collected location information to the
eSight for analysis. You can run this command to configure the destination IP
address and port number for the AP to report STA location data.
Precautions
You cannot configure a port number that has been occupied by other services;
otherwise, the port configuration fails.
Example
# Configure APs to report STA location data directly to the location server, and set
the server's IP address and port number to 192.168.1.2 and 32180, respectively.
[HUAWEI] wlan
[HUAWEI-wlan-location-prof-example] private server ip-address 192.168.1.2 port 32180

13.20 report-mode
Function
The report-mode command sets the mode and interval for APs to send Bluetooth
packets.
The undo report-mode command cancels the configured mode and interval for
APs to send Bluetooth packets.
By default, an AP sends Bluetooth packets at an interval of 10 seconds.
Format
report-mode { immediate | periodic [ interval interval ] }
undo report-mode
Parameters
immediate Enables APs to send Bluetooth packets -

immediately.
periodic Enables APs to send Bluetooth packets -

periodically.
interval Specifies an interval at which Bluetooth The value is an

interval packets are sent. integer that ranges
from 1 to 600, in
seconds.
Views
BLE profile view
Default Level
Usage Guidelines
Usage Scenario
When APs are enabled to send Bluetooth packets immediately, the location
accuracy is high but AP performance may be affected. When APs are enabled to
send Bluetooth packets periodically, the location accuracy is low but AP
performance is not affected.
Precautions

When APs are enabled to send Bluetooth packets periodically, set a proper interval
at which Bluetooth packets are sent. Otherwise, location results may be
inaccurate.
Example
# Enable APs to send Bluetooth packets immediately.
[HUAWEI] wlan
[HUAWEI-wlan-ble-prof-example] report-mode immediate
13.21 report-to-server
Function
The report-to-server command configures the destination server and port
number to which APs report Bluetooth packets.
The undo report-to-server command restores the default destination server and
port number to which APs report Bluetooth packets.
By default, no destination IP address or port number is configured for APs to

report Bluetooth packets.
NOTE
Format
report-to-server ip-address ip-address port port-num [ via-ac ac-port ac-port-
num ]
report-to-server domain domain port port-num
undo report-to-server
Parameters
ip-address ip- Specifies the IPv4 address of the The value is in dotted
address location server to which APs report decimal notation.
Bluetooth packets.
domain domain Specifies the domain name of the The value is a string of
location server to which APs report 1 to 255 characters.
Bluetooth packets.

port port-num Specifies the destination port The value is an integer

number on the location server to that ranges from 1 to
which APs directly report Bluetooth 65535.
packets.
Specifies the destination port
number on the location server to
which APs report Bluetooth packets
through an AC.
via-ac Specifies that Bluetooth packets are -

reported to a location server through
an AC.
ac-port ac-port- Specifies the destination port The value is an integer

num number on the AC to which APs that ranges from 5000
report Bluetooth packets. to 65535.
Views
BLE profile view
Default Level
Usage Guidelines
Usage Scenario
After the Bluetooth function is enabled, APs need to report collected Bluetooth
data to a server. APs report the data using either of the following two methods:
● Report the data directly to the server.
● Report the data to the server through an AC.
Precautions
When configuring a port number, ensure that the port is not occupied by other
services. If the port is occupied by other services, the port fails to be created.
For the same Bluetooth location function, Bluetooth data reporting through an AC
can be configured only in one BLE profile. If Bluetooth data reporting through an
AC has been configured in the current BLE profile for a Bluetooth location mode,
the forwarding mode cannot be configured in other BLE profiles for the same
Bluetooth location function.
Example
# Enable APs to report Bluetooth packets to the server with destination IP address
192.168.1.2 and port number 8569.

[HUAWEI] wlan
[HUAWEI-wlan-ble-prof-example] report-to-server ip-address 192.168.1.2 port 8569
13.22 reset wlan ble site-info
Function
The reset wlan ble site-info command deletes information about BLE devices
stored on an AC.
Format
reset wlan ble site-info { all | mac-address mac-address }
Parameters
all Deletes information about all -

BLE devices.
mac-address Deletes information about the The value is in H-H-H

mac-address BLE device with the specified format. An H is a
MAC address from the device hexadecimal number of 4
list on the AC. digits.
Views
WLAN view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
When the remaining aging time of BLE devices is long and some BLE devices are
not in the current WLAN coverage area, but entries on the AC still exist, you can
run this command to delete information about these BLE devices.
Precautions
Deleted information about BLE devices cannot be recovered. If the aging time of a
BLE device is zero, information about the BLE device is automatically deleted from
the device list on the AC.

Example
# Delete information about all BLE devices from the AC.
[HUAWEI] wlan
[HUAWEI-wlan-view] reset wlan ble site-info all
13.23 sniffer enable
Function
The sniffer enable command enables and configures the working mode of an
AP's built-in Bluetooth module.
The undo sniffer enable command disables the Bluetooth function of an AP's
built-in Bluetooth module.
By default, the Bluetooth function of an AP's built-in Bluetooth module is disabled.
NOTE
Format
sniffer enable { ibeacon-mode | tag-mode | transparent-mode }
undo sniffer enable
Parameters
ibeacon- Enables the Bluetooth monitoring -

mode function of an AP's built-in Bluetooth
module.
tag-mode Enables the Bluetooth tag location -

function of an AP's built-in Bluetooth
module.
transparent- Enables the Bluetooth data transparent -

mode transmission function of an AP's built-in
Bluetooth module.
Views
BLE profile view
Default Level

Usage Guidelines
Usage Scenario
After the Bluetooth monitoring or Bluetooth tag location function is enabled, the
built-in Bluetooth module of an AP will scan and obtain information about
surrounding BLE devices or Bluetooth tags. The built-in Bluetooth module then
reports the obtained information such as MAC addresses, RSSIs, BLE broadcast
frame contents, and battery power.
After the Bluetooth monitoring function is enabled, an AP obtains battery power
information about surrounding BLE devices at WLAN service off-peak hours, for
example, from 2:00 a.m. to 2:30 a.m. (UTC time), and then reports the obtained
information to the AC. Precisely configure the system time of an AC to ensure that
WLAN services are not affected when the AC obtains battery power of BLE
devices.
After the Bluetooth data transparent transmission function is enabled, the built-in
Bluetooth module of an AP scans surrounding Bluetooth clients, and reports
information about the scanned Bluetooth clients, such as packet data, MAC
addresses, and RSSIs.
The Bluetooth broadcast and Bluetooth monitoring functions can be enabled
simultaneously for an AP's built-in Bluetooth module. When the two functions are
both enabled, the AP's built-in Bluetooth module is also monitored.
After you run the undo sniffer enable command to disable the BLE monitoring or
Bluetooth tag location function, the AC will trigger an alarm indicating that BLE
devices or Bluetooth tags are offline.
Example
# Enable the Bluetooth monitoring function.
[HUAWEI] wlan
[HUAWEI-wlan-ble-prof-example] sniffer enable ibeacon-mode
Warning: Modifying the monitoring mode may cause BLE devices in the original monitoring mode to go
offline and age.
13.24 tx-power (BLE profile view)
Function
The tx-power command configures the transmit power of an AP's built-in
Bluetooth module.
The undo tx-power command restores the default transmit power of an AP's
built-in Bluetooth module.
By default, the transmit power of an AP's built-in Bluetooth module is 0 dBm.
Format
tx-power tx-power-value

undo tx-power
Parameters
tx-power-value Transmit power of an The value is an enumerated type. The
AP's built-in Bluetooth options are -21, -18, -15, -12, -9, -6, -3,
module. 0, 1, 2, 3, 4, and 5, in dBm.
Views
BLE profile view
Default Level
Usage Guidelines
Usage Scenario
You can run this command to change the transmit power of an AP's built-in
Bluetooth module. Increasing transmit power can improve Bluetooth signal
transmission quality but causes more severe interference to other wireless devices.
Reducing transmit power can reduce interference to other wireless devices but
affects Bluetooth signal transmission quality. Configure proper transmit power of
an AP's built-in Bluetooth module according to actual situations.
Precautions
After changing the transmit power of an AP's built-in Bluetooth module, you need
to run the broadcasting-content command to reconfigure the RSSI calibration
value in BLE broadcast frames.
Example
# Configure the transmit power of an AP's built-in Bluetooth module to 2 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-ble-prof-example] tx-power 2

Fat AP and Cloud AP 14 WLAN Security Configuration Commands
14 WLAN Security Configuration

About This Chapter
14.1 anti-attack flood blacklist enable

14.2 anti-attack flood disable
14.3 anti-attack flood sta-rate-threshold
14.4 arp anti-attack check user-bind enable
14.5 brute-force-detect interval
14.6 brute-force-detect quiet-time
14.7 brute-force-detect threshold
14.8 contain
14.9 contain-mode
14.10 device report-interval
14.11 dhcp trust port
14.12 display ap radio-environment
14.13 display wlan wids manual-contain device-mac-list
14.14 display wlan ids attack-detected
14.15 display wlan ids attack-detected statistics
14.16 display wlan ids attack-history
14.17 display wlan ids contain
14.18 display wlan ids device-detected
14.19 display wlan ids device-detected statistics
14.20 display wlan dynamic-blacklist

14.21 display wlan ids rogue-history

14.22 display wlan ids spoof-ssid fuzzy-match
14.23 dynamic-blacklist aging-time
14.24 dynamic-blacklist enable
14.25 flood-detect interval
14.26 flood-detect quiet-time
14.27 flood-detect threshold
14.28 ip source check user-bind enable
14.29 learn-client-address dhcp-strict
14.30 learn-client-address disable (VAP profile view)
14.31 permit-ap
14.32 reset wlan ids attack-detected
14.33 reset wlan ids attack-detected statistics
14.34 reset wlan ids attack-history
14.35 reset wlan dynamic-blacklist
14.36 reset wlan ids rogue-history
14.37 rogue-device log enable
14.38 spoof-detect quiet-time
14.39 spoof-ssid
14.40 sta arp-nd-proxy before-assoc
14.41 weak-iv-detect quiet-time
14.42 wids
14.43 wids attack detect enable
14.44 wids contain enable
14.45 wids device detect enable
14.46 wids manual-contain
14.47 work-mode
14.1 anti-attack flood blacklist enable
Function
The anti-attack flood blacklist enable command enables the flood blacklist
function.

The undo anti-attack flood blacklist enable command disables the flood
blacklist function.
By default, the flood blacklist function is disabled.
Format
anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast |
other-multicast } blacklist enable
undo anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-

broadcast | other-multicast } blacklist enable
Parameters
arp Indicates whether to -

enable the ARP flood
blacklist function.
dhcp Indicates whether to -

enable the DHCP flood
blacklist function.
dhcpv6 Indicates whether to -

enable the DHCPv6 flood
blacklist function.
igmp Indicates whether to -

enable the IGMP flood
blacklist function.
mdns Indicates whether to -

enable the mDNS flood
blacklist function.
nd Indicates whether to -
enable the ND flood
blacklist function.
other-broadcast Indicates whether to -

enable the flood blacklist
function for broadcast
packets other than ARP,
DHCP, DHCPv6, and ND
packets.
other-multicast Indicates whether to -

enable the flood blacklist
function for multicast
packets other than IGMP
and mDNS packets.

Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
After the protocol-based flood blacklist function is enabled, the device considers
traffic of a specified protocol (such as DHCP or ARP) with a rate higher than that
specified in anti-attack flood sta-rate-threshold a flood attack and adds the STA
to the blacklist.
Prerequisites
The flood prevention function has been enabled using the undo anti-attack flood
disable command.
Example
# Enable the DHCP flood blacklist function.
[HUAWEI] wlan
[HUAWEI-wlan-view] vap-profile name profile1
[HUAWEI-wlan-vap-prof-profile1] anti-attack flood dhcp blacklist enable
14.2 anti-attack flood disable
Function
The anti-attack flood disable disables the flood prevention function.
The undo anti-attack flood disable command enables the flood prevention
function.
By default, the flood prevention function is enabled.
Format
anti-attack flood { all | arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast
| other-multicast } disable
undo anti-attack flood { all | arp | dhcp | dhcpv6 | igmp | mdns | nd | other-
broadcast | other-multicast } disable

Parameters
all Indicates whether to -

enable the flood
prevention function for
ARP, DHCP, DHCPv6,
IGMP, mDNS, and ND
multicast, broadcast, and
unicast packets.
arp Indicates whether to -

enable the ARP flood
prevention function.
dhcp Indicates whether to -

enable the DHCP flood
dhcpv6 Indicates whether to -

enable the DHCPv6 flood
igmp Indicates whether to -

enable the IGMP flood
mdns Indicates whether to -

enable the mDNS flood
nd Indicates whether to -
enable the ND flood
other-broadcast Indicates whether to -

enable the flood
broadcast packets other
than ARP, DHCP,
DHCPv6, and ND
packets.
other-multicast Indicates whether to -

enable the flood
multicast packets other
than IGMP and mDNS
packets.
Views
VAP profile view

Default Level
Usage Guidelines
Usage Scenario
If a large number of packets are sent to a device in a short time, the device
becomes busy processing the packets and cannot process normal services. To
prevent flood attacks, you can configure protocol-based flood prevention.
Precautions
The flood prevention function takes effect only for incoming traffic on an AP's
wired interface.
Example
# Disable the DHCP flood prevention function.
[HUAWEI] wlan
[HUAWEI-vap-prof-profile1] anti-attack flood dhcp disable
14.3 anti-attack flood sta-rate-threshold
Function
The anti-attack flood sta-rate-threshold command sets the flood threshold.
The undo anti-attack flood sta-rate-threshold command restores the default

flood threshold.
The default flood threshold is 4 pps for ARP, DHCP, DHCPv6, IGMP, and mDNS
packets, 8 pps for ND packets, 10 pps for broadcast packets other than ARP, DHCP,
DHCPv6, and ND packets, and 10 pps for multicast packets other than IGMP and
mDNS packets.
Format
anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast |
other-multicast } sta-rate-threshold sta-rate-threshold
undo anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-

broadcast | other-multicast } sta-rate-threshold
Parameters
arp Specifies ARP packets. -

dhcp Specifies DHCP packets. -
dhcpv6 Specifies DHCPv6 -

packets.
igmp Specifies IGMP packets. -
mdns Specifies mDNS packets. -
nd Specifies ND packets. -
other-broadcast Specifies broadcast -

packets other than ARP,
DHCP, DHCPv6, and ND
packets.
other-multicast Specifies multicast -

packets other than IGMP
and mDNS packets.
sta-rate-threshold Specifies the rate The value is an integer

threshold of broadcast that ranges from 1 to
traffic from STAs. 5000, in pps.
Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
After the flood prevention function is enabled, you can run this command to set
the broadcast traffic threshold.
When the traffic rate exceeds the threshold, the device considers a flood attack
from the STA and discards the traffic. This prevents the upper-layer network from
being affected by the flood.
If the flood blacklist function is enabled using the anti-attack flood blacklist
enable command, the device adds flood STAs to the blacklist.
Prerequisites
The flood prevention function has been enabled using the undo anti-attack flood
disable command.
Precautions

The flood prevention function takes effect only for incoming traffic on an AP's
wired interface.
Example
# Set the DHCP flood threshold to 100 pps.
[HUAWEI] wlan
[HUAWEI-vap-prof-profile1] anti-attack flood dhcp sta-rate-threshold 100
14.4 arp anti-attack check user-bind enable

Function
The arp anti-attack check user-bind enable command enables dynamic ARP
inspection (DAI).
The undo arp anti-attack check user-bind enable command disables DAI.
By default, DAI is disabled.
Format
arp anti-attack check user-bind enable
undo arp anti-attack check user-bind enable
Parameters
None
Views
VAP profile view
Default Level
Usage Guidelines
DAI allows an AP to detect the ARP Request and Reply packets transmitted on the
VAPs of the AP, to discard invalid and attack ARP packets, and to record an alarm.
This function prevents ARP packets of unauthorized users from accessing the
external network through the AP, protecting authorized users against interference
or spoofing, and protecting the AP.
● Invalid ARP packets: The source IP and MAC addresses of ARP Request and
Reply packets do not match.
● Attack ARP packets: When an AP receives a large number of consecutive ARP
packets and the number of ARP packets exceeds the ARP attack alarm
threshold, an ARP attack occurs.

Example
# Enable DAI.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] arp anti-attack check user-bind enable
14.5 brute-force-detect interval

Function
The brute-force-detect interval command sets the interval for brute force key
cracking detection.
The undo brute-force-detect interval command restores the default interval for
brute force key cracking detection.
By default, the interval for brute force key cracking detection is 60 seconds.
Format
brute-force-detect interval interval
undo brute-force-detect interval
Parameters
interval Specifies the interval for brute force key The value is an
interval cracking detection. integer that ranges
from 10 to 120, in
seconds.
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
In a brute force key cracking attack, an attacker tries all possible key combinations
one by one to obtain the correct password. To improve password security, enable
defense against brute force key cracking to prolong the time used to crack
passwords.

An AP checks whether the number of key negotiation failures during WPA/WPA2-

PSK, WAPI-PSK, or WEP-Share-Key authentication of a user exceeds the threshold
configured using the brute-force-detect threshold command. If so, the AP
considers that the user is using the brute force method to crack the password. If
the dynamic blacklist function is enabled, the AP adds the user to the dynamic
blacklist and discards all the packets from the user until the dynamic blacklist
entry ages out.
Follow-up Procedure
Run the dynamic-blacklist enable command to enable the dynamic blacklist

function.
Example
# Set the interval for brute force key cracking detection to 100 seconds.
[HUAWEI-wlan-Radio0/0/1] wids attack detect enable wpa-psk
[HUAWEI-wlan-Radio0/0/1] quit
[HUAWEI] wlan
[HUAWEI-wlan-view] wids
[HUAWEI-wlan-wids] brute-force-detect interval 100
14.6 brute-force-detect quiet-time

Function
The brute-force-detect quiet-time command sets the quiet time for an AP to
record brute force key attacks.
The undo brute-force-detect quiet-time command restores the default quiet

time for an AP to record brute force key attacks.
By default, the quiet time for an AP to record brute force key attacks is 600
seconds.
Format
brute-force-detect quiet-time quiet-time-value
undo brute-force-detect quiet-time
Parameters
quiet-time- Specifies the quiet time for an AP to The value is an

value record brute force key attacks. integer that ranges
from 60 to 36000, in
seconds.

Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
After attack detection is enabled on an AP, the AP reports alarms upon attack
detection. If an attack source launches attacks repeatedly, a large number of
repeated alarms are generated. To prevent this situation, configure the quiet time
function for attack detection. When detecting attack sources of the same MAC
address, the AP does not report alarms in the quiet time. However, if the AP still
detects attacks from the attack source after the quiet time expires, the AP reports
alarms. You can set the quiet time based on attack types.
To obtain attack information in a timely manner, set the quiet time to a small
value. If attacks are frequently detected, set the quiet time to a large value to
prevent frequent alarm reports.
Follow-up Procedure

function.
Example
# Set the quiet time for an AP to record brute force key attacks to 300 seconds.
[HUAWEI] wlan
[HUAWEI-wlan-wids] brute-force-detect quiet-time 300
14.7 brute-force-detect threshold

Function
The brute-force-detect threshold command sets the maximum number of key
negotiation failures allowed within a brute force key cracking attack detection
period.
The undo brute-force-detect threshold command restores the default maximum

number of key negotiation failures allowed within a brute force key cracking
attack detection period.
By default, an AP allows a maximum of 20 key negotiation failures within a brute

force key cracking attack detection period.

Format
brute-force-detect threshold threshold
undo brute-force-detect threshold
Parameters
threshold Specifies the number of key negotiation The value is an

threshold failures within a detection period. integer that ranges
from 1 to 100.
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
In a brute force key cracking attack, an attacker tries all possible key combinations
one by one to obtain the correct password. To improve password security, enable
defense against brute force key cracking to prolong the time used to crack
passwords.
An AP checks whether the number of key negotiation failures during WPA/WPA2-
PSK, WAPI-PSK, or WEP-Share-Key authentication of a user exceeds the threshold
configured using the brute-force-detect threshold command. If so, the AP
considers that the user is using the brute force method to crack the password. If
the dynamic blacklist function is enabled, the AP adds the user to the dynamic
blacklist and discards all the packets from the user until the dynamic blacklist
entry ages out. If the threshold is set to a small value, the AP may incorrectly add
authorized users to the dynamic blacklist, causing the users unable to go online.
Follow-up Procedure
function.
Example
# Set the maximum number of key negotiation failures allowed within a brute
force key cracking attack detection period to 60.
[HUAWEI] wlan

[HUAWEI-wlan-wids] brute-force-detect threshold 60
14.8 contain
Function
The contain command enables containment of rogue and interfering devices
based on the RSSI and number of associated STAs on the devices.
The undo contain command disables containment of rogue and interfering
devices based on the RSSI and number of associated STAs on the devices.
By default, containment of rogue and interfering devices based on the RSSI and
number of associated STAs on the devices is disabled.
Format
contain { min-rssi min-rssi | min-sta-num min-sta-num }
undo contain { min-rssi | min-sta-num }
Parameters
min-rssi min- Specifies the minimum RSSI value. The value is an

rssi integer that ranges
from -95 to -50.
min-sta-num Specifies the minimum number of The value is an

min-sta-num associated STAs. integer that ranges
from 1 to 10.
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
After RSSI-based containment is enabled, if the RSSIs of detected rogue and
interfering devices are no more than the specified minimum RSSI value, the
devices are not contained. They are contained only when their RSSIs exceed the
specified minimum RSSI value.
After containment based on the number of associated STAs is enabled, if the
number of STAs associated with detected rogue and interfering devices is smaller

than the specified minimum value, the devices are not contained. They are
contained only when the number of STAs associated with them reaches the
specified minimum value.
Prerequisites
Detection and containment of rogue and interfering devices have been enabled.
Precautions
This function is not supported in manual containment mode.
Example
# Enable containment of rogue and interfering APs with spoofing SSIDs and set
the number of associated STAs that triggers containment to 5.
[HUAWEI-wlan-Radio0/0/1] wids contain enable
[HUAWEI] wlan
[HUAWEI-wlan-wids] contain-mode spoof-ssid-ap
[HUAWEI-wlan-wids] contain min-sta-num 5
14.9 contain-mode
Function
The contain-mode command sets the containment mode against rogue or
interference devices.
The undo contain-mode command deletes the containment mode against rogue
or interference devices.
By default, no containment mode against rogue or interference devices is set.
Format
contain-mode { open-ap | spoof-ssid-ap | client [ protect sta-whitelist-profile
profile-name ] | adhoc }
undo contain-mode { open-ap | spoof-ssid-ap | client [ protect ] | adhoc }
Parameters
open-ap Sets the containment mode against -

open-authentication rogue or
interference APs.
spoof-ssid- Sets the containment mode against -

ap rogue or interference APs using spoofing
SSIDs.

client Sets the containment mode against -

unauthorized STAs or interference STAs.
protect sta- Protects STAs based on the STA whitelist. -

whitelist- Authorized STAs in the whitelist are
profile protected from connecting to rogue or
profile-name interference APs.
adhoc Sets the containment mode against Ad- -

hoc devices.
Views
WIDS view
Default Level
Usage Guidelines
Rogue or interference devices pose serious security threats to enterprise networks.
After the containment mode is set against rogue or interference APs, the monitor
AP uses the identity of the rogue or interference AP to broadcast deauthentication
frames to forcibly disconnect STAs. To prevent the STAs from connecting to the
rogue or interference AP again, the monitor AP will periodically and continuously
send deauthentication frames.
After the containment mode is set against rogue STAs, interference STAs or Ad-hoc
devices, the monitor AP uses the MAC address of a rogue device to continuously
send unicast deauthentication frames.
Example
# Counter rogue and interference APs with spoofing SSIDs.
[HUAWEI] wlan
[HUAWEI-wlan-wids] contain-mode spoof-ssid-ap
14.10 device report-interval

Function
The device report-interval command sets the interval at which an AP detects
incremental wireless device information.

The undo device report-interval command restores the default interval at which
an AP detects incremental wireless device information.
By default, an AP detects incremental wireless device information at an interval of

300 seconds.
Format
device report-interval interval
undo device report-interval
Parameters
interval Specifies the interval at which an AP The value is an

detects incremental wireless device integer that ranges
information. from 60 to 3600, in
seconds.
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
Prerequisites
The device detection function has been enabled using the wids device detect
enable command for the AP.
Example
# Set the interval at which an AP detects incremental wireless device information
to 120 seconds.
[HUAWEI-wlan-Radio0/0/1] wids device detect enable
[HUAWEI] wlan
[HUAWEI-wlan-wids] device report-interval 120

14.11 dhcp trust port

Function
The dhcp trust port command configures a DHCP trusted interface on an AP.
The undo dhcp trust port command cancels the configuration.
By default, the DHCP trusted interface is enabled on the AP.
Format
dhcp trust port
undo dhcp trust port
Parameters
None
Views
GE interface view, Eth-Trunk interface view, , MultiGE interface view
Default Level
Usage Guidelines
Usage Scenario
When STA address learning is enabled using the undo learn-client-address

disable (VAP profile view) command:
● If the STA gateway is deployed on the AP, disable the DHCP trusted interface
function to prevent attacks to STAs from bogus DHCP servers.
● If the STA gateway is deployed on a non-AP device, configure the AP interface
connected to the gateway as a DHCP trusted interface so that STAs can
obtain IP addresses of the same VLAN from the DHCP server.
When STA address learning is disabled using the learn-client-address disable

(VAP profile view) command, STAs can obtain IP addresses of the same VLAN
through the interface regardless of whether the interface is configured as a DHCP
trusted interface.
Example
# Configure GE0/0/0 on the AP as a DHCP trusted interface.
[HUAWEI-GigabitEthernet0/0/0] dhcp trust port

14.12 display ap radio-environment

Function
The display ap radio-environment command displays air interface environment
information about AP radios.
Format
display ap radio-environment [ radio radio-id ]
Parameters
radio radio-id Displays air interface environment The radio ID must

information about the AP radio with a exist.
specified ID.
Views
All views
Default Level
Usage Guidelines
Usage Scenario
When WLAN access experience is poor, you can run this command to view air
interface environment information and Wi-Fi interference sources. The interference
can be determined based on the noise floor, signal to interference plus noise ratio
(SINR), co-channel interference, and adjacent-channel interference. After this
command is executed, radio scanning of the AP is automatically enabled, and the
AP starts to scan the air interface environment of radios. You can run this
command again to view air interface environment scanning results.
Precautions
When you run this command for the first time, no air interface environment
scanning result is displayed. To view air interface environment scanning results,
run this command again.
After AP radio scanning is enabled using this command, the air interface
performance of an AP is affected. If this command is not executed again after five
minutes, AP radio scanning is automatically disabled.
If the radio radio-id parameter is not specified, air interface environment
information about all radios of the AP is displayed.

NOTE
In the scanning result, the channel utilization, co-channel interference, and adjacent-channel
interference are calculated with the impact of non-Wi-Fi interference. However, non-Wi-Fi
interference devices are not displayed in the interference source list.
Example
# Display air interface environment information about radio 0.
<HUAWEI> display ap radio-environment radio 0
Warning: This operation will enable scanning for the specified radio, affecting AP's air interface
performance. Scanning will be aut
omatically disabled 5 minutes after you run this command. Continue? [Y/N]y
Info: This operation may take a few seconds. Please wait for a moment.done.
p: permit
i: interference
Ch: Channel
CU: Channel Utility
NF: Noise Floor
CommIf: Common-Channel Interference
AdjaceIf: Adjacent-Channel Interference
SINR: Signal to Interference and Noise Ratio
#AP: Number of APs detected
Radio: 0
ScanChannel: 1
WorkChannel: 1
ScanCycle: 1
---------------------------------------------------------------------------
Ch NF CU(%) CommIf(%) AdjaceIf(%) SINR #APs
---------------------------------------------------------------------------
1 -105 75 19 - 245 57
---------------------------------------------------------------------------
Total: 1
---------------------------------------------------------------------------
Ch MAC Type RSSI SSID
---------------------------------------------------------------------------
1 c88d-833a-8d41 i -65 xw9-2g-tunnel
1 00e0-fc3a-8d41 i -65 xw9-2g-tunnel
Total: 1
Table 14-1 Description of the display ap radio-environment [ radio radio-id ]

command output
Item Description
Radio Radio on which the air interface

environment is scanned.
ScanChannel Scanning channel.
WorkChannel Working channel of the AP.
ScanCycle Scanning count.
Ch Channel that has scanned a device.
NF Noise floor.
CU(%) Channel utilization.
CommIf(%) Co-channel interference.
AdjaceIf(%) Adjacent-channel interference.

Item Description
#APs Number of scanned radio neighbors.
SINR Signal to interference plus noise ratio

(SINR).
MAC MAC address of the scanned device.
Type Type of the scanned interference

device.
● i: WIDS device
● p: Non-WIDS device
RSSI RSSI of the scanned device.
SSID SSID to which the scanned device is

connected.
NOTE
If an AP detects that a channel has a high co-channel interference (higher than 50%), another
Wi-Fi device is using this channel and affects the local AP. In this case, it is recommended that
the AP channel be switched using radio calibration or other methods.
14.13 display wlan wids manual-contain device-mac-

list
Function
The display wlan wids manual-contain device-mac-list command displays the
list of MAC addresses of devices to be manually contained.
Format
display wlan wids manual-contain device-mac-list
Parameters
None
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
After the manual containment function is enabled, you can run this command to
check the list of MAC addresses of devices to be manually contained.
Example
# Display the list of MAC addresses of devices to be manually contained.
<HUAWEI> display wlan wids manual-contain device-mac-list
--------------------------------------------------------------------------------
Index MAC
--------------------------------------------------------------------------------
0 1211-2222-3331
1 1211-2222-3332
2 1211-2222-3333
3 1211-2222-3334
4 1211-2222-3335
5 1211-2222-3336
6 1211-2222-3337
7 1211-2222-3338
8 1211-2222-3339
--------------------------------------------------------------------------------
Total: 9
Table 14-2 Description of the display wlan wids manual-contain device-mac-

list command output
Item Description
Index Serial number.
MAC MAC address of a device to be

manually contained.
14.14 display wlan ids attack-detected

Function
The display wlan ids attack-detected command displays information about the
detected attacking devices.
Format
display wlan ids attack-detected { all | flood | spoof | wapi-psk | weak-iv |
wep-share-key | wpa-psk | wpa2-psk | mac-address mac-address }
Parameters
all Displays information about all types of -

attacking devices.

flood Displays information about devices -

launching flood attacks.
spoof Displays information about devices -

launching spoofing attacks.
wapi-psk Displays information about devices that -

perform brute force cracking in WAPI-
PSK authentication mode.
weak-iv Displays information about devices -

launching weak IV attacks.
wep-share- Displays information about devices that -

key perform brute force cracking in WEP-SK
wpa-psk Displays information about devices that -

perform brute force cracking in WPA-PSK
wpa2-psk Displays information about devices that -

perform brute force cracking in WPA2-
mac-address Displays information about the detected The value is in H-H-

mac-address attacking devices with specified MAC H format. An H is a
addresses. hexadecimal
number of 4 digits.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After attack detection is enabled, you can run this command to view information
about the attacking devices.
Prerequisites
The attack detection functions of all types have been enabled using the wids
attack detect enable command.
Example
# Display information of all current attacking devices.

<HUAWEI> display wlan ids attack-detected all

#AP: Number of monitor APs that have detected the device
AT: Last detected attack type
CH: Channel number
act: Action frame asr: Association request
aur: Authentication request daf: Deauthentication frame
dar: Disassociation request wiv: Weak IV detected
pbr: Probe request rar: Reassociation request
eaps: EAPOL start frame eapl: EAPOL logoff frame
saf: Spoofed disassociation frame
sdf: Spoofed deauthentication frame
otsf: Other types of spoofing frames
-------------------------------------------------------------------------------
MAC address AT CH RSSI(dBm) Last detected time #AP
-------------------------------------------------------------------------------
00e0-fc02-9c81 pbr 165 -87 2014-11-20/15:51:13 1
00e0-fc76-03e9 pbr 165 -84 2014-11-20/15:52:13 1
00e0-fc74-691f act 165 -67 2014-11-20/15:43:33 1
00e0-fcb7-171d pbr 165 -88 2014-11-20/15:41:43 1
00e0-fcb7-171f act 165 -87 2014-11-20/15:44:03 1
-------------------------------------------------------------------------------
Total: 5, printed: 5
Table 14-3 Description of the display wlan ids attack-detected all command
output
Item Description
MAC address ● For spoofing attacks, this parameter

indicates the basic service set
identifier (BSSID) that forges the
MAC address of an AP.
● For other types of attacks, this
parameter indicates the MAC
address of the device launching
attacks.
AT Acronym of the attack type.
CH Channel in which the last attack is

detected.
RSSI(dBm) Average received signal strength

indicator (RSSI) of the attack frames
detected.
Last detected time Last time at which an attack was

detected.
#AP Number of APs which detect this

attack.
# Display information of an attacking device with the specified MAC address.

<HUAWEI> display wlan ids attack-detected mac-address 8c70-5a47-aad0


-------------------------------------------------------------------------------
MAC address : 00e0-fc47-aad0
Number of detected APs :1
Channel : 165
RSSI(dBm) : -80
Reported AP 1
AP name : ap-13
Flood attack type : pbr
First detected time(Flood) : 2014-11-20/15:50:33
Spoof attack type :-
First detected time(Spoof) :-
First detected time(Weak-iv) :-
First detected time(WEP) :-
First detected time(WPA) :-
First detected time(WPA2) :-
First detected time(WAPI) :-
-------------------------------------------------------------------------------
Table 14-4 Description of the display wlan ids attack-detected mac-address

mac-address command output
Item Description

attacks.
Number of detected APs Number of APs which detect this

attack.
Channel Channel in which the last attack is

detected.

detected.
Reported AP Information of the AP which detects

the attack.
AP name Name of the AP which detects the

attack.
Flood attack type Flood attacks detected by the AP.
Spoof attack type Spoofing attacks detected by the AP.
First detected time First time when an attack is detected

by an AP.

14.15 display wlan ids attack-detected statistics

Function
The display wlan ids attack-detected statistics command displays the number of
attacks detected.
Format
display wlan ids attack-detected statistics
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After attack detection is enabled, you can run the display wlan ids attack-
detected statistics command to view the total number of all types of attacks.
Prerequisites
Example
# Display the number of attacks detected.
<HUAWEI> display wlan ids attack-detected statistics
Attack tracking since: 2015-01-27/12:02:11
--------------------------------------------------------------------------------
Type Total
--------------------------------------------------------------------------------
Probe request frame flood attack :0
Authentication request frame flood attack :0
Deauthentication frame flood attack :0
Association request frame flood attack :0
Disassociation request frame flood attack :0
Reassociation request frame flood attack :0
Action frame flood attack :0
EAPOL start frame flood attack :0
EAPOL logoff frame flood attack :0
Weak IVs detected :0
Spoofed deauthentication frame attack :0
Spoofed disassociation frame attack :0
Other types of spoofing frame attack :0

WEP share-key attack :0

WPA attack :0
WPA2 attack :0
WAPI attack :0
--------------------------------------------------------------------------------
Table 14-5 Description of the display wlan ids attack-detected statistics

command output
Item Description
Type Attack type:

● Probe request frame flood attack
● Authentication request frame flood
attack
● Deauthentication frame flood
attack
● Association request frame flood
attack
● Disassociation request frame flood
attack
● Reassociation request frame flood
attack
● Action frame flood attack
● EAPOL start frame flood attack
● EAPOL logoff frame flood attack
● Weak IVs detected
● Spoofed deauthentication frame
attack
● Spoofed disassociation frame attack
● Other types of spoofing frame
attack
● WEP share-key attack: brute force
cracking attack in WEP-SK
authentication mode
● WPA attack: brute force cracking
attack in WPA-PSK authentication
mode
● WPA2 attack: brute force cracking
attack in WPA2-PSK authentication
mode
● WAPI attack: brute force cracking
attack in WAPI authentication
mode
Total Total number of attacks detected.

14.16 display wlan ids attack-history

Function
The display wlan ids attack-history command displays historical records about
the attacking devices detected.
Format
display wlan ids attack-history { all | flood | spoof | wapi-psk | weak-iv | wep-
share-key | wpa-psk | wpa2-psk | mac-address mac-address }
Parameters
all Displays historical records about all types -

of attacking devices.
flood Displays historical records about devices -

spoof Displays historical records about devices -

wapi-psk Displays historical records about devices -

that perform brute force cracking in
WAPI-PSK authentication mode.
weak-iv Displays historical records about devices -

wep-share- Displays historical records about devices -

key that perform brute force cracking in
WEP-SK authentication mode.
wpa-psk Displays historical records about devices -

WPA-PSK authentication mode.
wpa2-psk Displays information about devices that -

mac-address Displays historical records about The value is in H-H-

mac-address detected devices launching attacks with H format. An H is a
specified MAC addresses. hexadecimal
number of 4 digits.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
After attack detection is enabled, information about the detected attacking

devices are saved in the attacking device list. If an attacking device no longer
launches an attack, the device is removed from the attacking device list and saved
to the historical attacking device list. You can run the display wlan ids attack-
history command to check historical records about the attacking devices detected.
Prerequisites
Example
# Display historical records of all attacking devices.
<HUAWEI> display wlan ids attack-history all
AP: Name of the monitor AP that has detected the device
AT: Attack type CH: Channel number
-------------------------------------------------------------------------------
MAC address AT CH RSSI(dBm) Last detected time AP
-------------------------------------------------------------------------------
00e0-fc12-37ec pbr 165 -86 2014-11-20/15:51:43 ap-13
00e0-fc12-171d pbr 165 -88 2014-11-20/15:41:43 ap-13
00e0-fc12-0bf4 pbr 165 -81 2014-11-20/15:41:53 ap-13
-------------------------------------------------------------------------------
Table 14-6 Description of the display wlan ids attack-history all command
output
Item Description

attacks.
AT Acronym of the attack type.

Item Description
CH Channel in which the last attack is

detected.

detected.
Last detected time Last time at which an attack is

detected.
AP Name of the monitor AP.
14.17 display wlan ids contain

Function
The display wlan ids contain command displays information about countered
devices.
Format
display wlan ids contain { all | ap | adhoc | client | ssid | mac-address mac-
address }
Parameters
all Displays information about all countered -

devices.
ap Displays information about countered -

APs.
adhoc Displays information about countered -

ad-hoc devices.
client Displays information about countered -

user terminals.
ssid Displays information about countered -

devices with unauthorized SSIDs.
mac-address Displays information about countered The MAC addresses

mac-address devices with specified MAC addresses. must exist.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
After WIDS or WIPS is enabled, you can run the display wlan ids
countermeasures device command to view information about countered devices.
Example
# Display the list of all countered devices.
<HUAWEI> display wlan ids contain all
#Rf: Number of monitor radios that have contained the device
CH: Channel number
Reason: open-encrypt, spoof-ssid-ap, protect-client,
client, adhoc, manual
-------------------------------------------------------------------------------
MAC address CH Authentication Last detected time #Rf Reason SSID
-------------------------------------------------------------------------------
00e0-fc12-3456 11 open 2014-11-20/16:16:57 1 manual -
-------------------------------------------------------------------------------
Table 14-7 Description of the display wlan ids contain all command output
Item Description
MAC address MAC address of the countered device.
CH Channel in which the monitoring AP

detects a device for the last time.
Authentication Authentication mode of the countered

device.
Last detected time Last time at which the monitoring AP

detects a device.
#Rf Number of monitor radios that have

contained the device.
Reason Reason for the device to be contained.

The priorities of containment reasons
are in descending order as follows:
manual > open-encrypt > spoof-ap >
protect-client > client > adhoc.
SSID SSID of the countered device.
# Display information about countered SSIDs.

<HUAWEI> display wlan ids contain ssid
#Dev: Number of devices using SSID
----------------------------------------------------------------------
SSID #Dev Last detected time
----------------------------------------------------------------------

CMCC 2 2012-07-27/16:41:55
----------------------------------------------------------------------
Table 14-8 Description of the display wlan ids contain ssid command output
Item Description
SSID Countered SSID.
#Dev Number of devices that use the SSID.
Last detected time Last time at which the device using

the SSID is detected.
# Display information about countered devices with specified MAC addresses.

<HUAWEI> display wlan ids contain mac-address 549f-13c4-627f
-------------------------------------------------------------------------------
MAC address : 00e0-fc12-3456
BSSID : 00e0-fc12-7890
Type : rogue client
SSID :-
Authentication :-
Number of monitor radios that have contained the device : 1
Last detected channel :1
Maximum RSSI(dBm) : -54
Beacon interval(ms) :0
First detected time : 2015-10-20/15:06:26
Reported AP 1
AP name : admin_ap0_admin_ap0_admin
Radio ID :0
Radio type : 802.11bg
Channel :1
RSSI(dBm) : -54
Last detected time : 2015-10-20/15:06:26
Counter measure :Y
Reason : manual
-------------------------------------------------------------------------------
Table 14-9 Description of the display wlan ids contain mac-address command
output
Item Description
MAC address MAC address of the detected device.
BSSID BSSID of the detected device.
Type Type of the detected device.
SSID SSID of the detected device.
Authentication Authentication mode of the detected

device.

Item Description
Number of monitor radios that have Number of radios that contain the
contained the device device.
If WIDS is enabled on multiple APs,
the type of the device may be
contained by these APs' radios.
Last detected channel Channel in which the device is

detected for the last time.
Maximum RSSI(dBm) Maximum RSSI of the detected device.
Beacon interval(ms) Interval at which the detected device

sends beacon frames.
First detected time First time at which the device is

detected.
Reported AP 1 Information of the Monitoring AP

which reports detection information.
AP name Name of the monitoring AP.
Radio ID Radio ID of the monitoring AP.
MAC address MAC address of the monitoring AP.
Radio type Radio type of the monitoring AP.
Channel Channel of the monitoring AP.
RSSI(dBm) RSSI of the monitoring AP.
Last detected time Last time when the device is detected.
Counter measure Whether the device is contained.
Reason Reason for the device to be contained.

The priorities of containment reasons
are in descending order as follows:
manual > open-encrypt > spoof-ap >
protect-client > client > adhoc.
14.18 display wlan ids device-detected

Function
The display wlan ids device-detected command displays various wireless devices
detected on a WLAN.

Format
display wlan ids device-detected { all | [ interference | rogue ] ap | [ rogue ]
bridge | [ rogue ] client [ bssid bssid ] | adhoc | [ rogue ] ssid | mac-address
mac-address }
Parameters
all Displays all wireless devices detected on -

the WLAN.
interference Displays interfering devices detected on -

the WLAN.
rogue Displays rogue devices detected on the -

WLAN.
ap Displays APs detected on the WLAN. -
bridge Displays bridge devices detected on the -

WLAN.
client Displays user terminals detected on the -

WLAN.
bssid bssid Displays detailed information about The format is H-H-

devices with the specified BSSID detected H. An H is a
on the WLAN. hexadecimal
number of 4 digits.
adhoc Displays detected user terminals that -

belong to the ad-hoc network on the
WLAN.
ssid Displays SSIDs detected on the WLAN. -
mac-address Displays detailed information about The MAC addresses

mac-address devices with specified MAC addresses must exist.
detected on the WLAN.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario

To ensure the WLAN reliability, all the wireless devices on the current WLAN must
be monitored. You can run the display wlan ids detected command to view
information about the wireless devices detected.
Prerequisites
The device detection function has been enabled on the AP using the wids device
detect enable command.
Example
# Display all devices detected on a WLAN.
<HUAWEI> display wlan ids device-detected all
Flags: r: rogue, p: permit, i: interference, a: adhoc, w: AP, b: wireless-bridge, c: client
#Rf: Number of monitor radios that have detected the device
CH: Channel number
RSSI(dBm): Maximum RSSI of detected device
StaNum: Number of detected STAs associated with the device
-------------------------------------------------------------------------------------------------
MAC address Type CH RSSI(dBm) StaNum Authentication Last detected time #Rf SSID
-------------------------------------------------------------------------------------------------
00e0-fc20-de2b i/w 1 -60 5 open 2014-11-20/11:03:44 1 -
-------------------------------------------------------------------------------------------------
Table 14-10 Description of the display wlan ids device-detected all command
output
Item Description
Type Type of the detected device:

● r: rogue device
● p: authorized device
● i: interfering device
● a: user terminal on the ad-hoc
network
● w: AP
● b: bridge device
● c: user terminal
CH Authentication mode of the detected

device.
RSSI(dBm) RSSI of the detected device.
StaNum Channel in which the device is


device.

Item Description
#Rf Number of radios that detect the

device.
# Display information about APs detected on the WLAN.

<HUAWEI> display wlan ids device-detected ap
Flags: r: rogue, p: permit, i: interference
CH: Channel number
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
00e0-fc20-de2b r 1 -60 5 open 2014-11-20/11:03:44 1 -
-------------------------------------------------------------------------------------------------
# Display information about rogue APs detected on the WLAN.

<HUAWEI> display wlan ids device-detected rogue ap
CH: Channel number
-------------------------------------------------------------------------------------------------
MAC Address CH RSSI(dBm) StaNum Authentication Last detected time #Rf SSID
-------------------------------------------------------------------------------------------------
00e0-fc20-de2b 1 -60 5 open 2014-11-20/11:03:44 1 -
-------------------------------------------------------------------------------------------------
# Display information about interfering APs detected on the WLAN.

<HUAWEI> display wlan ids device-detected interference ap
Flags: r: rogue, p: permit, i: interference
CH: Channel number
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
00e0-fc20-de2b i 1 -60 5 open 2014-11-20/11:03:44 1 -
-------------------------------------------------------------------------------------------------
# Display information about ad-hoc devices detected on the WLAN.

<HUAWEI> display wlan ids device-detected adhoc
Flags: r: rogue
CH: Channel number
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
00e0-fc20-de2d r 6 -60 - - 2014-11-20/11:12:58 2 -
-------------------------------------------------------------------------------------------------

# Display information about SSIDs detected on the WLAN.

<HUAWEI> display wlan ids device-detected ssid
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
trad 1 2014-11-20/11:01:44
CMCC-4G 6 2014-11-20/11:14:13
-------------------------------------------------------------------------------
Table 14-11 Description of the display wlan ids device-detected ssid command
output
Item Description
SSID SSID detected.

# Display information about spoofing SSIDs detected on the WLAN.

<HUAWEI> display wlan ids device-detected rogue ssid
#Dev: number of devices using rogue SSID
--------------------------------------------------------------------------------
Rogue SSID Spoof profile #Dev Last detected time
Pattern rule
--------------------------------------------------------------------------------
ao a0 1 2014-11-20/11:14:39
ao
al a1 2 2014-11-20/11:14:39
al
--------------------------------------------------------------------------------
ssid -- 1 2014-11-20/15:59:45
---------------------------------------------------------------------------------
Total: 3
Table 14-12 Description of the display wlan ids device-detected rogue ssid
command output
Item Description
Rogue SSID Spoofing SSIDs detected, including

SSIDs same as the authorized SSIDs
and SSIDs matching the specified fuzzy
rules.
Spoof profile WIDS spoof SSID profile owned the

fuzzy matching rule.
Pattern rule Fuzzy matching rule for the spoofing

SSID.
#Dev Number of APs using the SSID.
Last detected time Last time when the SSID is detected.

# Display detailed information about devices with MAC address 0008-cbe9-1c00

detected on the WLAN.
<HUAWEI> display wlan ids device-detected mac-address 0008-cbe9-1c00
Detected MAC List
--------------------------------------------------------------------------------
MAC address : 00e0-fce9-1c00
BSSID : 00e0-fce9-1c00
00e0-fce9-1c00Type :
SSID :-
Authentication : 802.1x
Number of monitor radios that have detected the device : 1
Last detected channel :1
Maximum RSSI(dBm) : -80
Beacon interval(TUs) :-
First detected time : 2015-10-20/15:07:23
Reported AP 1
AP name : admin_ap0_admin_ap0_admin
Radio ID :0
00e0-fc1e-c4a0 Radio type :
Radio type : 802.11bg
Channel :1
RSSI(dBm) : -80
Counter measure :Y
Counter measure reason : spoof-ssid-ap
--------------------------------------------------------------------------------
Table 14-13 Description of the display wlan ids device-detected mac-address

command output
Item Description
BSSID BSSID of the detected device.

device.
Number of monitor radios that have Number of radios that detect the
detected the device device.
If WIDS is enabled on multiple APs,
the type of the device may be detected
by these APs' radios.
Last detected channel Channel of the detected device.
Maximum RSSI(dBm) Maximum RSSI of the detected device.
Beacon interval(TUs) Interval at which the detected device

sends Beacon frames.
First detected time First time when the device is detected.

Item Description
Reported AP 1 Information about the monitor AP

which reports detection information.
AP name Name of the monitor AP.
Radio ID Radio ID of the monitor AP.
MAC address MAC address of the monitor AP.
Radio type Radio type of the monitor AP.
Channel Channel of the monitor AP.
RSSI(dBm) RSSI of the monitor AP.
Counter measure Whether the device is contained.
Counter measure reason Reason why the device is contained.

● open-encrypt: The authentication
mode of the device is open.
● spoof-ssid-ap: The device is a rogue
AP or interference AP with a
spoofing SSID.
● protect-client: The device is a STA in
the STA whitelist and is contained
to prevent it from accessing a rogue
AP.
● client: The device is a rogue STA or
interference STA.
● adhoc: The device is a rogue ad-hoc
device.
● manual: The device is manually
contained.
14.19 display wlan ids device-detected statistics

Function
The display wlan ids device-detected statistics command displays statistics on
all wireless devices detected on a WLAN.
Format
display wlan ids device-detected statistics

Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display wlan ids device-detected statistics command to view
statistics on all wireless devices detected on a WLAN.
Example
# Display statistics on wireless devices detected on a WLAN.
<HUAWEI> display wlan ids device-detected statistics
------------------------------------------------------------------------------------------------
Rogue Adhoc :0
Contain Adhoc :0
Rogue AP :0
Permit AP :0
Interference AP :0
Contain AP :0
Rogue client :2
Permit client :0
Interference Client : 0
Contain client :2
Permit Bridge :2
Rogue Bridge :0
Interference Bridge : 0
------------------------------------------------------------------------------------------------
Table 14-14 Description of the display wlan ids device-detected statistics

command output
Item Description
Rogue Adhoc Number of rogue ad-hoc devices.
Contain Adhoc Number of contained ad-hoc devices.
Rogue AP Number of rogue APs.
Permit AP Number of authorized APs.
Interference AP Number of interfering APs.
Contain AP Number of contained APs.
Rogue Client Number of rogue terminal devices.

Item Description
Permit Client Number of authorized terminal

devices.
Interference Client Number of interfering terminal

devices.
Contain Client Number of contained terminal devices.
Permit Bridge Number of authorized bridge devices.
Rogue Bridge Number of unauthorized bridge

devices.
Interference Bridge Number of interfering bridge devices.
14.20 display wlan dynamic-blacklist

Function
The display wlan dynamic-blacklist command displays information about devices
in the dynamic blacklist.
Format
display wlan dynamic-blacklist { all | mac-address mac-address }
Parameters
all Displays information about all devices in -

the dynamic blacklist.
mac-address Displays information about attack The MAC address

mac-address devices with a specified MAC address. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
An AP uses attack detection and dynamic blacklist functions to add a detected
attack device to the dynamic blacklist, and rejects packets sent from this device

until the device entry in the dynamic blacklist ages. You can run this command to
view information about devices in the dynamic blacklist.
Example
# Display information about all devices in the dynamic blacklist.
<HUAWEI> display wlan dynamic-blacklist all
#AP: Number of monitor APs that have detected the device
LAT: Left aging time(s)
dar: Disassociation request eapl: EAPOL logoff frame
eaps: EAPOL start frame sti: Static IP
brf: Broadcast flood
-------------------------------------------------------------------------------
MAC address Last detected time Reason #AP LAT
-------------------------------------------------------------------------------
00e0-fc12-3451 2015-07-27/12:51:25 brf 1 100
00e0-fc12-3452 2015-07-27/12:51:25 pbr 1 200
00e0-fc12-3453 2015-07-27/12:51:25 pbr 1 200
00e0-fc12-3454 2015-07-27/12:51:25 sti 1 200
00e0-fc12-3455 2015-07-27/12:51:25 pbr 1 200
00e0-fc12-3456 2015-07-27/12:51:25 pbr 1 200
-------------------------------------------------------------------------------
Table 14-15 Description of the display wlan dynamic-blacklist all command

output
Item Description
MAC address MAC address of the device in the

dynamic blacklist.
Last detected time Latest time when the device was

added to the dynamic blacklist.
Reason Reason why the device is added to the

dynamic blacklist.
#AP Number of APs that have detected and

added the device to the dynamic
blacklist.
LAT Remaining aging time for the device in

# Display information about specified devices in the dynamic blacklist.

<HUAWEI> display wlan dynamic-blacklist mac-address 0006-f476-cb70
LAT: Left aging time(s) BT: Block time(s)
dar: Disassociation request eapl: EAPOL logoff frame
eaps: EAPOL start frame sti: Static IP
brf: Broadcast flood
-------------------------------------------------------------
AP name Last detected time Reason LAT BT

-------------------------------------------------------------
wcw 2015-07-27/12:51:25 pbr 100 900
wcw2 2015-07-27/12:51:25 pbr 100 1900
-------------------------------------------------------------
Table 14-16 Description of the display wlan dynamic-blacklist mac-address

command output
Item Description
AP name Name of the monitoring AP.
Reason Reason why the device is added to the

dynamic blacklist.
LAT Remaining aging time for the device in

BT Duration for which the device is in the

dynamic blacklist.
14.21 display wlan ids rogue-history

Function
The display wlan ids rogue-history command displays historical records of rogue
devices.
Format
display wlan ids rogue-history { all | ap | bridge | client | adhoc | ssid | mac-
address mac-address }
Parameters
all Displays historical records of all rogue -

devices.
ap Displays historical records of rogue APs. -
bridge Displays historical records of rogue -

bridge devices.
client Displays historical records of rogue user -

terminals.
adhoc Displays historical records of rogue ad- -

hoc devices.

ssid Displays historical records of contained -

devices with unauthorized SSIDs.
mac-address Displays historical records of devices with The MAC addresses

mac-address specified MAC addresses. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run the display wlan ids rogue-history command to view the historical
records of rogue devices.
Prerequisites
The device detection function has been enabled on the AP using the wids device
detect enable command.
Example
# Display historical records of all rogue devices.
<HUAWEI> display wlan ids rogue-history all
Flags: a: adhoc, w: AP, b: wireless-bridge, c: client
CH: Channel number
-------------------------------------------------------------------------------
MAC address Type CH Authentication Last detected time SSID
-------------------------------------------------------------------------------
00e0-fc12-3456 w 11 open 2014-11-20/11:20:37 wlan
00e0-fc12-3457 c 11 - 2014-11-20/11:16:07 -
-------------------------------------------------------------------------------
Table 14-17 Description of the display wlan ids rogue-history all command
output
Item Description
MAC address MAC address of the rogue device listed

in the historical record list.

Item Description
Type Type of the rogue device listed in the

historical record list:
● a: user terminal on the ad-hoc
network
● w: AP
● b: bridge device
● c: user terminal
CH Channel in which the device is

Authentication Authentication mode of the rogue

device listed in the historical record
list.
# Display historical records of rogue APs.

<HUAWEI> display wlan ids rogue-history ap
CH: channel number
-------------------------------------------------------------------------------
MAC address CH Authentication Last detected time SSID
-------------------------------------------------------------------------------
00e0-fc12-3458 11 open 2014-11-20/11:20:37 wlan
00e0-fc12-3459 11 open 2014-11-20/11:20:44 -
-------------------------------------------------------------------------------
# Display historical records of SSIDs.

<HUAWEI> display wlan ids rogue-history ssid
#Dev: number of devices using SSID
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
trad 1 2014-11-20/11:01:44
CMCC-4G 6 2014-11-20/11:14:13
X+Z_007 1 2014-11-20/11:20:15
tntjoyo 1 2014-11-20/11:18:42
-------------------------------------------------------------------------------
Table 14-18 Description of the display wlan ids rogue-history ssid command
output
Item Description

Item Description

# Display historical records of an AP or STA with a specified MAC address.

<HUAWEI> display wlan ids rogue-history mac-address 00e0-fc03-0206
-------------------------------------------------------------------
SSID : wlan
Type : rogue ap
Authentication : 802.1x
-------------------------------------------------------------------
Table 14-19 Description of the display wlan ids rogue-history mac-address

command output
Item Description
SSID SSID of a BSS.

device.
14.22 display wlan ids spoof-ssid fuzzy-match

Function
The display wlan ids spoof-ssid fuzzy-match command displays fuzzy matching
rules for spoofing SSIDs.
Format
display wlan ids spoof-ssid fuzzy-match regex regex-value

Parameters
regex regex- Specifies the matching rules for spoofing The rules must exist.
value SSIDs and displays spoofing SSIDs that The value is in text
match the rules. format and can
contain 1 to 48
case-sensitive
characters. It
supports Chinese
characters or
mixture of Chinese
and English
characters.
NOTE
You can only use a
command editor of
the UTF-8 encoding
format to edit
Chinese characters.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To view SSIDs that match a specific rule, run the display wlan ids spoof-ssid
fuzzy-match regex regex-value command.
Example
# Display SSIDs that match a specific rule.
<HUAWEI> display wlan ids spoof-ssid fuzzy-match regex ^HUAWE[1l]$
--------------------------------------------------------------------------------
Match SSID #Dev Last detected time WIDS spoof profile
--------------------------------------------------------------------------------
HUAWE1 2 2014-03-06/12:44:37 huawei
HUAWEl 1 2014-03-06/12:44:50 huawei
--------------------------------------------------------------------------------
Total: 2

Table 14-20 Description of the display wlan ids spoof-ssid fuzzy-match regex
command output
Item Description
Match SSID SSID matching a specific rule.
#Dev Number of APs using the matching

SSID.
Last detected time Latest time when the SSID is detected.
WIDS spoof profile WIDS spoof profile to which the rules

belong.
14.23 dynamic-blacklist aging-time

Function
The dynamic-blacklist aging-time command sets an aging time for a dynamic
blacklist.
The undo dynamic-blacklist aging-time command restores the aging time of a

dynamic blacklist to the default value.
By default, the aging time of a dynamic blacklist is 600 seconds.
Format
dynamic-blacklist aging-time time
undo dynamic-blacklist aging-time
Parameters
time Specifies the aging time at the expiry of The value is an

which a specified MAC address is integer that ranges
removed from the dynamic blacklist. from 180 to 3600, in
seconds.
Views
WLAN view
Default Level

Usage Guidelines
When detecting attacks from a STA, an AP forbids the STA to go online, and
rejects any packets sent from the STA. As long as the STA is blacklisted, it cannot
go online again even if it no longer launches attacks. To avoid that, you can run
the dynamic-blacklist aging-time command to configure an aging time for the
dynamic blacklist. If the configured aging time expires and the AP detects no
attack from the STA, the STA is once again allowed to go online.
Example
# Set the aging time of the dynamic blacklist to 200 seconds.
[HUAWEI] wlan
[HUAWEI-wlan-view] dynamic-blacklist aging-time 200
14.24 dynamic-blacklist enable

Function
The dynamic-blacklist enable command enables the dynamic blacklist function.
The undo dynamic-blacklist enable command disables the dynamic blacklist
function.
By default, the dynamic blacklist function is disabled.
Format
dynamic-blacklist enable
undo dynamic-blacklist enable
Parameters
None
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
Attack detection is enabled to detect flood attacks, weak IV attacks, spoofing
attacks, and brute force key cracking attacks. When detecting attacks initiated by
a device, an AP reports an alarm. In addition, you can run the dynamic-blacklist
enable command to enable the dynamic blacklist function on the AP for handling

flood attacks and brute force key cracking attacks. The AP then automatically adds
the attacking device to a dynamic blacklist and discards packets sent from the
attacking device till the dynamic blacklist ages out.
An AP can use the dynamic blacklist to filter out the blacklisted wireless devices to
avoid malicious attacks.
Follow-up Procedure
Run the dynamic-blacklist aging-time command to set an aging time for the
dynamic blacklist.
Example
# Enable the dynamic blacklist function.
[HUAWEI] wlan
[HUAWEI-wlan-wids] dynamic-blacklist enable
14.25 flood-detect interval

Function
The flood-detect interval command sets the flood attack detection interval.
The undo flood-detect interval command restores the default flood attack
detection interval.
By default, the flood attack detection interval is 10 seconds.
Format
flood-detect interval interval
undo flood-detect interval
Parameters
interval Specifies the interval for flood attack The value is an

interval detection. integer that ranges
from 10 to 120, in
seconds.
Views
WIDS view
Default Level

Usage Guidelines
Usage Scenario
A flood attack occurs when an AP receives a large number of packets of the same
type within a short period. As a result, the AP is flooded by too many attack
packets to process service packets from authorized wireless terminals.
After the flood attack detection function is enabled, an AP counts the number of
packets of the same type that it receives from a user at regular intervals. When
the number exceeds a specified threshold, the AP considers that the user launches
a flood attack. If the dynamic blacklist function is enabled, the user will be added
to a dynamic blacklist.
Follow-up Procedure
function.
Example
# Set the flood attack detection interval to 120s.
[HUAWEI-wlan-Radio0/0/1] wids attack detect enable flood
[HUAWEI] wlan
[HUAWEI-wlan-wids] flood-detect interval 120
14.26 flood-detect quiet-time

Function
The flood-detect quiet-time command sets the quiet time for an AP to record the
detected flood attacks.
The undo flood-detect quiet-time command restores the quiet time for an AP to
record the detected flood attacks.
By default, the quiet time is 600 seconds for an AP to record the detected flood
attacks.
Format
flood-detect quiet-time quiet-time-value
undo flood-detect quiet-time

Parameters

value record the detected flood attacks. integer that ranges
seconds.
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
for an AP to report alarms. When detecting attack sources of the same MAC
Follow-up Procedure
function.
Example
# Set the quiet time to 300 seconds for an AP to record the detected flood attacks.
[HUAWEI] wlan
[HUAWEI-wlan-wids] flood-detect quiet-time 300

14.27 flood-detect threshold

Function
The flood-detect threshold command sets the flood attack detection threshold. A
flood attack occurs when an AP receives a large number of packets of the same
type within a short period.
The undo flood-detect threshold command restores the default flood attack
detection threshold.
By default, the flood attack detection threshold is 500.
Format
flood-detect threshold threshold
undo flood-detect threshold
Parameters
threshold Specifies the flood attack detection The value is an

threshold threshold. integer that ranges
from 1 to 1000.
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
A flood attack occurs when a device receives a large number of packets of the
same type within a short period. As a result, the device is flooded by too many
attack packets to process service packets from authorized wireless terminals.
After the flood attack detection function is enabled, a device counts the number
of packets of the same type that it receives from a user at regular intervals. When
the number exceeds a specified threshold, the device considers that the user
launches a flood attack. If the dynamic blacklist function is enabled, the user will
be added to a dynamic blacklist. If the threshold is set to a small value, the device
may incorrectly add authorized users to the dynamic blacklist, causing the users
unable to go online.
Follow-up Procedure


function.
Example
# Set the flood attack detection threshold to 350.
[HUAWEI] wlan
[HUAWEI-wlan-wids] flood-detect threshold 350
14.28 ip source check user-bind enable

Function
The ip source check user-bind enable command enables IP source guard (IPSG)
on APs.
The undo ip source check user-bind enable command disables IPSG on APs.
By default, IPSG is disabled on APs.
Format
ip source check user-bind enable
undo ip source check user-bind enable
Parameters
None
Views
VAP profile view
Default Level
Usage Guidelines
Users can configure static IP addresses for their clients and connect to the Internet
after passing 802.1X authentication. To defend against source IP address spoofing
attacks, you need to enable IPSG on APs.
To prevent IP packets of unauthorized users from entering external networks

through an AP, enable IPSG in a VAP profile and bind the VAP profile to an AP
radio interface. The IPSG function can filter incoming packets on an AP radio
interface, preventing unauthorized packets from passing through the AP.

Example
# Enable IPSG on APs.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] ip source check user-bind enable
14.29 learn-client-address dhcp-strict

Function
The learn-client-address dhcp-strict command enables strict STA IP address
learning through DHCP.
The undo learn-client-address dhcp-strict command disables strict STA IP
address learning through DHCP.
By default, strict STA IP address learning through DHCP is disabled.
Format
learn-client-address dhcp-strict [ blacklist enable ]
undo learn-client-address dhcp-strict
Parameters
blacklist Adds STAs with bogus IP addresses to a -

enable blacklist.
By default, STAs with bogus IP addresses
are not added to a blacklist.
Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
When a STA associates with an AP, the following situation occurs after strict STA IP
address learning through DHCP is enabled:
● If the STA obtains an IP address through DHCP, the AP will save the IP
address. The STA IP address can be used to maintain the mapping between
STA IP addresses and MAC addresses.

● For a STA using a static IP address:

– If blacklist enable is specified, the STA will be added to a dynamic
blacklist of the AP and cannot associate with the AP before the blacklist
entry ages.
– If blacklist enable is not specified, the STA can associate with the AP but
the AP does not learn the IP address of the STA.
Prerequisites
STA address learning has been enabled using the undo learn-client-address ipv4
disable command.
Precautions
After strict STA IP address learning is enabled, it is recommended that you run the
ip source check user-bind enable and arp anti-attack check user-bind enable
commands to enable IPSG and DAI so that STAs can communicate with the
network only after obtaining an IP address through DHCP.
If this function is disabled, you can manually configure a static IP address.
However, if a STA obtains an IP address dynamically using DHCP, goes online, and
then is assigned a static IP address, the administrator cannot detect the IP address
change of this STA.
Example
# Enable strict STA IP address learning through DHCP.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] learn-client-address dhcp-strict
14.30 learn-client-address disable (VAP profile view)

Function
The learn-client-address disable command disables STA address learning.
The undo learn-client-address disable command disables STA address learning.
By default, STA address learning is enabled.
Format
learn-client-address ipv4 disable
undo learn-client-address ipv4 disable
Parameters
ipv4 Indicates the IPv4 address. -

Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
If a STA is associated with a STA address learning-enabled AP and obtains an IP

address, the AP saves the STA's IP address locally to maintain the IP address-MAC
address binding entry of the STA. In addition, when a STA requests an IP address
using DHCP, the AP can learn the IPv4 address of the STA gateway.
Prerequisites
● Before STA address learning is disabled, strict STA IPv4 address learning has
been disabled using the undo learn-client-address dhcp-strict command.
Precautions
● If a bridging device functions as a STA to connect to an AP enabled with STA

address learning, the AP cannot learn IP addresses of users connected to the
bridging device; therefore, the users cannot communicate with the network.
In this situation, disable STA address learning.
● Disabling STA address learning will lead to a Portal authentication failure.
● If no STA connected to a STA address learning-enabled AP requests an IP
address using DHCP, the AP cannot learn the gateway IP address.
Example
# Disable STA IPv4 address learning.
[HUAWEI] wlan
[HUAWEI-wlan-vap-prof-vap1] learn-client-address ipv4 disable
14.31 permit-ap
Function
The permit-ap command configures a WIDS whitelist.
The undo permit-ap command deletes entries in the WIDS whitelist.
By default, no WIDS whitelist is configured.
Format
permit-ap { mac-address mac-address | oui oui | ssid ssid }

undo permit-ap { mac-address { mac-address | all } | oui { oui | all } | ssid

{ name ssid | all } }
Parameters
mac-address Adds or deletes an authorized MAC The value is in H-H-

mac-address address. H format. An H is a
hexadecimal
number of 4 digits.
The MAC address
cannot be FFFF-
FFFF-FFFF,
0000-0000-0000, or
a multicast MAC
address.
mac-address Deletes an authorized MAC address list. -

all
oui oui Adds or deletes an authorized OUI. The value is in H-H-

H format. An H is a
hexadecimal
number of 2 digits.
oui all Deletes an authorized OUI list. -
ssid name Deletes an authorized SSID. The SSID must exist.

ssid To specify an SSID
starting with a
space, include the
SSID with double
quotation marks ("
"). For example, in
the SSID " hello",
the double
quotation marks at
the start and end of
the SSID occupy two
characters. To
specify an SSID
starting with a
double quotation
mark ("), enter an
escape character (\)
before the double
quotation mark. For
example, in the
SSID \"hello, the
occupies one
character.

ssid ssid Adds an authorized SSID. The SSID must exist.

To specify an SSID
starting with a
space, include the
SSID with double
quotation marks ("
"). For example, in
the SSID " hello",
the double
quotation marks at
the SSID occupy two
characters. To
specify an SSID
starting with a
double quotation
mark ("), enter an
before the double
quotation mark. For
example, in the
SSID \"hello, the
occupies one
character.
ssid all Deletes an authorized SSID list. -
Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
After WIDS/WIPS is enabled, rogue APs can be detected and countered. However,
there may be APs of other vendors or other networks working in the existing
signal coverage areas. If these APs are countered, their services will be affected. To
prevent this situation, configure an authorized AP list, including an authorized
MAC address list, OUI list, and SSID list. If an unauthorized AP is detected but
matches the authorized AP list, the AP is considered an authorized AP and will not
be countered.
For example, APs of other vendors are deployed on the existing WLAN to expand
network capacity. To prevent the APs from being countered, add OUIs of the

vendors to a whitelist and add SSIDs of these APs to a whitelist. In this way, the
device will consider the APs as authorized APs.
The device determines whether a detected AP is authorized as follows:

1. Check whether the AP's MAC address is in the authorized MAC address list.
– If so, the AP is an authorized AP.
– If not, go to step 2.
2. Check whether the AP's OUI and SSID are in the OUI and SSID lists.
– If only the SSID is configured, check whether the AP's SSID is in the
authorized SSID list.
▪ If so, the AP is an authorized AP.
▪ If not, the AP is an unauthorized AP.

– If only the OUI is configured, check whether the AP's OUI is in the
authorized OUI list.
▪ If not, the AP is an unauthorized AP.

– Check whether the AP's OUI and SSID are in the OUI and SSID lists.
▪ If neither or either of them is in the list, the AP is an unauthorized

AP.
Precautions
If you add or delete an entry, the device will re-check the validity of the
unauthorized APs. If an unauthorized AP becomes authorized, the device stops
countering the AP. If an authorized AP becomes unauthorized, the device starts
countering the AP.
Example
# Add an MAC address, an OUI, and an SSID to the WIDS whitelist.
[HUAWEI] wlan
[HUAWEI-wlan-wids] permit-ap mac-address 0011-2233-4455
[HUAWEI-wlan-wids] permit-ap oui 00-11-22
[HUAWEI-wlan-wids] permit-ap ssid huawei
14.32 reset wlan ids attack-detected

Function
The reset wlan ids attack-detected command deletes information about the
attacking devices detected.

Format
reset wlan ids attack-detected { all | flood | spoof | wapi-psk | weak-iv | wep-
Parameters
all Deletes information about all types of -

attacking devices.
flood Deletes information about devices -

spoof Deletes information about devices -

wapi-psk Deletes information about devices that -

perform brute force cracking in WAPI-
weak-iv Deletes information about devices -

wep-share- Deletes information about devices that -

key perform brute force cracking in WEP-SK
wpa-psk Deletes information about devices that -

perform brute force cracking in WPA-PSK
wpa2-psk Deletes information about devices that -

mac-address Deletes information about detected The value is in H-H-

mac-address devices launching attacks with specified H format. An H is a
MAC addresses. hexadecimal
number of 4 digits.
Views
All views
Default Level
3: Management level
Usage Guidelines
After attack detection is enabled, information about attacking devices detected is
recorded. When there is excessive information recorded or the recorded

information is useless, you can run the reset wlan ids attack-detected command
to delete the information.
Example
# Delete information about all the current attacking devices.
<HUAWEI> reset wlan ids attack-detected all
14.33 reset wlan ids attack-detected statistics

Function
The reset wlan ids attack-detected statistics command deletes the number of
attacks detected.
Format
reset wlan ids attack-detected statistics
Parameters
None
Views
All views
Default Level
3: Management level
Usage Guidelines
After attack detection is enabled, the number of attacks detected is recorded.
When there is excessive information recorded or the recorded information is
useless, you can run the reset wlan ids attack-detected statistics command to
delete the information.
Example
# Delete the number of attacks detected.
<HUAWEI> reset wlan ids attack-detected statistics
14.34 reset wlan ids attack-history

Function
The reset wlan ids attack-history command deletes historical records about the
attacking devices detected.

Format
reset wlan ids attack-history { all | flood | spoof | wapi-psk | weak-iv | wep-
Parameters
all Deletes historical records about all types -

of attacking devices.
flood Deletes historical records about devices -

spoof Deletes historical records about devices -

wapi-psk Deletes historical records about devices -

WAPI-PSK authentication mode.
weak-iv Deletes historical records about devices -

wep-share- Deletes historical records about devices -

key that perform brute force cracking in
WEP-SK authentication mode.
wpa-psk Deletes historical records about devices -

WPA-PSK authentication mode.
wpa2-psk Deletes historical records about devices -

WPA2-PSK authentication mode.
mac-address Deletes historical records about detected The value is in H-H-

mac-address devices launching attacks with specified H format. An H is a
MAC addresses. hexadecimal
number of 4 digits.
Views
All views
Default Level
3: Management level
Usage Guidelines
After attack detection is enabled, historical records about attacking devices
detected are recorded. When there is excessive information recorded or the

recorded information is useless, you can run the reset wlan ids attack-history
command to delete the information.
Example
# Delete historical records about all the current attacking devices.
<HUAWEI> reset wlan ids attack-history all
14.35 reset wlan dynamic-blacklist

Function
The reset wlan dynamic-blacklist command deletes information about devices in
Format
reset wlan dynamic-blacklist { mac-address mac-address | all }
Parameters
mac-address Deletes the device with a specified MAC The MAC address
mac-address address from the dynamic blacklist. must exist.
all Deletes all information in the dynamic -

blacklist.
Views
All views
Default Level
3: Management level
Usage Guidelines
Usage Scenario
The reset wlan dynamic-blacklist command is applicable to the following
scenarios:
● To re-collect the dynamic blacklist information, run the reset wlan dynamic-
blacklist all command to delete all information in the dynamic blacklist.
After that, the AP re-collects the information.
● To remove an authorized device from the dynamic blacklist, run the reset
wlan dynamic-blacklist mac-address command to remove the MAC address
of the device from the dynamic blacklist. After that, information sent from the
device is not rejected.

Precautions
Running the reset wlan dynamic-blacklist command affects packet receiving of
APs. Exercise caution when running this command.
Example
# Delete the device with the MAC address 00e0-FC12-3456 from the dynamic
blacklist.
<HUAWEI> reset wlan dynamic-blacklist mac-address 00e0-fc12-3456
14.36 reset wlan ids rogue-history

Function
The reset wlan ids rogue-history command deletes historical records of rogue
devices.
Format
reset wlan ids rogue-history { all | ap | bridge | client | adhoc | ssid [ ssid ] |
mac-address mac-address }
Parameters
all Deletes historical records of all rogue -

devices.
ap Deletes historical records of rogue APs. -
bridge Deletes historical records of rogue bridge -

devices.
client Deletes historical records of rogue user -

terminals.
adhoc Deletes historical records of rogue ad- -

hoc devices.

ssid [ ssid ] Deletes historical records of devices with The SSID must exist.
specified SSIDs. To specify an SSID
starting with a
space, include the
SSID with double
quotation marks ("
"). For example, in
the SSID " hello",
the double
quotation marks at
the SSID occupy two
characters. To
specify an SSID
starting with a
double quotation
mark ("), enter an
before the double
quotation mark. For
example, in the
SSID \"hello, the
occupies one
character.
mac-address Deletes historical records of devices with The value must be

mac-address specified MAC addresses. an existing MAC
address.
Views
All views
Default Level
3: Management level
Usage Guidelines
When there are excessive historical records of rogue devices or their historical
records are useless, you can run the reset wlan ids rogue-history command to
delete the historical records.
Example
# Delete all detected historical records of the rogue devices.
<HUAWEI> reset wlan ids rogue-history all

14.37 rogue-device log enable

Function
The rogue-device log enable command enables the function of recording rogue
device information in the log.
The undo rogue-device log enable command disables the function of recording
rogue device information in the log.
By default, the function of recording rogue device information in the log is
disabled.
Format
rogue-device log enable
undo rogue-device log enable
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
If a rogue device is detected after this function is enabled, information about the
device is recorded in the log.
Example
# Enable the function of recording rogue device information in the log.
[HUAWEI] wlan
[HUAWEI-wlan-view] rogue-device log enable
14.38 spoof-detect quiet-time

Function
The spoof-detect quiet-time command sets the quiet time for an AP to record
the detected spoofing attacks.

The undo spoof-detect quiet-time command restores the default quiet time for
an AP to record the detected spoofing attacks.
By default, the quiet time is 600 seconds for an AP to record the detected spoofing
attacks.
Format
spoof-detect quiet-time quiet-time-value
undo spoof-detect quiet-time
Parameters

value record the detected spoofing attacks. integer that ranges
seconds.
Views
WIDS view
Default Level
Usage Guidelines
Example
# Set the quiet time to 300 seconds for an AP to record the detected spoofing
attacks.
[HUAWEI-wlan-Radio0/0/1] wids attack detect enable spoof
[HUAWEI] wlan
[HUAWEI-wlan-wids] spoof-detect quiet-time 300

14.39 spoof-ssid
Function
The spoof-ssid command configures a fuzzy matching rule for spoofing SSIDs.
The undo spoof-ssid command deletes a fuzzy matching rule for spoofing SSIDs.
By default, no fuzzy matching rule is configured for spoofing SSIDs.
Format
spoof-ssid fuzzy-match regex regex-value
undo spoof-ssid { fuzzy-match regex regex-value | all }
Parameters
fuzzy-match Configures a fuzzy matching rule to -

identify spoofing SSIDs.
regex regex- Specifies the regular expression for an The value is in text
value SSID. If an SSID matches the regular format and can
expression, the SSID is considered a contain 1 to 48
spoofing SSID. case-sensitive
characters. It
supports Chinese
characters or
mixture of Chinese
and English
characters.
When the regular
expression is used,
you can press Ctrl+T
to enter a question
mark (?). For how
to set the regular
expression, see
"Filtering the
Command Outputs"
in Configuration
Guide.
NOTE
You can only use a
command editor of
the UTF-8 encoding
format to edit
Chinese characters.
all Deletes all fuzzy matching rules. -

Views
WIDS view
Default Level
Usage Guidelines
Usage Scenario
WLAN services are available in public places, such as banks and airports. Users can
connect to the WLANs after associating with corresponding SSIDs. If a rogue AP is
deployed and provides spoofing SSIDs similar to authorized SSIDs, the users may
be misled and connect to the rogue AP, which brings security risks. To address this
problem, configure a fuzzy matching rule to identify spoofing SSIDs. The device
compares a detected SSID with the matching rule. If the SSID matches the rule,
the SSID is considered a spoofing SSID. The AP using the spoofing SSID is a rogue
AP. After rogue AP containment is configured, the device contains the rogue AP
and disconnects users from the spoofing SSID.
Precautions
To make fuzzy matching rules for spoofing SSIDs take effect, enable device
detection and rogue device containment so that the device can take
countermeasures against rogue APs.
To contain all SSIDs except those on the local device, set the fuzzy matching rule
to * and then run the contain-mode command to set the containment mode to
spoof-ssid-ap.
Example
# Configure a fuzzy matching rule using the regular expression ^TES[1l]$ to
identify spoofing SSIDs TEST1 or TESL similar to TEST.
[HUAWEI] wlan
[HUAWEI-wlan-wids] spoof-ssid fuzzy-match regex ^TES[1l]$
14.40 sta arp-nd-proxy before-assoc

Function
The sta arp-nd-proxy before-assoc command enables an AP to send ARP/ND
proxy packets for a STA before the STA is successfully associated.
The undo sta arp-nd-proxy before-assoc command disables an AP from sending

ARP/ND proxy packets for a STA before the STA is successfully associated.
By default, an AP does not send ARP/ND proxy packets for a STA before the STA is
successfully associated.

Format
sta arp-nd-proxy before-assoc
undo sta arp-nd-proxy before-assoc
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
If an AP is enabled to send ARP/ND proxy packets for a STA before the STA
succeeds in authentication or key negotiation, the Layer 2 switch connected to the
AP will learn the MAC address of the STA. If an attack floods thousands of STA
MAC addresses, the MAC address table on the switch will be seriously corrupted,
bringing security risks. To avoid this issue, you can run the undo sta arp-nd-proxy
before-assoc command to configure the AP to send ARP/ND proxy packets for a
STA after the STA succeeds in authentication or key negotiation.
In scenarios with low security requirements, you can run the sta arp-nd-proxy
before-assoc command to configure the AP to send ARP/ND proxy packets for a
STA before the STA is successfully associated to improve link update efficiency.
Precautions
After the undo sta arp-nd-proxy before-assoc command is run on an AP, the AP
does not send ARP/ND proxy packets for a STA that goes online in open or WEP
mode.
Example
# Configure an AP to send ARP/ND proxy packets for a STA before the STA is
successfully associated.
[HUAWEI] wlan
[HUAWEI-wlan-view] sta arp-nd-proxy before-assoc
14.41 weak-iv-detect quiet-time

Function
The weak-iv-detect quiet-time command sets the quiet time for an AP to record
the detected weak IV attacks.

The undo weak-iv-detect quiet-time command restores the default quiet time
for an AP to record the detected weak IV attacks.
By default, the quiet time is 600 seconds for an AP to record the detected weak IV
attacks.
Format
weak-iv-detect quiet-time quiet-time-value
undo weak-iv-detect quiet-time
Parameters

value record the detected weak IV attacks. integer that ranges
seconds.
Views
WIDS view
Default Level
Usage Guidelines
Example
# Set the quiet time to 300 seconds for an AP to record the detected weak IV
attacks.
[HUAWEI-wlan-Radio0/0/1] wids attack detect enable weak-iv
[HUAWEI] wlan
[HUAWEI-wlan-wids] weak-iv-detect quiet-time 300

14.42 wids
Function
The wids command displays the WIDS view.
Format
wids
Parameters
None
Views
WLAN view
Default Level
Usage Guidelines
To perform WIDS configurations, run the wids command to enter the WIDS view.
All WIDS configuration commands need to be run in the WIDS view.
Example
# Display the WIDS view.
[HUAWEI] wlan
[HUAWEI-wlan-wids]
14.43 wids attack detect enable

Function
The wids attack detect enable command enables attack detection on an AP
radio.
The undo wids attack detect enable command disables attack detection on an
AP radio.
By default, attack detection is disabled on an AP radio.
Format
wids attack detect enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk |
wapi-psk | wep-share-key }

undo wids attack detect enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-
psk | wapi-psk | wep-share-key }
Parameters
all Enables all attack detection functions. -
flood Enables flood attack detection. -
weak-iv Enables weak IV attack detection. -
spoof Enables spoofing attack detection. -
wpa-psk Enables brute force attack detection for -

WPA-PSK authentication.
wpa2-psk Enables brute force attack detection for -

WPA2-PSK authentication.
wapi-psk Enables brute force attack detection for -

WAPI-PSK authentication.
wep-share- Enables brute force attack detection for -

key shared key authentication.
Views
Default Level
Usage Guidelines
Usage Scenario
To monitor and prevent malicious or unintentional attacks on WLANs in real time,

network administrators can enable the following attack detection functions based
on actual requirements:
● flood: indicates flood attack detection used to detect whether an AP receives
a large number of packets of the same type in a short period.
● weak-iv: indicates weak IV attack detection used to detect whether weak IV is
used for WEP encryption on a WLAN.
● spoof: indicates spoofing attack detection used to detect whether a potential
attacker pretends to be an AP to broadcast Deauthentication and
Disassociation packets.
● wpa-psk, wpa2-psk, wapi-psk, wep-share-key: indicates brute force attack
detection. If the WPA-PSK, WPA2-PSK, WAPI-PSK, or WEP-SK security policy is
configured on a WLAN, brute force attack detection can be enabled to

increase the time required for password cracking and improve password
security.
Follow-up Procedure

function.
Example
# Enable brute force attack detection for WPA-PSK authentication on radio 0.
14.44 wids contain enable

Function
The wids contain enable command enables rogue or interference device
containment on an AP radio.
The undo wids contain enable command disables rogue or interference device
containment on an AP radio.
By default, rogue or interference device containment is disabled on an AP radio.
Format
wids contain enable
undo wids contain enable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
Rogue or interference devices pose serious security threats to enterprise networks.
After the containment mode is set against rogue or interference APs, the monitor
AP uses the identity of the rogue or interference AP to broadcast deauthentication
frames to forcibly disconnect STAs. To prevent the STAs from connecting to the

rogue or interference AP again, the monitor AP will periodically and continuously

send deauthentication frames.
After the containment mode is set against rogue or interference STAs or ad-hoc
devices, the monitor AP uses the MAC address of a rogue or interference device to
continuously send unicast deauthentication frames.
Follow-up Procedure
Run the contain-mode command to set the rogue or interference device

containment mode.
Example
# Enable rogue or interference device containment on radio 0.
14.45 wids device detect enable

Function
The wids device detect enable command enables device detection on an AP
radio.
The undo wids device detect enable command disables device detection on an
AP radio.
By default, device detection is disabled on an AP radio.
Format
wids device detect enable
undo wids device detect enable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario

After the wireless device detection function is enabled, the monitoring AP detects
information about wireless devices in its coverage range. The AP determines
whether unauthorized devices exist on the WLAN.
Example
# Enable device detection on radio 0.
[HUAWEI-wlan-Radio0/0/0] wids device detect enable
14.46 wids manual-contain

Function
The wids manual-contain command manually contains specified devices.
The undo wids manual-contain command disables containment of specified
devices.
By default, no device is manually contained.
Format
wids manual-contain device-mac device-mac
undo wids manual-contain { all | device-mac device-mac }
Parameters
device-mac Specifies the MAC address of a device to The value is in H-H-

device-mac be contained. H format. An H is a
hexadecimal
number of 4 digits.
all Contains all devices. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
You can run the wids manual-contain command in the WLAN view to manually
contain a specified device in a complicated environment.

Precautions
Wireless bridges are not contained.
Example
# Contain the AP with the MAC address of 0004-0004-0004.
[HUAWEI] wlan
[HUAWEI-wlan-view] wids manual-contain device-mac 0004-0004-0004
14.47 work-mode
Function
The work-mode command sets the radio working mode in the radio profile view.
The undo work-mode command restores the default radio working mode.
By default, AP radios work in normal mode.
Format
work-mode { monitor | normal }
undo work-mode
Parameters
monitor Indicates the monitor mode. -
normal Indicates the normal mode. -
Views
Default Level
Usage Guidelines
Usage Scenario
An AP can work in two modes:
● normal: indicates the normal mode.
– If air scan functions (such as WIDS and terminal location) are disabled on
a radio, the radio is used to transmit common WLAN services.

– If air scan functions (such as WIDS, spectrum analysis, and terminal

location) are enabled on a radio, the radio transmits common WLAN
services and also provides the monitoring function. A transient increase in
the WLAN service latency may occur, which does not affect network
access. However, if any latency-sensitive service (such as
videoconferencing) is running, it is recommended that a separate radio be
used for air scan.
● monitor: indicates the monitor mode.
In this mode, the radio can only transmit WLAN services scanned by the air
interface but cannot transmit common WLAN services.
Precautions
● The change of the radio working mode can lead to service interruption. Users
cannot associate with the AP when its radio works in monitor mode.
● In monitor mode, the working channels and power of AP radios change at
any time. In this situation, the working channels and power of the AP radios
display as -.
Example
# Set the working mode of radio 0 to monitor.
[HUAWEI-wlan-Radio0/0/0] work-mode monitor
Warning: Modify the work mode may cause business interruption, continue?[y/n]
:y

Fat AP and Cloud AP 15 WLAN Mesh Configuration Commands (Cloud
Command Reference AP)
15 WLAN Mesh Configuration

Commands (Cloud AP)
About This Chapter
Mesh configuration commands are supported only by the cloud AP2051DN,

AP4050DN, AP7060DN, AP8050DN, and AP8150DN.
Cloud APs support only single-MPP networking.
If an MP connects to a wired network, ensure that the MP does not communicate
with the MPP and other MPs at Layer 2 through the wired network; otherwise, the
MP connects to the MPP through both Mesh links and wired links, which causes a
network loop.
15.1 display mesh-profile (Cloud AP)
15.2 display mesh-whitelist-profile (Cloud AP)
15.3 display mesh vap (Cloud AP)
15.4 display references mesh-profile (Cloud AP)
15.5 display references mesh-whitelist-profile (Cloud AP)
15.6 display wlan mesh link (Cloud AP)
15.7 link-aging-time (Cloud AP)
15.8 link-report-interval (Cloud AP)
15.9 link-rssi-threshold (Cloud AP)
15.10 max-link-number (Cloud AP)
15.11 mesh-id (Cloud AP)
15.12 mesh-profile (Cloud AP)
15.13 mesh-profile (WLAN radio interface view)(Cloud AP)
15.14 mesh-whitelist-profile (Cloud AP)

15.15 mesh-whitelist-profile (WLAN radio interface view)(Cloud AP)

15.16 peer-ap mac (Mesh whitelist profile view) (Cloud AP)
15.17 security-profile (Mesh profile view) (Cloud AP)
15.1 display mesh-profile (Cloud AP)

Function
The display mesh-profile command displays reference or configuration
information about Mesh profiles.
Format
display mesh-profile { all | name profile-name }
Parameters
all Displays reference information about all -

Mesh profiles.
name profile- Displays reference information about a The Mesh profile

name specified Mesh profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display mesh-profile command to view the number of times a
Mesh profile is referenced or configuration information of a specified Mesh profile.
Example
# Display reference information about all Mesh profiles.
<HUAWEI> display mesh-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
default 0
test 2
--------------------------------------------------------------------------------
Total: 2

Table 15-1 Description of the display mesh-profile all command output
Item Description
Profile name Mesh profile name.

mesh-profile command.
Reference Number of times a Mesh profile is

referenced.
# Display information about the Mesh profile test.

<HUAWEI> display mesh-profile name test
--------------------------------------------------------------------------------
Mesh handover profile :
Security profile : default-mesh
Mesh ID : WLAN-MESH
Max link number :8
Link RSSI threshold(dBm) : -75
Link report interval(s) : 30
Link aging timeout(s) : 60
Priority map trust : DSCP
Priority map mode : DSCP map 802.11e
0-7 map 0
8-15 map 1
16-23 map 2
24-31 map 3
32-39 map 4
40-47 map 5
48-55 map 6
56-63 map 7
DHCP trust port : enable
Client mode : disable
--------------------------------------------------------------------------------
Table 15-2 Description of the display mesh-profile name command output
Item Description
Mesh handover profile Mesh handover profile bound to a

Mesh profile.
mesh-handover-profile (Mesh
Security profile Security profile bound to a Mesh

profile.
security-profile (Mesh profile view)
command.
Mesh ID Mesh ID of a Mesh profile.

mesh-id command.

Item Description
Max link number Maximum number of Mesh links

allowed on an AP.
max-link-number command.
Link RSSI threshold RSSI threshold of a Mesh link.

link-rssi-threshold command.
Link report interval Interval for reporting Mesh link

information.
link-report-interval command.
Link aging timeout Aging time of a Mesh link.

link-aging-time command.
Priority map trust Priority mapping trusted by the Mesh

air interface.
priority-map trust (Mesh profile
view) command.
Priority map mode Mapping from DSCP priorities to

802.11e user priorities on the Mesh air
interface.
priority-map dscp (Mesh profile
view) command.
DHCP trust port Whether to enable a DHCP trusted

port in a Mesh profile.
● enable: A DHCP trusted port is
enabled.
● disable: A DHCP trusted port is
disabled.
dhcp trust port (Mesh profile view)
command.
Client mode Whether to enable the Mesh client

mode.
● enable: The Mesh client mode is
enabled.
● disable: The Mesh client mode is
disabled.

Item Description
Beacon-2g-rate Transmit rate of 2.4 GHz management

frames configured in the Mesh profile.
Beacon-5g-rate Transmit rate of 5 GHz management

15.2 display mesh-whitelist-profile (Cloud AP)

Function
The display mesh-whitelist-profile command displays reference or configuration
information about a Mesh whitelist profile.
Format
display mesh-whitelist-profile { all | name whitelist-name }
Parameters

Mesh whitelist profiles.
name Displays information about a specified The Mesh whitelist

whitelist- Mesh whitelist profile. profile must exist.
name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display mesh-whitelist-profile command to view the number of
times a Mesh whitelist profile is referenced or MAC addresses added in a specified
Mesh whitelist profile.

Example
# Display reference information about all Mesh whitelist profiles.
<HUAWEI> display mesh-whitelist-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
default 0
test 2
--------------------------------------------------------------------------------
Total: 2
Table 15-3 Description of the display mesh-whitelist-profile all command

output
Item Description
Profile name Name of a Mesh whitelist profile.

mesh-whitelist-profile command.
Reference Number of times a Mesh whitelist

# Display information about the Mesh whitelist profile test.

<HUAWEI> display mesh-whitelist-profile name test
--------------------------------------------------------------------------------
Mesh whitelist name: test
Mesh whitelist MAC list information:
--------------------------------------------------------------------------------
Index MAC
--------------------------------------------------------------------------------
0 00e0-fc76-e360
1 00e0-fc74-9640
--------------------------------------------------------------------------------
Total: 2
Table 15-4 Description of the display mesh-whitelist-profile name command

output
Item Description
Index Mesh whitelist ID in a Mesh whitelist

profile.
MAC MAC address on a Mesh whitelist.

peer-ap mac (Mesh whitelist profile
view) command.

15.3 display mesh vap (Cloud AP)

Function
The display mesh vap command displays information about a Mesh VAP.
Format
display mesh vap { all | mesh-id mesh-id }
Parameters
mesh-id Displays information about Mesh VAPs The Mesh ID must

mesh-id of a specified Mesh ID. exist.
all Displays information about all Mesh -

VAPs.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display mesh vap command to view information about a
specified Mesh VAP or all Mesh VAPs.
Example
# Display information about all Mesh VAPs.
<HUAWEI> display mesh vap all
WID : WLAN ID
------------------------------------------------------------------------------------------------
AP ID AP name RfID WID Mesh ID BSSID Auth type Mesh links
------------------------------------------------------------------------------------------------
0 dcd2-fc21-5d40 0 16 WLAN-MESH DCD2-FC21-5D4F WPA2-PSK 3
------------------------------------------------------------------------------------------------
Total: 1
Table 15-5 Description of the display mesh vap command output
Item Description
AP ID AP ID.

Item Description
AP name AP name.
RfID Radio ID.
Mesh ID Mesh ID.

To set a Mesh ID, run the mesh-id
command.
Auth type Authentication type.
Mesh links Number of Mesh links.
15.4 display references mesh-profile (Cloud AP)

Function
The display references mesh-profile command displays reference information
about a Mesh profile.
Format
display references mesh-profile name profile-name
Parameters
name profile- Specifies the name of a Mesh profile. The Mesh profile
name must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references mesh-profile command to check reference
information about a Mesh profile.

Example
# Display reference information about the Mesh profile test.
<HUAWEI> display references mesh-profile name test
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Total: 1
--------------------------------------------------------------------------------
Reference type Reference name Reference radio WLAN ID
--------------------------------------------------------------------------------
AP group test Radio-0 1
--------------------------------------------------------------------------------
Total: 1
Table 15-6 Description of the display references mesh-profile command output
Item Description
Reference type Type of the profile to which the Mesh

profile is bound.
Reference name Interface to which a Mesh profile is

applied.
WLAN ID WLAN ID to which a Mesh profile is

bound.
15.5 display references mesh-whitelist-profile (Cloud

AP)
Function
The display references mesh-whitelist-profile command displays reference
Format
display references mesh-whitelist-profile name whitelist-name
Parameters
name Displays reference information about a The Mesh whitelist

whitelist- specified Mesh whitelist profile. profile must exist.
name

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references mesh-whitelist-profile command to check
reference information about a specified Mesh whitelist profile.
Example
# Display reference information about the Mesh whitelist profile test.
<HUAWEI> display references mesh-whitelist-profile name test
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
AP group default
--------------------------------------------------------------------------------
Total: 1
Table 15-7 Description of the display references mesh-whitelist-profile

command output
Item Description
Reference type Type of the profile by which a Mesh

whitelist profile is referenced.
Reference name Name of the profile by which a Mesh

mesh-whitelist-profile(WLAN radio
interface view) command in the Mesh
profile view.
15.6 display wlan mesh link (Cloud AP)

Function
The display wlan mesh link command displays information about a Mesh link.
Format
display wlan mesh link { all | mesh-profile profile-name | peer-mac peer-mac }

Parameters

links.
mesh-profile Displays information about Mesh links in The Mesh profile

profile-name a specified Mesh profile. must exist.
peer-mac Displays information about the Mesh link The MAC address
peer-mac on a specified peer MAC address. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display wlan mesh link command to view information about a
Mesh link.
Example
# Display information about all Mesh links.
<HUAWEI> display wlan mesh link all
Rf : radio ID Dis : coverage distance(100m)
Ch : channel Per : drop percent(%)
TSNR : total SNR(dB) P- : peer
Mesh : Mesh mode Re : retry ratio(%)
RSSI : RSSI(dBm) MaxR : max RSSI(dBm)
------------------------------------------------------------------------------------------------------------------------------
----
APMAC P-APName P-APMAC Rf Dis Ch Mesh P-Status RSSI MaxR Per Re
TSNR SNR(Ch0~3:dB)
Index Tx(Mbps) Rx(Mbps) Mesh ID
------------------------------------------------------------------------------------------------------------------------------
----
00e0-fc75-04e0 AP_0 00e0-fc5a-adc0 1 3 157 node - -15 -15 0 15 76
68/75/66/-
0 54 54 mesh-id
------------------------------------------------------------------------------------------------------------------------------
----
Total: 1
# Display information about the Mesh link on a specified peer MAC address.
<HUAWEI> display wlan mesh link peer-mac 00e0-fc90-6180
------------------------------------------------------------------------------------------------------------------------------
----


TSNR SNR(Ch0~3:dB)
Index Tx(Mbps) Rx(Mbps) LinkStatus Mesh ID
------------------------------------------------------------------------------------------------------------------------------
----
00e0-fc15-d2e0 00e0-fc90-6180 00e0-fc90-6180 1 3 157 node - -51 -40 0 0 39
28/38/29/-
0 243 40 - y-mesh
------------------------------------------------------------------------------------------------------------------------------
----
Table 15-8 Description of the display wlan mesh link command output
Item Description
APMAC MAC address of the local AP.
P-APName Name of the peer AP.
P-APMAC MAC address of the peer AP.
Rf Radio ID of the local AP.
Dis Radio coverage distance parameter of

the local AP.
Ch Working channel of a Mesh link.
Mesh Mesh role of the local AP.
P-Status Status of the peer AP.
RSSI RSSI of the peer AP.
MaxR Maximum RSSI threshold of a Mesh

link.
Per Packet error ratio of a Mesh link.
Re Packet retransmission ratio of a Mesh

link.
TSNR Total SNR of Mesh links.
SNR(Ch0~3:dB) SNR of each spatial stream of a Mesh

link.
Index Mesh profile index.
Mesh ID Mesh ID in the Mesh profile.
Tx(Mbps) Transmit rate.
Rx(Mbps) Receive rate.
LinkStatus Link status.

15.7 link-aging-time (Cloud AP)

Function
The link-aging-time command sets the aging time of a Mesh link.
The undo link-aging-time command restores the default aging time of a Mesh
link.
The default aging time of a Mesh link is 60 seconds.
Format
link-aging-time aging-time
undo link-aging-time
Parameters
aging-time Specifies the aging time of a Mesh link. The value is an

integer that ranges
from 5 to 60, in
seconds. The default
value is 60.
Views
Mesh profile view
Default Level
Usage Guidelines
If a Mesh node cannot receive keepalive packets from a neighboring node for a
period of time greater than or equal to the aging time of a Mesh link, the Mesh
node considers the Mesh link disconnected and will reselect a link.
In a fast changing radio environment, if the aging time of a Mesh link is set to a
small value, Mesh links may be frequently disconnected or reselected, causing
network flapping. If the aging time of a Mesh link is set to a large value, a Mesh
node cannot reselect Mesh links in a timely manner, causing service interruption.
Therefore, you need to configure a proper aging time for Mesh links based on
actual situations.
Example
# Set the aging time of a Mesh link to 10s.

[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-profile name test
[HUAWEI-wlan-mesh-prof-test] link-aging-time 10
15.8 link-report-interval (Cloud AP)

Function
The link-report-interval command sets the interval at which an AP reports Mesh
link information to the system.
The undo link-report-interval command restores the default interval at which an

AP reports Mesh link information to the system.
By default, an AP reports Mesh link information to the system at an interval of 30

seconds.
Format
link-report-interval report-interval
undo link-report-interval
Parameters
report-interval Specifies the interval at The value is an integer

which an AP reports that ranges from 5 to
Mesh link information to 3600, in seconds. The
the system. default value is 30.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
In vehicle-ground communication scenarios, a vehicle-mounted AP connects to a

limited number of trackside APs. Frequent reports of Mesh link information occupy
a few system resources. Therefore, you do not need to run the link-report-
interval command in the vehicle-ground communication scenarios.

Example
# Set the interval at which an AP reports Mesh link information to the system to
20s.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] link-report-interval 20
15.9 link-rssi-threshold (Cloud AP)

Function
The link-rssi-threshold command sets the received signal strength indicator
(RSSI) threshold of a mesh link.
The undo link-rssi-threshold command restores the default RSSI threshold of a

mesh link.
By default, the RSSI threshold of a mesh link is -75 dBm.
Format
link-rssi-threshold threshold-value
undo link-rssi-threshold
Parameters
threshold- Specifies the RSSI threshold of a mesh The value is an

value link. integer that ranges
from -90 to -20, in
dBm. The default
value is -75.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
The RSSI threshold of a mesh link indicates the minimum RSSI of the mesh link. If
the RSSI of an MP that joins a WMN is lower than the RSSI threshold configured

using the link-rssi-threshold command, the routing information table of the mesh
link is updated and routing information about the MP is deleted.
Example
# Set the RSSI threshold of mesh links to -60 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] link-rssi-threshold -60
15.10 max-link-number (Cloud AP)

Function
The max-link-number command sets the maximum number of mesh links that
can be established between APs.
The undo max-link-number command restores the default maximum number of
mesh links that can be established between APs.
By default, a maximum of six mesh links can be established between APs.
Format
max-link-number link-num
undo max-link-number
Parameters
link-num Specifies the maximum number of mesh The value is an

links that can be established between integer that ranges
APs. from 1 to 32.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
When an AP sets up too many Mesh links with neighboring APs, network
indicators, such as the throughput cannot meet customer needs, affecting user
experience. To improve user experience, you can run the max-link-number

command to set the maximum number of mesh links that can be established
between APs according to actual situations.
Impact
If the number of mesh links of an AP has reached the maximum, the AP does not
set up new mesh links with neighboring APs.
Example
# Set the maximum number of mesh links that can be established between APs to
3.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] max-link-number 3
15.11 mesh-id (Cloud AP)

Function
The mesh-id command sets a Mesh ID for a Mesh profile.
The undo mesh-id command restores the Mesh ID of a Mesh profile to the
default value.
By default, the Mesh ID of a Mesh profile is HUAWEI-WLAN-MESH.
Format
mesh-id name
undo mesh-id
Parameters
name Specifies the Mesh ID of a Mesh profile. The value is a string

of 1 to 32 case-
sensitive characters.
It does not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
Views
Mesh profile view

Default Level
Usage Guidelines
The Mesh ID of a Mesh profile is similar to the SSID. On a Mesh network, AP
radios discover available Mesh services of other APs based on the Mesh ID.
Each Mesh profile must have a Mesh ID. The default Mesh ID of a Mesh profile is
HUAWEI-WLAN-MESH. You can run the mesh-id command to set a Mesh ID for
a Mesh profile.
Example
# Create the Mesh profile test and set the Mesh ID of the profile to mesh-net.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] mesh-id mesh-net
15.12 mesh-profile (Cloud AP)
Function
The mesh-profile command creates a Mesh profile or displays the Mesh profile
view.
The undo mesh-profile command deletes a Mesh profile.
By default, the system provides the Mesh profile default.
Format
mesh-profile name profile-name
undo mesh-profile { all | name profile-name }

Parameters
name profile- Specifies the name of a Mesh profile. The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all Mesh profiles. -

NOTE
The Mesh profile default cannot be deleted.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
After a Mesh profile is applied to an AP radio, Mesh VAPs are created on the radio.
a Mesh profile.
Example
[HUAWEI] wlan
15.13 mesh-profile (WLAN radio interface view)(Cloud

AP)

Function
The mesh-profile command binds a Mesh profile to an AP radio.
The undo mesh-profile command unbinds a Mesh profile from an AP radio.
By default, no Mesh profile is bound to an AP radio.
Format
mesh-profile profile-name [ index index ]
undo mesh-profile
Parameters
profile-name Specifies the name of the Mesh profile The Mesh profile
bound to an AP radio. must exist.
index index Specifies the index of the Mesh profile. The value can be 0
or 1. The default
value is 0.
Views
WLAN radio interface view
Default Level
Usage Guidelines
Usage Scenario
After a Mesh profile is bound to an AP radio, the radio can create a Mesh VAP to
provide Mesh services.
Prerequisites
A Mesh profile has been created and properly configured.
Precautions
Among the VAPs created after a Mesh profile is bound to a radio, the VAP with
the WLAN ID 16 cannot be occupied.
An AP radio can only have one Mesh profile bound.
Example
# Bind the Mesh profile test to radio 0 of an AP.

[HUAWEI-Wlan-Radio0/0/0] mesh-profile test
15.14 mesh-whitelist-profile (Cloud AP)

Function
The mesh-whitelist-profile command creates a Mesh whitelist profile or displays
the Mesh whitelist profile view.
The undo mesh-whitelist-profile command deletes a Mesh whitelist profile.
By default, no Mesh whitelist profile is available in the system.
Format
mesh-whitelist-profile name whitelist-name
undo mesh-whitelist-profile { all | name whitelist-name }
Parameters
name Specifies the name The value is a string of 1 to 35 case-

whitelist- of a Mesh whitelist insensitive characters. It does not contain
name profile. question marks (?) or spaces, and cannot
start or end with double quotation marks
(" ").
all Deletes all Mesh -

whitelist profiles.
Views
WLAN view
Default Level
Usage Guidelines
After a Mesh whitelist profile is created, run the peer-ap mac (Mesh whitelist
profile view) command in the Mesh whitelist profile view to add MAC addresses
of the allowed peer APs to the profile.

Example
# Create the Mesh whitelist profile whitelist and add the MAC address
0001-0001-0001 to the whitelist profile. Bind the Mesh whitelist profile whitelist
to radio 0.
[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-whitelist-profile name whitelist
[HUAWEI-wlan-mesh-whitelist-whitelist] peer-ap mac 0001-0001-0001
[HUAWEI-wlan-mesh-whitelist-whitelist] quit
[HUAWEI-Wlan-Radio0/0/0] mesh-whitelist-profile whitelist
15.15 mesh-whitelist-profile (WLAN radio interface

view)(Cloud AP)
Function
The mesh-whitelist-profile command binds a Mesh whitelist profile to an AP
radio.
The undo mesh-whitelist-profile command unbinds a Mesh whitelist profile from

an AP radio.
By default, no Mesh whitelist profile is bound to an AP radio.
Format
mesh-whitelist-profile whitelist-name [ index index ]
undo mesh-whitelist-profile
Parameters
whitelist- Specifies the name of the Mesh whitelist The Mesh whitelist
name profile bound to an AP radio. profile must exist.
index index Specifies the index of the Mesh whitelist The value can be 0
profile. or 1. The default
value is 0.
Views
Default Level

Usage Guidelines
After a Mesh whitelist profile is applied to an AP radio, the AP radio can only set
up Mesh links with neighboring APs whose MAC addresses are in the Mesh
whitelist profile.
You can configure different values of index index for radios on an AP to reference
different Mesh whitelist profile. If you specify index index for multiple times in the
same radio view, the latest configuration overwrites the old one.
Example
to radio 0.
[HUAWEI] wlan
15.16 peer-ap mac (Mesh whitelist profile view)

(Cloud AP)
Function
The peer-ap mac command adds MAC addresses of neighboring APs that are
allowed to connect to an AP to a Mesh whitelist profile.
The undo peer-ap mac command deletes the MAC addresses of neighboring APs
from a Mesh whitelist profile.
By default, no MAC address of a neighboring AP is added to a Mesh whitelist

profile.
Format
peer-ap mac mac-address
undo peer-ap mac mac-address
Parameters
mac-address Specifies the MAC address of a The value is in H-H-

neighboring AP to be added to a Mesh H format. An H is a
whitelist profile. hexadecimal
number of 4 digits.

Views
Mesh whitelist profile view
Default Level
Usage Guidelines
Usage Scenario
After a Mesh whitelist profile is created, you can run the peer-ap mac command
to add neighboring APs' MAC addresses to the profile.
If a Mesh whitelist profile is bound to a Mesh profile, only APs with MAC
addresses in the Mesh whitelist profile can access the local AP, and other APs are
denied access.
In vehicle-ground fast handover application scenarios, you need to configure Mesh
whitelists for trackside APs and vehicle-mounted APs, which can prevent a vehicle-
mounted AP from connecting to trackside APs along a different track or a
trackside AP from connecting to the vehicle-mounted AP along a different track.
Precautions
A maximum of 512 MAC addresses can be added to a Mesh whitelist.
Example
to radio 0.
[HUAWEI] wlan
15.17 security-profile (Mesh profile view) (Cloud AP)

Function
The security-profile command binds a security profile to a Mesh profile.
The undo security-profile command restores the default security profile bound to
a Mesh profile.
By default, the security profile default-mesh is bound to a Mesh profile.
Format
security-profile profile-name

undo security-profile
Parameters
profile-name Specifies the name of the security profile The security profile
bound to a Mesh profile. must exist.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
Before a Mesh profile is applied to an AP radio to establish Mesh links, the Mesh
profile must have a security profile bound to ensure Mesh link security.
Precautions
After a security profile is bound to a Mesh profile, the authentication policy and
encryption mode in the security profile cannot be changed, but the authentication
key can be changed.
A Mesh profile can only have one security profile bound. If you run the command
multiple times in the same Mesh profile view, the latest configuration overwrites
the old one.
Example
# Create the security profile sec and set the security policy to WPA2+PSK+AES.
Create the Mesh profile test and bind the security profile to the Mesh profile.
[HUAWEI] wlan
[HUAWEI-wlan-view] security-profile name sec
[HUAWEI-wlan-sec-prof-sec] security wpa2 psk pass-phrase password@123 aes
[HUAWEI-wlan-sec-prof-sec] quit
[HUAWEI-wlan-mesh-prof-test] security-profile sec

Fat AP and Cloud AP 16 Vehicle-Ground Fast Link Handover Configuration
16 Vehicle-Ground Fast Link Handover

Configuration Commands
About This Chapter
Vehicle-ground fast link handover is supported only by the AP9130DN, AP9131DN,

and AP9132DN.
16.1 antenna-output
16.2 client-mode enable
16.3 dhcp trust port (Mesh profile view)
16.4 display mesh vap
16.5 display mesh-handover-profile
16.6 display mesh-handover-trace
16.7 display mesh-neighbor-rssi
16.8 display mesh-profile
16.9 display mesh-proxy-equip
16.10 display mesh-whitelist-profile
16.11 display references mesh-handover-profile
16.12 display references mesh-profile
16.13 display references mesh-whitelist-profile
16.14 display wlan mesh link
16.15 display wlan mesh switch-record all
16.16 link-aging-time
16.17 link-hold-period
16.18 link-probe-interval

16.19 link-report-interval
16.20 link-rssi-threshold
16.21 location-based-algorithm enable
16.22 max-link-number
16.23 max-rssi-threshold
16.24 mesh-handover-profile
16.25 mesh-handover-profile (Mesh profile view)
16.26 mesh-id
16.27 mesh-profile
16.28 mesh-profile (WLAN radio interface view)
16.29 mesh-proxy onboard-equip
16.30 mesh-proxy trackside-equip
16.31 mesh-whitelist-profile
16.32 mesh-whitelist-profile (WLAN radio interface view)
16.33 min-rssi-threshold
16.35 priority-map dscp (Mesh profile view)
16.36 priority-map trust (Mesh profile view)
16.37 p-n criteria
16.38 rssi-margin
16.39 security-profile (Mesh profile view)
16.40 switch-probe-interval
16.41 urgent-handover low-rate
16.42 urgent-handover punishment
16.1 antenna-output
Function
The antenna-output command configures an output mode of a 2.4G/5G antenna.
The undo antenna-output command restores the default output mode of a
2.4G/5G antenna.
By default, a 2.4G/5G antenna uses split output.

Format
antenna-output { split | combine }
undo antenna-output
Parameters
split Indicates the split mode of a 2.4G/5G -

antenna.
combine Indicates the combination mode of a -

2.4G/5G antenna.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
In train-ground communication scenarios, you can use the antenna-output split

command to configure the split mode of a 2.4G/5G antenna. The antenna uses
either the 2.4 GHz radio to provide wireless coverage in the carriage, or the 5 GHz
radio to provide wireless bridging between carriages.
In train-ground communication scenarios, you can use the antenna-output

combine command to configure the combination mode of a 2.4G/5G antenna.
The antenna uses the 2.4 GHz and 5 GHz radios to simultaneously provide
wireless bridging between carriages.
Precautions
This command is supported only by APs supporting antenna combination and split
modes.
Example
# Configure the combination mode of a 2.4G/5G antenna.
[HUAWEI] wlan
[HUAWEI-wlan-view] antenna-output combine

16.2 client-mode enable

Function
The client-mode enable command enables the Mesh client mode.
The undo client-mode enable command disables the Mesh client mode.
By default, the Mesh client mode is disabled.
Format
client-mode enable
undo client-mode enable
Parameters
None
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
Trackside APs are deployed by segment (for example, only in stations) instead of
along the railway line. To meet throughput or coverage efficiency requirements,
you need to configure trackside APs to work in different channels. Vehicle-
mounted APs scan channels of neighboring APs to perform Mesh link handovers.
Precautions
The Mesh handover mode and Mesh client mode are mutually exclusive in a Mesh
profile.
A vehicle-ground communication scenario supports either the Mesh handover

mode or the Mesh client mode, but not both. Ensure that the same Mesh mode
(handover or client) is configured on vehicle-mounted APs and trackside APs.
Otherwise, Mesh links may fail to be set up for vehicle-ground communication, or
services are affected even if Mesh links can be set up.
Radios of a trackside AP cannot have both the Mesh handover and client modes
configured. For example, if radio 1 and radio 2 of a trackside AP have the Mesh
handover mode and Mesh client mode configured, respectively, the AP will fail to
set up a Mesh link with a vehicle-mounted AP.

Run the scan-channel-set command to configure channels to be scanned by

vehicle-mounted APs. Otherwise, a vehicle-mounted AP can scan only the current
working channel.
The Mesh client mode is supported only by the AP9130DN, AP9131DN, and
AP9132DN.
Example
# Enable the Mesh client mode for Mesh profile test.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] client-mode enable
16.3 dhcp trust port (Mesh profile view)

Function
The dhcp trust port command enables a DHCP trusted port in a Mesh profile.
The undo dhcp trust port command disables a DHCP trusted port in a Mesh
profile.
By default, a DHCP trusted port is enabled in a Mesh profile.
Format
dhcp trust port
undo dhcp trust port
Parameters
None
Views
Mesh profile view
Default Level
Usage Guidelines
After a DHCP trusted port is enabled in a Mesh profile and the Mesh profile is
applied to an AP, the AP receives the DHCP OFFER, ACK, and NAK packets sent by
authorized DHCP servers and forwards the packets to STAs so that the STAs can
obtain valid IP addresses and go online.
Example
# Enable a DHCP trusted port in the Mesh profile test.

[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] dhcp trust port
16.4 display mesh vap

Function
The display mesh vap command displays information about a Mesh VAP.
Format
display mesh vap { all | mesh-id mesh-id }
Parameters
mesh-id Displays information about Mesh VAPs The Mesh ID must

mesh-id of a specified Mesh ID. exist.

VAPs.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to view information about a specified Mesh VAP or all
Mesh VAPs.
Example
# Display information about all Mesh VAPs.
<HUAWEI> display mesh vap all
WID : WLAN ID
------------------------------------------------------------------------------------------------
AP MAC RfID WID Mesh ID BSSID Auth type Mesh links
------------------------------------------------------------------------------------------------
dcd2-fc21-5d40 0 16 HUAWEI-WLAN-MESH 00E0-FC21-5D4F WPA2-PSK 3
------------------------------------------------------------------------------------------------
Total: 1

Table 16-1 Description of the display mesh vap command output
Item Description
AP MAC AP MAC.
RfID Radio ID.
Mesh ID Mesh ID.

mesh-id command.
Mesh links Number of Mesh links.
16.5 display mesh-handover-profile

Function
The display mesh-handover-profile command displays reference or configuration
information about a Mesh handover profile.
Format
display mesh-handover-profile { all | name profile-name }
Parameters

Mesh handover profiles.
name profile- Displays information about a specified The Mesh handover

name Mesh handover profile. profile must exist.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can run the display mesh-handover-profile command to view the number of
times a Mesh handover profile is referenced by a Mesh profile or parameter
settings of a specified Mesh handover profile.
Example
# Display reference information about all Mesh handover profiles.
<HUAWEI> display mesh-handover-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
default 0
test 2
--------------------------------------------------------------------------------
Total: 2
Table 16-2 Description of the display mesh-handover-profile all command

output
Item Description
Profile name Name of a Mesh handover profile.

mesh-handover-profile command.
Reference Number of times a Mesh handover

profile is referenced by a Mesh profile.
# Display information about the Mesh handover profile test.

<HUAWEI> display mesh-handover-profile name test
--------------------------------------------------------------------------------
Handover location based algorithm switch : disable
Handover location based algorithm moving direction : undetermined
Handover probe interval(ms) : 100
Handover Max RSSI threshold(dBm) : -20
Handover Min RSSI threshold(dBm) : -60
Handover hold period(ms) : 4000
Handover RSSI margin(dB) : 10
Handover P-N criteria observe time :3
Handover P-N criteria qualify time :2
Urgent handover low rate threshold(Mbps) : 10
Urgent handover low rate period(ms) : 2000
Urgent handover punishment period(ms) : 2000
Urgent handover punishment RSSI(dB) : 10
--------------------------------------------------------------------------------

Table 16-3 Description of the display mesh-handover-profile name command

output
Item Description
Handover location based algorithm Status of the location-based enhanced

switch fast link handover algorithm.
● disable: The algorithm is disabled.
● enable: The algorithm is enabled.
location-based-algorithm enable
command.
Handover location based algorithm Moving direction of the vehicle-

moving direction mounted AP when the location-based
enhanced fast link handover algorithm
is enabled.
● backward: The vehicle-mounted AP
moves from the trackside AP with
the largest sequence number to the
trackside AP with the smallest
sequence number.
● forward: The vehicle-mounted AP
moves from the trackside AP with
the smallest sequence number to
the trackside AP with the largest
sequence number.
● undetermined: The vehicle-
mounted AP automatically adjusts
its moving direction.
location-based-algorithm enable
moving-direction { backward |
forward | undetermined } command.
Handover probe interval Mesh link probe interval.

link-probe-interval command.
Handover Max RSSI threshold Maximum RSSI threshold of a Mesh

link.
max-rssi-threshold command.
Handover Min RSSI threshold Minimum RSSI threshold of a Mesh

link.
min-rssi-threshold command.

Item Description
Handover hold period Holding time of a Mesh link.

link-hold-period command.
Handover RSSI margin RSSI threshold for a Mesh link

handover.
rssi-margin command.
Handover P-N criteria observe time Observing value in the P/N criterion.
To configure this parameter, run the p-
n criteria command.
Handover P-N criteria qualify time Qualified value in the P/N criterion.
To configure this parameter, run the p-
n criteria command.
Urgent handover low rate threshold Minimum rate threshold for an

emergency handover.
urgent-handover low-rate command.
Urgent handover low rate period Minimum rate holding time for an
emergency handover.
urgent-handover low-rate command.
Urgent handover punishment period Penalty period for an emergency

handover.
urgent-handover punishment
command.
Urgent handover punishment RSSI Penalty level for an emergency

handover.
urgent-handover punishment
command.
16.6 display mesh-handover-trace

Function
The display mesh-handover-trace command displays roaming traces of a vehicle-
mounted AP.

Format
display mesh-handover-trace
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command displays roaming traces of a vehicle-mounted AP, which helps you
to determine trackside APs connected to the vehicle-mounted AP and link
handover information.
Example
# Display roaming traces of a vehicle-mounted AP.
<HUAWEI> display mesh-handover-trace
Index Timestamp From AP MAC/RSSI/Location-ID To AP MAC/RSSI/Location-ID
------------------------------------------------------------------------------
1 15:31:20 0000-0000-0001/-60/- 0000-0000-0002/-50/-
2 15:31:40 0000-0000-0002/-60/- 0000-0000-0003/-50/-
3 15:32:00 0000-0000-0003/-60/- 0000-0000-0004/-50/-
------------------------------------------------------------------------------
Table 16-4 Description of the display mesh-handover-trace command output
Item Description
Index Sequence number of a roaming trace.
Timestamp Time when a link handover occurs.
From AP MAC/RSSI/Location-ID MAC address, RSSI (unit: dBm), and

location ID of a trackside AP from
which the vehicle-mounted AP
disconnects the active Mesh link.
NOTE
If APs are named based on their locations,
this field displays as AP name/MAC/Radio/
Location-ID; otherwise, this field displays
as hyphen (-).

Item Description
To AP MAC/RSSI/Location-ID MAC address, RSSI (unit: dBm), and

location ID of a trackside AP to which
the vehicle-mounted AP switches the
active Mesh link.
NOTE
as hyphen (-).
16.7 display mesh-neighbor-rssi

Function
The display mesh-neighbor-rssi command displays RSSI information collected by
an AP.
Format
display mesh-neighbor-rssi [ interface radio-interface ] [ max-neighbor-
number max-number ]
Parameters
interface Displays RSSI The radio interface must exist.

radio- information collected on
interface a specified radio
interface.
specified, RSSI
information collected on
all radio interfaces of an
AP is displayed.
max- Specifies the maximum The value is an integer that ranges

neighbor- number of neighboring from 1 to 256.
number APs of which RSSI
max-number information collected by
the AP can be displayed.
specified, RSSI
neighboring APs
collected by the AP is
displayed.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
The command can also display RSSI information of trackside APs. If a vehicle-
mounted AP and a trackside AP are on Mesh whitelists of each other, the vehicle-
mounted AP can collect RSSI information of the trackside AP.
Example
# Display RSSI information collected by an AP.
<HUAWEI> display mesh-neighbor-rssi
AP MAC/Radio/Location-ID Neighbor AP/MAC/Location-ID RSSI Update Time
--------------------------------------------------------------------------------
00e0-fc12-3457/dcd2-fc21-5d40/0/- -/00e0-fc12-3458/0 -37 22:29:47
00e0-fc12-3457/dcd2-fc21-5d40/0/- -/00e0-fc12-3458/0 -36 22:29:47
00e0-fc12-3457/dcd2-fc21-5d40/0/- -/00e0-fc12-345/0 -37 22:29:47
--------------------------------------------------------------------------------
Total: 3
Table 16-5 Description of the display mesh-neighbor-rssi command output

Item Description
AP MAC/Radio/Location-ID MAC address, radio ID, and location ID

of the local AP.
NOTE
as hyphen (-).
Neighbor AP/MAC/Location-ID Name, MAC address, and location ID

of a neighboring AP.
NOTE
as hyphen (-).
RSSI RSSI of a neighboring AP.
Update Time Time when RSSI information is

collected.

16.8 display mesh-profile

Function
The display mesh-profile command displays reference or configuration
information about Mesh profiles.
Format
display mesh-profile { all | name profile-name }
Parameters

Mesh profiles.
name profile- Displays reference information about a The Mesh profile

name specified Mesh profile. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display mesh-profile command to view the number of times a
Mesh profile is referenced or configuration information of a specified Mesh profile.
Example
# Display reference information about all Mesh profiles.
<HUAWEI> display mesh-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
default 0
test 2
--------------------------------------------------------------------------------
Total: 2

Table 16-6 Description of the display mesh-profile all command output

Item Description
Profile name Mesh profile name.

mesh-profile command.
Reference Number of times a Mesh profile is

referenced.
# Display information about the Mesh profile test.

<HUAWEI> display mesh-profile name test
--------------------------------------------------------------------------------
Mesh handover profile :
Security profile : default-mesh
Mesh ID : HUAWEI-WLAN-MESH
Max link number :8
Link RSSI threshold(dBm) : -75
Link report interval(s) : 30
Link aging timeout(s) : 60
Priority map trust : DSCP
Priority map mode : DSCP map 802.11e
0-7 map 0
8-15 map 1
16-23 map 2
24-31 map 3
32-39 map 4
40-47 map 5
48-55 map 6
56-63 map 7
DHCP trust port : enable
Client mode : disable
Switch probe interval(s) : 10
--------------------------------------------------------------------------------
Table 16-7 Description of the display mesh-profile name command output

Item Description
Mesh handover profile Mesh handover profile bound to a

Mesh profile.
Security profile Security profile bound to a Mesh

profile.
security-profile (Mesh profile view)
command.

Item Description

mesh-id command.
Max link number Maximum number of Mesh links

allowed on an AP.
max-link-number command.
Link RSSI threshold RSSI threshold of a Mesh link.

link-rssi-threshold command.
Link report interval Interval for reporting Mesh link

information.
link-report-interval command.
Link aging timeout Aging time of a Mesh link.

link-aging-time command.
Priority map trust Priority mapping trusted by the Mesh

air interface.
priority-map trust (Mesh profile
view) command.
Priority map mode Mapping from DSCP priorities to

802.11e user priorities on the Mesh air
interface.
priority-map dscp (Mesh profile
view) command.
DHCP trust port Whether to enable a DHCP trusted

port in a Mesh profile.
● enable: A DHCP trusted port is
enabled.
● disable: A DHCP trusted port is
disabled.
dhcp trust port (Mesh profile view)
command.

Item Description
Client mode Whether to enable the Mesh client

mode.
● enable: The Mesh client mode is
enabled.
● disable: The Mesh client mode is
disabled.
Beacon 2.4G rate Transmit rate of 2.4 GHz management

Beacon 5G rate Transmit rate of 5 GHz management

Switch probe interval Mesh handover probe interval

configured in the Mesh profile.
switch-probe-interval command.
Only vehicle-mounted APs support this
parameter.
16.9 display mesh-proxy-equip

Function
The display mesh-proxy-equip command displays devices that use the vehicle-
mounted AP as a proxy device.
Format
display mesh-proxy-equip
Parameters
None
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can use the command to view ground and vehicle-mounted devices that use
the vehicle-mounted AP as a proxy device.
Example
# Display devices that use the vehicle-mounted AP as a proxy device.
<HUAWEI> display mesh-proxy-equip
--------------------------------------------------------------------------------
Proxy mode MAC address VlAN ID
--------------------------------------------------------------------------------
trackside 0000-0000-0001 100
onboard 0000-0000-0001 100
--------------------------------------------------------------------------------
Table 16-8 Description of the display mesh-proxy-equip command output
Item Description
Proxy mode Proxy mode.

● trackside: Indicates a proxied
ground device.
● trackside: Indicates a proxied
vehicle-mounted device.
mesh-proxy trackside-equip and
mesh-proxy onboard-equip
commands.
MAC address MAC address of the proxied device.
VlAN ID VLAN ID of the proxied device.
16.10 display mesh-whitelist-profile

Function
The display mesh-whitelist-profile command displays reference or configuration
Format
display mesh-whitelist-profile { all | name whitelist-name }
Parameters

Mesh whitelist profiles.

name Displays information about a specified The Mesh whitelist

whitelist- Mesh whitelist profile. profile must exist.
name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display mesh-whitelist-profile command to view the number of
times a Mesh whitelist profile is referenced or MAC addresses added in a specified
Mesh whitelist profile.
Example
# Display reference information about all Mesh whitelist profiles.
<HUAWEI> display mesh-whitelist-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
default 0
test 2
--------------------------------------------------------------------------------
Total: 2
Table 16-9 Description of the display mesh-whitelist-profile all command

output
Item Description
Profile name Name of a Mesh whitelist profile.

mesh-whitelist-profile command.
Reference Number of times a Mesh whitelist

# Display information about the Mesh whitelist profile test.

<HUAWEI> display mesh-whitelist-profile name test
--------------------------------------------------------------------------------
Mesh whitelist name: test
Mesh whitelist MAC list information:
--------------------------------------------------------------------------------
Index MAC

--------------------------------------------------------------------------------
0 00e0-fc76-e360
1 00e0-fc74-9640
--------------------------------------------------------------------------------
Total: 2
Table 16-10 Description of the display mesh-whitelist-profile name command

output
Item Description
Index Mesh whitelist ID in a Mesh whitelist

profile.
MAC MAC address on a Mesh whitelist.

peer-ap mac (Mesh whitelist profile
view) command.
16.11 display references mesh-handover-profile

Function
The display references mesh-handover-profile command displays information
about Mesh profiles by which a specified Mesh handover profile is referenced.
Format
display references mesh-handover-profile name profile-name
Parameters
name profile- Displays information about the Mesh The Mesh handover
name profiles by which a specified Mesh profile must exist.
handover profile is referenced.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references mesh-handover-profile command to check
the Mesh profiles by which a Mesh handover profile is referenced.

Example
# Display information about Mesh profiles by which the Mesh handover profile
test is referenced.
<HUAWEI> display references mesh-handover-profile name test
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Mesh profile profile-1
Mesh profile profile-2
--------------------------------------------------------------------------------
Total: 2
Table 16-11 Description of the display references mesh-handover-profile

command output
Item Description

A Mesh handover profile can only be
referenced by a Mesh profile.

profile view) command in the Mesh
profile view.
16.12 display references mesh-profile

Function
The display references mesh-profile command displays reference information
about a Mesh profile.
Format
display references mesh-profile name profile-name
Parameters
name profile- Specifies the name of a Mesh profile. The Mesh profile
name must exist.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references mesh-profile command to check reference
information about a Mesh profile.
Example
# Display reference information about the Mesh profile test.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Total: 1
Table 16-12 Description of the display references mesh-profile command output
Item Description
Reference type Type of the profile to which the Mesh

profile is bound.
Reference name Interface to which a Mesh profile is

applied.
WLAN ID WLAN ID to which a Mesh profile is

bound.
16.13 display references mesh-whitelist-profile

Function
The display references mesh-whitelist-profile command displays reference
Format
display references mesh-whitelist-profile name whitelist-name

Parameters
name Displays reference information about a The Mesh whitelist

whitelist- specified Mesh whitelist profile. profile must exist.
name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references mesh-whitelist-profile command to check
reference information about a specified Mesh whitelist profile.
Example
# Display reference information about the Mesh whitelist profile test.
<HUAWEI> display references mesh-whitelist-profile name test
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
AP group default
--------------------------------------------------------------------------------
Total: 1
Table 16-13 Description of the display references mesh-whitelist-profile

command output
Item Description


mesh-whitelist-profile (radio view)
command in the radio view.

16.14 display wlan mesh link

Function
The display wlan mesh link command displays information about a Mesh link.
Format
display wlan mesh link { all | mesh-profile profile-name | peer-mac peer-mac }
Parameters

links.
mesh-profile Displays information about Mesh links in The Mesh profile

profile-name a specified Mesh profile. must exist.
peer-mac Displays information about the Mesh link The MAC address
peer-mac on a specified peer MAC address. must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display wlan mesh link command to view information about a
Mesh link.
Example
# Display information about all Mesh links.
<HUAWEI> display wlan mesh link all
------------------------------------------------------------------------------------------------------------------------------
----
TSNR SNR(Ch0~3:dB)
Index Tx(Mbps) Rx(Mbps) Mesh ID
------------------------------------------------------------------------------------------------------------------------------
----

00e0-fc75-04e0 AP_0 00e0-fc5a-adc0 1 3 157 node - -15 -15 0 15 76

68/75/66/-
0 54 54 mesh-id
------------------------------------------------------------------------------------------------------------------------------
----
Total: 1
# Display information about the Mesh link on a specified peer MAC address.
<HUAWEI> display wlan mesh link peer-mac 00e0-fc90-6180
------------------------------------------------------------------------------------------------------------------------------
----
TSNR SNR(Ch0~3:dB)
Index Tx(Mbps) Rx(Mbps) LinkStatus Mesh ID
------------------------------------------------------------------------------------------------------------------------------
----
00e0-fc15-d2e0 00e0-fc90-6180 00e0-fc90-6180 1 3 157 node - -51 -40 0 0 39
28/38/29/-
0 243 40 - y-mesh
------------------------------------------------------------------------------------------------------------------------------
----
Table 16-14 Description of the display wlan mesh link command output
Item Description
APMAC MAC address of the local AP.
P-APMAC MAC address of the peer AP.
Rf Radio ID of the local AP.
Dis Radio coverage distance parameter of

the local AP.
Ch Working channel of a Mesh link.
Mesh Mesh role of the local AP.
P-Status Status of the peer AP.
RSSI RSSI of the peer AP.
MaxR Maximum RSSI threshold of a Mesh

link.
Per Packet error ratio of a Mesh link.
Re Packet retransmission ratio of a Mesh

link.
TSNR Total SNR of Mesh links.
SNR(Ch0~3:dB) SNR of each spatial stream of a Mesh

link.

Item Description
Mesh ID Mesh ID in the Mesh profile.
Tx(Mbps) Transmit rate.
Rx(Mbps) Receive rate.
LinkStatus Link status.
16.15 display wlan mesh switch-record all

Function
The display wlan mesh switch-record all command displays the records about
Mesh configuration switching of vehicle-mounted APs.
Format
display wlan mesh switch-record all
Parameters
None
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
You can run this command to view the records about Mesh configuration
switching of vehicle-mounted APs.
Precautions
A maximum of latest 50 records can be displayed.
Example
# Display the records about Mesh configuration switching of vehicle-mounted APs.
<HUAWEI> display wlan mesh switch-record all
---------------------------------------------------------------------------------------
RfID Ch Mesh ID Auth type Index Time
---------------------------------------------------------------------------------------
0 1 Mesh1 WPA2-PSK 0 19:30:00 2018/04/11
0 25 Mesh0 WPA2-PSK 1 19:25:00 2018/04/11

---------------------------------------------------------------------------------------
Total:2
Table 16-15 Description of the display wlan mesh switch-record all command
output
Item Description
RfID Radio ID.
Ch Channel.
Time Time when the Mesh configuration

was switched.
16.16 link-aging-time
Function
The link-aging-time command sets the aging time of a Mesh link.
The undo link-aging-time command restores the default aging time of a Mesh
link.
The default aging time of a Mesh link is 60 seconds.
Format
link-aging-time aging-time
undo link-aging-time
Parameters
aging-time Specifies the aging time of a Mesh link. The value is an

integer that ranges
from 5 to 60, in
seconds. The default
value is 60.
Views
Mesh profile view

Default Level
Usage Guidelines
If a Mesh node cannot receive keepalive packets from a neighboring node for a
period of time greater than or equal to the aging time of a Mesh link, the Mesh
node considers the Mesh link disconnected and will reselect a link.
In a fast changing radio environment, if the aging time of a Mesh link is set to a
small value, Mesh links may be frequently disconnected or reselected, causing
network flapping. If the aging time of a Mesh link is set to a large value, a Mesh
node cannot reselect Mesh links in a timely manner, causing service interruption.
Therefore, you need to configure a proper aging time for Mesh links based on
actual situations.
Example
# Set the aging time of a Mesh link to 10s.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] link-aging-time 10
16.17 link-hold-period
Function
The link-hold-period command sets the holding time of a Mesh link.
The undo link-hold-period command restores the default holding time of a Mesh
link.
By default, the holding time of a Mesh link is 4000 ms.
Format
link-hold-period value
undo link-hold-period
Parameters
value Specifies the holding The value is an integer that ranges

time of a Mesh link. from 1000 to 60000, in milliseconds.

Views
Mesh handover profile view
Default Level
Usage Guidelines
Unstable radio environments may cause frequent handovers of the active Mesh
link, degrading quality of vehicle-ground communications. To prevent frequent
handovers, you can configure a proper holding time for the active link. The serving
time of the active link must be longer than or equal to the configured holding
time; otherwise, the vehicle-mounted AP can only implement an emergency
handover, not a common handover.
Example
# Set the holding time of a Mesh link to 5000 ms in the Mesh handover profile
huawei.
[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-handover-profile name huawei
[HUAWEI-wlan-mesh-handover-huawei] link-hold-period 5000
16.18 link-probe-interval
Function
The link-probe-interval command sets a Mesh link probe interval in a Mesh
handover profile.
The undo link-probe-interval command restores the default Mesh link probe
interval in a Mesh handover profile.
By default, the Mesh link probe interval is 100 ms in a Mesh handover profile.
Format
link-probe-interval value
undo link-probe-interval
Parameters
value Specifies the interval for The value is an integer that ranges
detecting Mesh links. from 50 to 6000, in milliseconds. The

Views
Default Level
Usage Guidelines
In vehicle-ground communication scenarios, a vehicle-mounted AP periodically
sends unicast probe frames to detect RSSIs of Mesh links and executes the
handover algorithm based on the detection result. A larger interval delays link
handover, interrupting vehicle-ground communications. A smaller interval
increases air port costs and burden on the vehicle-mounted AP. Therefore, you
need to configure a proper interval for detecting Mesh links according to train
operating conditions.
Precautions
You are advised to set the same Mesh link probe interval for vehicle-mounted APs
and trackside APs.
Example
# Set the Mesh link probe interval to 150 ms in the Mesh handover profile test.
[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-handover-profile name test
[HUAWEI-wlan-mesh-handover-test] link-probe-interval 150
16.19 link-report-interval
Function
The link-report-interval command sets the interval at which an AP reports Mesh
link information to the system.
The undo link-report-interval command restores the default interval at which an

AP reports Mesh link information to the system.
By default, an AP reports Mesh link information to the system at an interval of 30

seconds.
Format
link-report-interval report-interval
undo link-report-interval

Parameters
report-interval Specifies the interval at The value is an integer

which an AP reports that ranges from 5 to
Mesh link information to 3600, in seconds. The
the system. default value is 30.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
In vehicle-ground communication scenarios, a vehicle-mounted AP connects to a
limited number of trackside APs. Frequent reports of Mesh link information occupy
a few system resources. Therefore, you do not need to run the link-report-
interval command in the vehicle-ground communication scenarios.
Example
# Set the interval at which an AP reports Mesh link information to the system to
20s.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] link-report-interval 20
16.20 link-rssi-threshold
Function
The link-rssi-threshold command sets the received signal strength indicator
(RSSI) threshold of a mesh link.
The undo link-rssi-threshold command restores the default RSSI threshold of a
mesh link.
By default, the RSSI threshold of a mesh link is -75 dBm.
Format
link-rssi-threshold threshold-value
undo link-rssi-threshold

Parameters
threshold- Specifies the RSSI threshold of a mesh The value is an

value link. integer that ranges
from -90 to -20, in
dBm. The default
value is -75.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
The RSSI threshold of a mesh link indicates the minimum RSSI of the mesh link. If
the RSSI of an MP that joins a WMN is lower than the RSSI threshold configured
using the link-rssi-threshold command, the routing information table of the mesh
link is updated and routing information about the MP is deleted.
Example
# Set the RSSI threshold of mesh links to -60 dBm.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] link-rssi-threshold -60
16.21 location-based-algorithm enable

Function
The location-based-algorithm enable command enables the location-based
enhanced fast link handover algorithm and sets the moving direction of the
vehicle-mounted AP.
The undo location-based-algorithm enable command disables the location-

based enhanced link handover algorithm.
By default, the location-based enhanced fast link handover algorithm is disabled

and the moving direction of the vehicle-mounted AP is undetermined.

Format
location-based-algorithm enable [ moving-direction { backward | forward |
undetermined } ]
undo location-based-algorithm enable
Parameters
backward Configures the vehicle- -

mounted AP to move
from the trackside AP
with the largest
sequence number to the
trackside AP with the
smallest sequence
number.
forward Configures the vehicle- -

mounted AP to move
from the trackside AP
with the smallest
sequence number to the
trackside AP with the
largest sequence
number.
undetermine Indicates that the -

d moving direction of the
vehicle-mounted AP is
undetermined.
If this parameter is
specified, the vehicle-
mounted AP
automatically adjusts its
moving direction.
Views
Default Level
Usage Guidelines
Usage Scenario

After the location-based enhanced link handover algorithm is enabled, the

vehicle-mounted AP will switch the active link to the nearest trackside AP that
meets handover requirements.
In vehicle-ground communication scenarios, signals of a trackside AP distant from
a train may be temporarily better than the trackside AP near the train due to radio
environment changes. If an active link handover occurs at this time, the active link
may be incorrectly switched to the distant trackside AP. To prevent incorrect
handovers and improve vehicle-ground communication quality, you can use the
location-based enhanced link handover algorithm. This algorithm requires that
trackside APs be named in ascending or descending order of sequence numbers.
Trackside APs should be named in head-name_sequence-number format. head-
name describes track line information and can be different for trackside APs on
the same track. It is recommended that you set the same head-name for APs on a
track to differentiate tracks. sequence-number of APs along a track must be in
descending or ascending order. The sequence numbers of trackside APs can be set
with unequal steps. head-name and sequence-number are separated using an
underscore (_), for example, L1_001, L1_002, L1_005, L1_010.
NOTICE
Moving directions of the vehicle-mounted APs in the front and rear of a train
cannot be backward or forward at the same time; otherwise, the location-based
link handover algorithm makes incorrect calculations when the train switches its
forward direction. For example, if the moving direction of the vehicle-mounted AP
in the front is set to forward, the moving direction of the vehicle-mounted AP in
the rear must be set to backward.
Example
# Enable the location-based enhanced link handover algorithm and set the
moving direction of the vehicle-mounted AP to forward.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-handover-huawei] location-based-algorithm enable moving-direction forward
16.22 max-link-number
Function
The max-link-number command sets the maximum number of mesh links that
can be established between APs.
The undo max-link-number command restores the default maximum number of
mesh links that can be established between APs.
By default, a maximum of eight mesh links can be established between APs.
Format
max-link-number link-num

undo max-link-number
Parameters
link-num Specifies the maximum number of mesh The value is an

links that can be established between integer that ranges
APs. from 1 to 32.
Views
Mesh profile view
Default Level
Usage Guidelines
Usage Scenario
When an AP sets up too many Mesh links with neighboring APs, network
indicators, such as the throughput cannot meet customer needs, affecting user
experience. To improve user experience, you can run the max-link-number
command to set the maximum number of mesh links that can be established
between APs according to actual situations.
Impact
If the number of mesh links of an AP has reached the maximum, the AP does not
set up new mesh links with neighboring APs.
Example
# Set the maximum number of mesh links that can be established between APs to
3.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] max-link-number 3
16.23 max-rssi-threshold
Function
The max-rssi-threshold command sets the maximum RSSI threshold of a Mesh
link in a Mesh handover profile.
The undo max-rssi-threshold command restores the default maximum RSSI

threshold of a Mesh link in a Mesh handover profile.

By default, the maximum RSSI threshold of a Mesh link is -20 dBm in a Mesh
handover profile.
Format
max-rssi-threshold value
undo max-rssi-threshold
Parameters
value Specifies the maximum The value is an integer that ranges

RSSI threshold of a from -90 to 0, in dBm. The default
Mesh link. value is -20.
Views
Default Level
Usage Guidelines
During a vehicle-ground fast link handover, the vehicle-mounted AP selects the
candidate link of the best quality as the active link from the candidate area (the
RSSI range of a candidate area is from the minimum RSSI threshold to the
maximum RSSI threshold of the Mesh link). An emergency handover is triggered
when the RSSI of the current active link is out of the RSSI range of the candidate
area (falls below the minimum RSSI threshold of a Mesh link or exceeds the
maximum RSSI threshold of a Mesh link).
In actual scenarios, set proper minimum and maximum RSSIs of a Mesh link
according to network deployment. Improper values result in frequent emergency
handovers or untimely handovers, degrading vehicle-ground fast link handover
performance.
Example
# Set the maximum RSSI threshold of a Mesh link to -15 dBm in the Mesh
handover profile huawei.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-handover-huawei] max-rssi-threshold -15
16.24 mesh-handover-profile

Function
The mesh-handover-profile command creates a Mesh handover profile or
displays the Mesh handover profile view.
The undo mesh-handover-profile command deletes a Mesh handover profile.
By default, the system provides the Mesh handover profile default.
Format
mesh-handover-profile name profile-name
undo mesh-handover-profile { all | name profile-name }
Parameters
name profile- Specifies the name of a Mesh handover The value is a string
name profile. of 1 to 35 case-
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all Mesh handover profiles. -

NOTE
The Mesh handover profile default cannot be
deleted.
Views
WLAN view
Default Level
Usage Guidelines
After a Mesh handover profile is bound to a Mesh profile, the Mesh profile can
provide the vehicle-ground fast link handover function and apply to vehicle-
ground communication scenarios.
Example
# Create the Mesh handover profile handover and bind it to the Mesh profile test.

[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-handover-profile name handover
[HUAWEI-wlan-mesh-handover-handover] quit
[HUAWEI-wlan-mesh-prof-test] mesh-handover-profile handover
16.25 mesh-handover-profile (Mesh profile view)
Function
The mesh-handover-profile command binds a Mesh handover profile to a Mesh
profile.
The undo mesh-handover-profile command unbinds a Mesh handover profile
from a Mesh profile.
By default, no Mesh handover profile is bound to a Mesh profile.
Format
mesh-handover-profile profile-name
undo mesh-handover-profile
Parameters
profile-name Specifies the name of the Mesh The Mesh handover

handover profile bound to a Mesh profile must exist.
profile.
Views
Mesh profile view
Default Level
Usage Guidelines
You can run the mesh-handover-profile command to bind a Mesh handover
profile to a Mesh profile so that the Mesh profile can provide the vehicle-ground
fast link handover function and apply to vehicle-ground communication scenarios.
Example
# Create the Mesh handover profile handover and bind it to the Mesh profile test.
[HUAWEI] wlan

[HUAWEI-wlan-view] mesh-handover-profile name handover

[HUAWEI-wlan-mesh-handover-handover] quit
[HUAWEI-wlan-mesh-prof-test] mesh-handover-profile handover
16.26 mesh-id
Function
The mesh-id command sets a Mesh ID for a Mesh profile.
The undo mesh-id command restores the Mesh ID of a Mesh profile to the
default value.
By default, the Mesh ID of a Mesh profile is HUAWEI-WLAN-MESH.
Format
mesh-id name
undo mesh-id
Parameters
name Specifies the Mesh ID of a Mesh profile. The value is a string

of 1 to 32 case-
It does not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
Views
Mesh profile view
Default Level
Usage Guidelines
The Mesh ID of a Mesh profile is similar to the SSID. On a Mesh network, AP
radios discover available Mesh services of other APs based on the Mesh ID.
a Mesh profile.

Example
[HUAWEI] wlan
16.27 mesh-profile
Function
The mesh-profile command creates a Mesh profile or displays the Mesh profile
view.
The undo mesh-profile command deletes a Mesh profile.
By default, the system provides the Mesh profile default.
Format
mesh-profile name profile-name
undo mesh-profile { all | name profile-name }
Parameters
name profile- Specifies the name of a Mesh profile. The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all Mesh profiles. -

NOTE
The Mesh profile default cannot be deleted.
Views
WLAN view
Default Level

Usage Guidelines
Usage Scenario
After a Mesh profile is applied to an AP radio, Mesh VAPs are created on the radio.
a Mesh profile.
Example
[HUAWEI] wlan
16.28 mesh-profile (WLAN radio interface view)
Function
The mesh-profile command binds a Mesh profile to an AP radio.
The undo mesh-profile command unbinds a Mesh profile from an AP radio.
By default, no Mesh profile is bound to an AP radio.
Format
mesh-profile profile-name [ index index ]
undo mesh-profile
Parameters
profile-name Specifies the name of the Mesh profile to The Mesh profile
be bound to an AP radio. must exist.
index index Specifies the index of the Mesh profile. The value is an
integer that can be
0 or 1. The default
value is 0. If this
parameter is not
specified, the
default value is
used.

Views
Default Level
Usage Guidelines
Usage Scenario
After a Mesh profile is bound to an AP radio, a Mesh VAP will be generated on the
AP radio to provide Mesh services for users.
When each train travels on a fixed line, bind only one Mesh profile to a radio on a
vehicle-mounted AP so that the AP can connect to trackside APs, without the need
to specify index index.
When a train switch between lines, bind multiple Mesh profiles to a radio on a
vehicle-mounted AP. In this manner, the vehicle-mounted AP can connect to
trackside APs on different lines. You need to specify index index. A vehicle-
mounted AP attempts to set up links with trackside APs configured in the
corresponding Mesh profiles by the order in which the profiles are referenced. If
the link setup fails after the probe interval elapses, the vehicle-mounted AP
attempts to set up a links using the next Mesh profile. If the vehicle-mounted AP
fails to set up with trackside APs using any Mesh profile, the AP initiates link setup
again by the order in which the profiles are referenced until a link is successfully
set up.
Prerequisites
A Mesh profile has been created and properly configured.
Precautions
Among the VAPs created after a Mesh profile is bound to an AP radio, the VAP
with the WLAN ID 16 cannot be occupied.
To allow APs to attempt to set up links using different Mesh profiles, configure the
Mesh handover function in each Mesh profile.
Example
# Bind the Mesh profile test to radio 0 of an AP.
[HUAWEI-Wlan-Radio0/0/0] mesh-profile test
16.29 mesh-proxy onboard-equip

Function
The mesh-proxy onboard-equip command adds a proxied vehicle-mounted
device on the vehicle-mounted AP.

The undo mesh-proxy onboard-equip command removes a proxied vehicle-

mounted device from the vehicle-mounted AP.
By default, no proxied vehicle-mounted device is added on the vehicle-mounted
AP.
Format
mesh-proxy onboard-equip mac-address mac-address vlan vlan-id
undo mesh-proxy onboard-equip mac-address { mac-address | all }
Parameters
mac-address Specifies the MAC The value is in H-H-H format. An H

mac-address address of a proxied is a hexadecimal number of 4 digits.
vehicle-mounted device. The MAC address cannot be FFFF-
FFFF-FFFF, 0000-0000-0000, or a
vlan vlan-id Specifies the VLAN ID of The value is an integer that ranges
a proxied vehicle- from 1 to 4094.
mounted device.
all Removes all proxied -

vehicle-mounted
devices.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
As a train moves forward, the vehicle-mounted AP keeps switching connections
with trackside APs. After switching the active Mesh link to a trackside AP, the
vehicle-mounted AP broadcasts an RARP message carrying MAC addresses of the
proxied vehicle-mounted devices to the ground network device (such as a gateway
device). After receiving the message, the ground network device updates the MAC
forwarding entries. In this way, data traffic from the ground network can be
forwarded to the vehicle-mounted AP through the trackside AP.
NOTE
You can add MAC addresses of a maximum of 16 proxied vehicle-mounted devices on a vehicle-
mounted AP.

Example
# Add the vehicle-mounted device with MAC address 0000-0000-0001 in VLAN
100 on the vehicle-mounted AP as a proxied device.
[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-proxy onboard-equip mac-address 0000-0000-0001 vlan 100
16.30 mesh-proxy trackside-equip

Function
The mesh-proxy trackside-equip command adds a proxied ground device on the
vehicle-mounted AP.
The undo mesh-proxy trackside-equip command removes a proxied ground

device from the vehicle-mounted AP.
By default, no proxied ground device is added on the vehicle-mounted AP.
Format
mesh-proxy trackside-equip mac-address mac-address vlan vlan-id
undo mesh-proxy trackside-equip mac-address { mac-address | all }
Parameters
mac-address Specifies the MAC The value is in H-H-H format. An H

address of a proxied is a hexadecimal number of 4 digits.
ground device. The MAC address cannot be FFFF-
FFFF-FFFF, 0000-0000-0000, or a
vlan-id Specifies the VLAN ID of The value is an integer that ranges

a proxied ground device. from 1 to 4094.
all Removes all proxied -

ground devices.
Views
WLAN view
Default Level

Usage Guidelines
Usage Scenario
When a train switches the forward direction, the working vehicle-mounted AP
broadcasts an RARP message carrying MAC addresses of the proxied ground
devices to the vehicle-mounted switch through a wired interface. After receiving
the message, the vehicle-mounted switch updates MAC forwarding entries. In this
way, the vehicle-mounted switch can forward data packets to the working vehicle-
mounted AP.
If the proxied ground devices are incorrectly configured on the vehicle-mounted
AP, the vehicle-mounted switch will forward data traffic to the vehicle-mounted
AP in dormancy state, causing service interruption.
NOTE
You can add MAC addresses of a maximum of 16 proxied ground devices on a vehicle-mounted
AP.
Example
# Add the ground device with MAC address 0000-0000-0001 in VLAN 100 on the
vehicle-mounted AP as a proxied device.
[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-proxy trackside-equip mac-address 0000-0000-0001 vlan 100
16.31 mesh-whitelist-profile
Function
The mesh-whitelist-profile command creates a Mesh whitelist profile or displays
the Mesh whitelist profile view.
The undo mesh-whitelist-profile command deletes a Mesh whitelist profile.
By default, no Mesh whitelist profile is available in the system.
Format
mesh-whitelist-profile name whitelist-name
undo mesh-whitelist-profile { all | name whitelist-name }
Parameters
name Specifies the name The value is a string of 1 to 35 case-

whitelist- of a Mesh whitelist insensitive characters. It does not contain
name profile. question marks (?) or spaces, and cannot
start or end with double quotation marks
(" ").

all Deletes all Mesh -

whitelist profiles.
Views
WLAN view
Default Level
Usage Guidelines
After a Mesh whitelist profile is created, run the peer-ap mac (Mesh whitelist
profile view) command in the Mesh whitelist profile view to add MAC addresses
of the allowed peer APs to the profile.
Example
to radio 0.
[HUAWEI] wlan
16.32 mesh-whitelist-profile (WLAN radio interface

view)
Function
The mesh-whitelist-profile command binds a Mesh whitelist profile to an AP
radio.
The undo mesh-whitelist-profile command unbinds a Mesh whitelist profile from
an AP radio.
By default, no Mesh whitelist profile is bound to an AP radio.
Format
mesh-whitelist-profile whitelist-name [ index index ]
undo mesh-whitelist-profile

Parameters
whitelist- Specifies the name of the Mesh whitelist The Mesh whitelist
name profile to be bound to an AP radio. profile must exist.
index index Specifies the index of the Mesh whitelist The value is an
profile. integer that can be
0 or 1. The default
value is 0. If this
parameter is not
specified, the
default value is
used.
Views
Default Level
Usage Guidelines
After a Mesh whitelist profile is applied to an AP radio, the AP radio can only set
up Mesh links with neighboring APs whose MAC addresses are in the Mesh
whitelist profile.
You can configure different values of index index for radios on an AP to reference
different Mesh whitelist profile. If you specify index index for multiple times in the
same radio view, the latest configuration overwrites the old one.
Example
to radio 0.
[HUAWEI] wlan

16.33 min-rssi-threshold
Function
The min-rssi-threshold command sets the minimum RSSI threshold of a Mesh
link in a Mesh handover profile.
The undo min-rssi-threshold command restores the default minimum RSSI

threshold of a Mesh link in a Mesh handover profile.
By default, the minimum RSSI threshold of a Mesh link is -60 dBm in a Mesh
handover profile.
Format
min-rssi-threshold value
undo min-rssi-threshold
Parameters
value Specifies the minimum The value is an integer that ranges

RSSI threshold of a from -90 to -20, in dBm. The default
Mesh link. value is -60.
Views
Default Level
Usage Guidelines
During a vehicle-ground fast link handover, the vehicle-mounted AP selects the
candidate link of the best quality as the active link from the candidate area (the
RSSI range of a candidate area is from the minimum RSSI threshold to the
maximum RSSI threshold of the Mesh link). An emergency handover is triggered
when the RSSI of the current active link is out of the RSSI range of the candidate
area (falls below the minimum RSSI threshold of a Mesh link or exceeds the
maximum RSSI threshold of a Mesh link).
In actual scenarios, set proper minimum and maximum RSSIs of a Mesh link
according to network deployment. Improper values result in frequent emergency
handovers or untimely handovers, degrading vehicle-ground fast link handover
performance.

Example
# Set the minimum RSSI threshold of a Mesh link to -50 dBm in the Mesh
handover profile huawei.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-handover-huawei] min-rssi-threshold -50

Function
The peer-ap mac command adds MAC addresses of neighboring APs that are
allowed to connect to an AP to a Mesh whitelist profile.
The undo peer-ap mac command deletes the MAC addresses of neighboring APs
from a Mesh whitelist profile.
By default, no MAC address of a neighboring AP is added to a Mesh whitelist

profile.
Format
peer-ap mac mac-address
undo peer-ap mac mac-address
Parameters
mac-address Specifies the MAC address of a The value is in H-H-

neighboring AP to be added to a Mesh H format. An H is a
whitelist profile. hexadecimal
number of 4 digits.
Views
Mesh whitelist profile view
Default Level
Usage Guidelines
Usage Scenario
After a Mesh whitelist profile is created, you can run the peer-ap mac command
to add neighboring APs' MAC addresses to the profile.

If a Mesh whitelist profile is bound to a Mesh profile, only APs with MAC
addresses in the Mesh whitelist profile can access the local AP, and other APs are
denied access.
In vehicle-ground fast handover application scenarios, you need to configure Mesh

whitelists for trackside APs and vehicle-mounted APs, which can prevent a vehicle-
mounted AP from connecting to trackside APs along a different track or a
trackside AP from connecting to the vehicle-mounted AP along a different track.
Precautions
A maximum of 512 MAC addresses can be added to a Mesh whitelist.
Example
to radio 0.
[HUAWEI] wlan
16.35 priority-map dscp (Mesh profile view)

Function
The priority-map dscp command configures the mapping from DSCP priorities to
802.11e user priorities on the Mesh air interface.
The undo priority-map dscp command restores the default mapping from DSCP
priorities to 802.11e user priorities on the Mesh air interface.
Table 16-16 describes the mapping from DSCP priorities to 802.11e user priorities
by default.
Table 16-16 Mapping from DSCP priorities to 802.11e user priorities
DSCP Priority 802.11e User Priority
0-7 0
8-15 1
16-23 2
24-31 3
32-39 4
40-47 5

DSCP Priority 802.11e User Priority
48-55 6
56-63 7
Format
priority-map dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> dot11e dot11e-
value
undo priority-map dscp
Parameters
dscp dscp- Specifies the DSCP priority of 802.3 The value is an

value1 packets. integer that ranges
from 0 to 63. A
larger value
indicates a higher
priority.
to dscp- Specifies the DSCP priority of 802.3 The value is an

value2 packets. integer that ranges
from 0 to 63. A
larger value
indicates a higher
priority.
dot11e Specifies the 802.11e user priority. The value is an

dot11e-value integer that ranges
from 0 to 7. A larger
value indicates a
higher priority.
Views
Mesh profile view
Default Level
Usage Guidelines
On a Mesh network, you can run this command to configure the mapping from
DSCP priorities of 802.3 packets to 802.11e user priorities on the Mesh air
interface of an AP.

Example
# Map DSCP priorities 0-6 to 802.11e user priority 0 on the Mesh air interface.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] priority-map dscp 0 to 6 dot11e 0
16.36 priority-map trust (Mesh profile view)

Function
The priority-map trust command configures the priority mapping to be trusted
by the Mesh air interface.
The undo priority-map trust command restores the default priority mapping to
be trusted by the Mesh air interface.
By default, the Mesh air interface trusts the mapping from DSCP priorities to
802.11e user priorities.
Format
priority-map trust { dot1p | dscp }
undo priority-map trust
Parameters
dot1p Indicates that the Mesh air interface -

trusts the mapping from 802.1p priorities
to 802.11e user priorities.
dscp Indicates that the Mesh air interface -

trusts the mapping from DSCP priorities
to 802.11e user priorities.
Views
Mesh profile view
Default Level
Usage Guidelines
On a Mesh network, when 802.1p or DSCP priorities in data packets need to be
mapped to 802.11e user priorities and the packets are transmitted through a Mesh
link, run this command.

Example
# Configure the Mesh air interface to trust the mapping from 802.1p priorities to
802.11e user priorities.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] priority-map trust dot1p
16.37 p-n criteria

Function
The p-n criteria command sets the P/N criterion for a handover.
The undo p-n criteria command restores the default P/N criterion of a handover.
By default, the observing value in the P/N criterion is three detection times and
the qualified value is two detection times.
Format
p-n criteria observe-time observe-value qualify-time qualify-value
undo p-n criteria
Parameters
observe-time Specifies the observing The value is an integer that ranges

observe-value value in the P/N from 1 to 10. The default value is 3.
criterion. NOTE
The observing value must be greater
than or equal to the qualified value.
qualify-time Specifies the qualified The value is an integer that ranges

qualify-value value in the P/N from 1 to 10. The default value is 2.
criterion. NOTE
The observing value must be greater
than or equal to the qualified value.
Views
Default Level

Usage Guidelines
The vehicle-mounted AP determines whether a Mesh link meets handover, setup,
or teardown conditions based on multiple detection results rather than a single
detection, according to the P/N criterion. Only when there are qualify-value or
more than qualify-value qualified detections out of observe-value detections, the
Mesh link can be switched, set up, or torn down.
A smaller value of observe-value/qualify-value indicates more difficult link

handovers, setup, and teardown. Conversely, a larger value of observe-value/
qualify-value indicates easier link handovers, setup, and teardown. Set proper
values for observe-value and qualify-value according to service needs.
Example
# Set the P value in the P/N criterion to 5 and the N value to 3.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-handover-huawei] p-n criteria observe-time 5 qualify-time 3
16.38 rssi-margin
Function
The rssi-margin command sets the RSSI threshold for a Mesh link handover.
The undo rssi-margin command restores the default RSSI threshold for a Mesh
link handover.
By default, the RSSI threshold for a Mesh link handover is 10 dB.
Format
rssi-margin value
undo rssi-margin
Parameters
value Specifies the RSSI The value is an integer that ranges

threshold for a Mesh from 1 to 70, in dB. The default
link handover. value is 10.
Views

Default Level
Usage Guidelines
A common handover is triggered when the following conditions are met: The RSSI
of a candidate link is in the RSSI range of the candidate area, the RSSI difference
between the candidate link and current active link is greater than or equal to the
RSSI threshold for a Mesh link handover, and the serving time of the current active
link is longer than or equal to the link holding time. In actual scenarios, set the
proper RSSI threshold for a Mesh link handover. If the RSSI threshold is set too
large, the active Mesh link cannot be switched in a timely manner. If the RSSI
threshold is set too small, emergency handovers repeatedly occur, degrading
vehicle-ground fast link handover performance.
Example
# Set the RSSI threshold of a Mesh link handover to 20 dB in the Mesh handover
profile huawei.
[HUAWEI] wlan
[HUAWEI-wlan-view] mesh-handover-profile huawei
[HUAWEI-wlan-mesh-handover-huawei] rssi-margin 20
16.39 security-profile (Mesh profile view)

Function
The security-profile command binds a security profile to a Mesh profile.
The undo security-profile command restores the default security profile bound to
a Mesh profile.
By default, the security profile default-mesh is bound to a Mesh profile.
Format
security-profile profile-name
undo security-profile
Parameters
profile-name Specifies the name of the security profile The security profile
bound to a Mesh profile. must exist.
Views
Mesh profile view

Default Level
Usage Guidelines
Usage Scenario
Before a Mesh profile is applied to an AP radio to establish Mesh links, the Mesh
profile must have a security profile bound to ensure Mesh link security.
Precautions
After a security profile is bound to a Mesh profile, the authentication policy and
encryption mode in the security profile cannot be changed, but the authentication
key can be changed.
A Mesh profile can only have one security profile bound. If you run the command
multiple times in the same Mesh profile view, the latest configuration overwrites
the old one.
Example
# Create the security profile sec and set the security policy to WPA2+PSK+AES.
Create the Mesh profile test and bind the security profile to the Mesh profile.
[HUAWEI] wlan
[HUAWEI-wlan-view] security-profile name sec
[HUAWEI-wlan-sec-prof-sec] security wpa2 psk pass-phrase password@123 aes
[HUAWEI-wlan-sec-prof-sec] quit
[HUAWEI-wlan-mesh-prof-test] security-profile sec
16.40 switch-probe-interval
Function
The switch-probe-interval command specifies the Mesh handover probe interval.
The undo switch-probe-interval command restores the default Mesh handover

probe interval.
The default Mesh handover probe interval is 60 seconds.
Format
switch-probe-interval interval
undo switch-probe-interval

Parameters
interval Specifies the Mesh handover probe The value is an

interval. integer that ranges
from 10 to 300, in
seconds.
Views
Mesh profile view
Default Level
Usage Guidelines
In vehicle-ground communication scenarios, if a train switches its traveling line,
configure Mesh parameters for vehicle-mounted APs that may switch between
multiple lines. This ensures normal vehicle-ground communication. A vehicle-
mounted AP attempts to set up links with trackside APs configured in the
corresponding Mesh profile by the order in which the profiles are referenced. If the
link setup fails after the probe interval elapses, the vehicle-mounted AP attempts
to set up a links using the next Mesh profile. If the vehicle-mounted AP fails to set
up with trackside APs using any Mesh profile, the AP initiates link setup again by
the order in which the profiles are referenced until a link is successfully set up.
Example
# Create the Mesh profile test and set the Mesh handover probe interval to 15
seconds.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-prof-test] switch-probe-interval 15
16.41 urgent-handover low-rate

Function
The urgent-handover low-rate command sets the minimum rate threshold for an
emergency handover and the minimum rate holding time.
The undo urgent-handover low-rate command restores the minimum rate
threshold for an emergency handover and minimum rate holding time to default
values.
By default, the minimum rate threshold for an emergency handover is 10 Mbit/s
and the minimum rate holding time is 2000 ms.

Format
urgent-handover low-rate threshold rate-value period time
undo urgent-handover low-rate
Parameters
threshold Specifies the minimum The value is an integer that ranges

rate-value rate threshold for an from 1 to 1300, in Mbit/s. The
emergency handover. default value is 10.
period time Specifies the minimum The value is an integer that ranges
rate holding time. from 0 to 10000, in milliseconds. The
Views
Default Level
Usage Guidelines
In certain scenarios (for example, when fast frequency offset occurs), a link has a
high RSSI but a very low rate. If a link handover is not implemented in these
scenarios, vehicle-ground communications will be affected. If the link rate has
fallen below the minimum rate threshold and stayed in this low-speed state
longer than the minimum rate holding time, the vehicle-mounted AP implements
an emergency handover to switch the active link.
NOTE
rate-value refers to the packet transmission rate on the air interface. In actual situations, the
rate depends on the radio type, channel bandwidth, GI mode, and spatial streams. For details
about the rate ranges supported by different protocols, see the corresponding IEEE802.11
protocol document. Set a proper low rate threshold based on actual requirements.
Example
# Set the minimum rate threshold for an emergency handover to 20 Mbit/s and
the minimum rate holding time to 1000 ms in the Mesh handover profile huawei
[HUAWEI] wlan
[HUAWEI-wlan-mesh-handover-huawei] urgent-handover low-rate threshold 20 period 1000

16.42 urgent-handover punishment

Function
The urgent-handover punishment command sets penalty parameters for an
emergency handover.
The undo urgent-handover punishment command restores default penalty
parameters for an emergency handover.
By default, the penalty period for an emergency handover is 2000 ms and the
penalty level is 10 dB.
Format
urgent-handover punishment period time rssi value
undo urgent-handover punishment
Parameters
period time Specifies the penalty The value is an integer that ranges
period for an emergency from 0 to 10000, in milliseconds. The
handover. default value is 2000.
rssi value Specifies the penalty The value is an integer that ranges
level for an emergency from 0 to 50, in dB. The default
handover. value is 10.
Views
Default Level
Usage Guidelines
An emergency handover may occur when the radio environment is unstable or a
trackside AP fails. To prevent back and forth handovers between trackside APs
(ping-pong handovers), you can configure penalty parameters for an emergency
handover. The penalty parameters include the penalty period and penalty level.
When an emergency handover occurs, the vehicle-mounted AP disconnects the
active link from a trackside AP. If the RSSI of the trackside AP falls within the RSSI
range of the candidate area before the penalty period expires, the vehicle-
mounted AP deducts the penalty level from the RSSI of the trackside AP before
making handover calculations based on the handover algorithm.

Example
# Set the penalty period for an emergency handover to 1000 ms and penalty level
to 20 dB in the Mesh handover profile huawei.
[HUAWEI] wlan
[HUAWEI-wlan-mesh-handover-huawei] urgent-handover punishment period 1000 rssi 20

Fat AP and Cloud AP 17 Hotspot2.0 Configuration Commands (Common
17 Hotspot2.0 Configuration
About This Chapter
17.1 cellular-network-profile
17.2 cellular-network-profile (Hotspot2.0 profile view)
17.3 connection-capability-profile
17.4 connection-capability-profile (Hotspot2.0 profile view)
17.5 connection-capability
17.6 display cellular-network-profile
17.7 display connection-capability-profile
17.8 display hotspot2-profile
17.9 display nai-realm-profile
17.10 display operating-class-profile
17.11 display operator-domain-profile
17.12 display operator-name-profile
17.13 display references cellular-network-profile
17.14 display references connection-capability-profile
17.15 display references hotspot2-profile
17.16 display references nai-realm-profile
17.17 display references operating-class-profile
17.18 display references operator-domain-profile
17.19 display references operator-name-profile
17.20 display references roaming-consortium-profile

17.21 display references venue-name-profile

17.22 display roaming-consortium-profile
17.23 display venue-name-profile
17.24 domain-name
17.25 hessid
17.26 hotspot2-profile
17.27 hotspot2-profile (VAP profile view)
17.28 ipv4-address-avail
17.29 nai-realm-profile
17.30 nai-realm-profile (Hotspot2.0 profile view)
17.31 nai-realm
17.32 network-authen-type
17.33 network-type
17.34 operating-class-indication
17.35 operating-class-profile
17.36 operating-class-profile (Hotspot2.0 profile view)
17.37 operator-domain-profile
17.38 operator-domain-profile (Hotspot2.0 profile view)
17.39 operator-friendly-name
17.40 operator-name-profile
17.41 operator-name-profile (Hotspot2.0 profile view)
17.42 p2p-cross-connect disable
17.43 plmn-id
17.44 roaming-consortium-oi
17.45 roaming-consortium-profile
17.46 roaming-consortium-profile (Hotspot2.0 profile view)
17.47 venue-name-profile
17.48 venue-name-profile (Hotspot2.0 profile view)
17.49 venue-name
17.50 venue-type

17.1 cellular-network-profile
Function
The cellular-network-profile command creates a cellular network profile or
displays the view of an existing cellular network profile.
The undo cellular-network-profile command deletes a cellular network profile.
By default, no cellular network profile exists in the system.
Format
cellular-network-profile name profile-name
undo cellular-network-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a cellular network The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Delete all cellular network profiles. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
You can configure Hotspot 2.0 services on cellular networks. When connecting to
the networks, user terminals can obtain network information from APs, which
helps them to select desired networks.

Follow-up Procedure
Run the plmn-id command to configure the PLMN identifier and run the cellular-
network-profile (Hotspot2.0 profile view) command to bind the cellular
network profile to a Hotspot2.0 profile to make the cellular network profile take
effect.
Precautions
The device supports a maximum of 32 cellular network profiles.
Example
# Create the cellular network profile cellular-network-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] cellular-network-profile name cellular-network-profile1
[HUAWEI-wlan-cellular-network-prof-cellular-network-profile1]
17.2 cellular-network-profile (Hotspot2.0 profile view)

Function
The cellular-network-profile command binds a cellular network profile to a
Hotspot2.0 profile.
The undo cellular-network-profile command unbinds a cellular network profile

from a Hotspot2.0 profile.
By default, no cellular network profile is bound to a Hotspot2.0 profile.
Format
cellular-network-profile profile-name
undo cellular-network-profile
Parameters
profile-name Specifies the name of a cellular network The cellular network

profile. profile must exist.
Views
Hotspot2.0 profile view
Default Level

Usage Guidelines
Usage Scenario
You can configure Hotspot 2.0 services on a cellular network. When connecting to
the network, user terminals need to obtain the cellular network identifier (3GPP
Cellular PLMN) from APs to select desired networks. You can run the cellular-
network-profile command to create a cellular network profile and the plmn-id
command to configure the Public Land Mobile Network (PLMN) identifier of the
network operator, and then bind the cellular network profile to a Hotspot 2.0
profile to make the configuration take effect.
Example
# Bind cellular network profile cellular-network-profile1 to the Hotspot 2.0
profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-view] hotspot2-profile name hotspot
[HUAWEI-wlan-hotspot2-prof-hotspot] cellular-network-profile cellular-network-profile1
17.3 connection-capability-profile
Function
The connection-capability-profile command creates a connection capability
profile or displays the view of an existing connection capability profile.
The undo connection-capability-profile command deletes a connection
capability profile.
By default, no connection capability profile exists in the system.
Format
connection-capability-profile name profile-name
undo connection-capability-profile { name profile-name | all }

Parameters
name profile- Specifies the name of a connection The value is a string

name capability profile. of 1 to 35 case-
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all connection capability profiles. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
You can configure Hotspot2.0 services for networks. When user terminals connect
to the networks, they can obtain network connection capability information from
APs, including allowed protocols and ports, which helps them to select desired
networks.
Follow-up Procedure
Run the connection-capability-profile (Hotspot2.0 profile view) command to

bind the connection capability profile to a Hotspot2.0 profile so that the
connection capability profile can take effect.
Precautions
The device supports a maximum of 32 connection capability profiles.
Example
# Create the connection capability profile connection-capability-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] connection-capability-profile name connection-capability-profile1
[HUAWEI-wlan-co-cap-prof-connection-capability-profile1]

17.4 connection-capability-profile (Hotspot2.0 profile

view)
Function
The connection-capability-profile command binds a connection capability profile
to a Hotspot2.0 profile.
The undo connection-capability-profile command unbinds a connection

capability profile from a Hotspot2.0 profile.
By default, no connection capability profile is bound to a Hotspot2.0 profile.
Format
connection-capability-profile profile-name
undo connection-capability-profile
Parameters
profile-name Specifies the name of a connection The connection

capability profile. capability profile
must exist.
Views
Default Level
Usage Guidelines
Usage Scenario
to the networks, they can obtain network connection capability information from
APs, including allowed protocols and ports, which helps them to select desired
networks. You can run the connection-capability-profile command to create a
connection capability profile and run the connection-capability command to set
whether networks support specific IP protocols and ports. After that, you bind the
connection capability profile to a Hotspot2.0 profile.

Example
# Bind the connection capability profile connection-capability-profile1 to the
Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] connection-capability-profile connection-capability-profile1
17.5 connection-capability
Function
The connection-capability command sets whether Hotspot2.0 networks support
common IP protocols and ports.
The undo connection-capability command restores the default setting.
By default, no supported protocol is specified in a connection capability profile.
Format
connection-capability { esp | icmp | tcp-ftp | tcp-http | tcp-pptp-vpn | tcp-ssh |
tcp-tls-vpn | tcp-voip | udp-ike2-4500 | udp-ike2-500 | udp-voip } { on | off }
undo connection-capability { esp | icmp | tcp-ftp | tcp-http | tcp-pptp-vpn |

tcp-ssh | tcp-tls-vpn | tcp-voip | udp-ike2-4500 | udp-ike2-500 | udp-voip }
Parameters
esp Sets the supported protocol to ESP and -

port number to 0.
icmp Sets the supported protocol to ICMP and -

port number to 0.
tcp-ftp Sets the supported protocol to FTP and -

port number to 20.
FTP is not a secure protocol, and it is not
recommended.
tcp-http Sets the supported protocol to HTTP and -

port number to 80.
HTTP is not a secure protocol, and it is
not recommended.
tcp-pptp-vpn Sets the protocol for VPN services to -

PPTP and port number to 1723.
tcp-ssh Sets the supported protocol to SSH. -

tcp-tls-vpn Sets the supported protocol to the TLS -

VPN protocol and port number to 443.
tcp-voip Sets the supported protocol to the TCP -

VoIP protocol and port number to 5060.
udp- Sets the supported protocol to the IKEv2 -

ike2-4500 protocol and port number to 4500.
udp-ike2-500 Sets the supported protocol to the IKEv2 -

protocol and port number to 500.
udp-voip Sets the supported protocol to the UDP -

VoIP protocol and port number to 5060.
on Supports specified IP protocols and ports. -
off Indicates that specified IP protocols and -

ports are not supported.
Views
Connection capability profile view
Default Level
Usage Guidelines
You can run the connection-capability command to set whether Hotspot2.0
networks support common IP protocols and ports.
You can use the connection-capability command to set multiple supported
protocols at the same time.
Example
# Set the supported protocol to ICMP.
[HUAWEI] wlan
[HUAWEI-wlan-view] connection-capability-profile name connection-capability-profile1
[HUAWEI-wlan-co-cap-prof-connection-capability-profile1] connection-capability icmp on
17.6 display cellular-network-profile

Function
The display cellular-network-profile command displays information about a
cellular network profile.

Format
display cellular-network-profile { all | name profile-name }
Parameters
cellular network profiles.
name profile-name Displays information about a The cellular network

specified cellular network profile. profile must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display cellular-network-profile command to view information
about cellular network profiles.
Example
# Display information about all cellular network profiles.
<HUAWEI> display cellular-network-profile all
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
cellular-network-profile1 1
-------------------------------------------------------------------------------
Total: 1
Table 17-1 Description of the display cellular-network-profile all command

output
Item Description
Profile name Name of a cellular network profile.
Reference Number of times a cellular network

# Display information about the cellular network profile cellular-network-

profile1.
<HUAWEI> display cellular-network-profile name cellular-network-profile1
-------------------------------------------------------------------------------

Index PLMN ID
-------------------------------------------------------------------------------
0 10001
-------------------------------------------------------------------------------
Total: 1
Table 17-2 Description of the display cellular-network-profile name profile-

name command output
Item Description
Index Index.
PLMN ID Public land mobile network (PLMN)

ID.
plmn-id command.
17.7 display connection-capability-profile

Function
The display connection-capability-profile command displays information about
a connection capability profile.
Format
display connection-capability-profile { all | name profile-name }
Parameters

connection capability profiles.
name profile-name Displays information about a The connection

specified connection capability capability profile must
profile. exist.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can run the display connection-capability-profile command to view
information about connection capability profiles.
Example
# Display information about all connection capability profiles.
<HUAWEI> display connection-capability-profile all
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
connection-capability-profile1 1
-------------------------------------------------------------------------------
Total: 1
Table 17-3 Description of the display connection-capability-profile all

command output
Item Description
Profile name Name of a connection capability

profile.
Reference Number of times a connection

capability profile is referenced.
# Display information about the connection capability profile connection-

capability-profile1.
<HUAWEI> display connection-capability-profile name connection-capability-profile1
-------------------------------------------------------------------------------
ESP :-
ICMP : on
TCP-FTP :-
TCP-HTTP :-
TCP-PPTP-VPN :-
TCP-SSH :-
TCP-TLS-VPN :-
TCP-VoIP :-
UDP-IKEv2 port 4500 : -
UDP-IKEv2 port 500 :-
UDP-VoIP :-
-------------------------------------------------------------------------------
Table 17-4 Description of the display connection-capability-profile name

profile-name command output
Item Description
ESP Whether ESP (port number 0) is

supported.
connection-capability command.

Item Description
ICMP Whether ICMP (port number 0) is

supported.
TCP-FTP Whether FTP (port number 20) is

supported.
TCP-HTTP Whether HTTP (port number 80) is

supported.
TCP-PPTP-VPN Whether PPTP for VPN services (port

number 1723) is supported.
TCP-SSH Whether SSH is supported.

TCP-TLS-VPN Whether TLS VPN (port number 443)

is supported.
TCP-VoIP Whether TCP VoIP (port number 5060)

is supported.
UDP-IKEv2 port 4500 Whether IKEv2 (port number 4500) is

supported.
UDP-IKEv2 port 500 Whether IKEv2 (port number 500) is

supported.
UDP-VoIP Whether UDP VoIP (port number

5060) is supported.

17.8 display hotspot2-profile

Function
The display hotspot2-profile command displays the configuration of a
Hotspot2.0 profile.
Format
display hotspot2-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a Hotspot2.0 The Hotspot2.0

name profile. profile must exist.
all Displays all Hotspot2.0 profiles. -
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
When configuring Hotspot2.0 services, you can run this command to view the
configuration of Hotspot2.0 profiles.
Example
# Display all Hotspot2.0 profiles on a device.
<HUAWEI> display hotspot2-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
hotspot 1
--------------------------------------------------------------------------------
Total: 1

Table 17-5 Description of the display hotspot2-profile all command output

Item Description
Profile name Name of a Hotspot2.0 profile.
Reference Number of times a Hotspot2.0 profile

is referenced.
# Display the configuration of the Hotspot2.0 profile hotspot.

<HUAWEI> display hotspot2-profile name hotspot
--------------------------------------------------------------------------------
Network type : public-free
Internet access : enable
Venue group code :3
Venue type code :3
HESSID : 00e0-fc50-89e0
IPv4 address availability : available
Network authentication type : online-enroll
Redirect URL :
P2P information element : disable
cellular-network-profile : cellular-network-profile1
connection-capability-profile : connection-capability-profile1
operator-name-profile : operator-name-profile1
operating-class-profile : operating-class-profile1
operator-domain-profile : operator-domain-profile1
NAI-realm-profile : nai-realm-profile1
venue-name-profile : venue-name-profile1
roaming-consortium-profile : roaming-consortium-profile1
--------------------------------------------------------------------------------
Table 17-6 Description of the display hotspot2-profile name profile-name

command output
Item Description
Network type Type of a Hotspot2.0 network.

network-authen-type command.
Internet access Whether Hotspot2.0 networks support

Internet access.
Venue group code Venue group code of a Hotspot2.0

network.
venue-type command.
Venue type code Venue type code of a Hotspot2.0

network.
venue-type command.

Item Description
HESSID HESSID of a Hotspot2.0 network.

hessid command.
IPv4 address availability Types of IPv4 addresses on a

Hotspot2.0 network.
ipv4-address-avail command.
Network authentication type Hotspot2.0 network authentication

type.
Redirect URL Redirect URL if the Hotspot2.0

network authentication type is set to
Portal authentication.
P2P information element Whether a Hotspot2.0 network allows

for P2P device cross connections.
p2p-cross-connect disable command.
cellular-network-profile Cellular network profile bound to a

Hotspot2.0 profile.
cellular-network-profile (Hotspot2.0
connection-capability-profile Connection capability profile bound to

a Hotspot2.0 profile.
connection-capability-profile
(Hotspot2.0 profile view) command.
operator-name-profile Operator name profile bound to a

Hotspot2.0 profile.
operator-name-profile (Hotspot2.0
operating-class-profile Operating class profile bound to a

Hotspot2.0 profile.
operating-class-profile (Hotspot2.0

Item Description
operator-domain-profile Operator domain profile bound to a

Hotspot2.0 profile.
operator-domain-profile (Hotspot2.0
NAI-realm-profile NAI realm profile bound to a

Hotspot2.0 profile.
nai-realm-profile (Hotspot2.0 profile
view) command.
venue-name-profile Venue name profile bound to a

Hotspot2.0 profile.
venue-name-profile (Hotspot2.0
roaming-consortium-profile Roaming consortium profile bound to

a Hotspot2.0 profile.
roaming-consortium-profile
(Hotspot2.0 profile view) command.
17.9 display nai-realm-profile

Function
The display nai-realm-profile command displays the configuration of a NAI
realm profile.
Format
display nai-realm-profile { all | name profile-name }
Parameters
all Displays all NAI realm profiles. -
name profile- Displays the configuration of a specified The NAI realm

name NAI realm profile. profile must exist.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the command to view the configuration of NAI realm profiles.
Example
# Display the configuration of all NAI realm profiles.
<HUAWEI> display nai-realm-profile all
------------------------------------------------------------
------------------------------------------------------------
nai-realm-profile1 1
------------------------------------------------------------
Total: 1
Table 17-7 Description of the display nai-realm-profile all command output
Item Description
Profile name Name of a NAI realm profile.
Reference Number of times a NAI realm profile is

referenced.
# Display the configuration of the NAI realm profile nai-realm-profile1.

<HUAWEI> display nai-realm-profile name nai-realm-profile1
--------------------------------------------------------------------------------
Index Method ID/Parameter Realm-name
--------------------------------------------------------------------------------
0 All -/- attwireless.com
--------------------------------------------------------------------------------
Table 17-8 Description of the display nai-realm-profile name profile-name

command output
Item Description
Index Index of a NAI realm member.
Method Extensible Authentication Protocol

(EAP) authentication method of a NAI
realm.
nai-realm command.
ID/Parameter EAP authentication ID and parameters

of a NAI realm.
nai-realm command.

Item Description
Realm-name Name of a NAI realm.

nai-realm command.
17.10 display operating-class-profile

Function
The display operating-class-profile command displays the configuration of an
operating class profile.
Format
display operating-class-profile { all | name profile-name }
Parameters
all Displays the configuration of all -

operating class profiles.
name profile- Displays the configuration of a specified The operating class

name operating class profile. profile must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the command to view the configuration of operating class profiles.
Example
# Display the configuration of all operating class profiles.
<HUAWEI> display operating-class-profile all
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
operating-class-profile1 1
-------------------------------------------------------------------------------
Total: 1

Table 17-9 Description of the display operating-class-profile all command

output
Item Description
Profile name Name of an operating class profile.
Reference Number of times an operating class

# Display the configuration of the operating class profile operating-class-

profile1.
<HUAWEI> display operating-class-profile name operating-class-profile1
-------------------------------------------------------------------------------
Operating class indication:
95
-------------------------------------------------------------------------------
Total: 1
Table 17-10 Description of the display operating-class-profile name profile-

name command output
Item Description
Operating class indication Operating class indication configured

in the profile.
operating-class-indication command.
17.11 display operator-domain-profile

Function
The display operator-domain-profile command displays the configuration of an
operator domain profile.
Format
display operator-domain-profile { all | name profile-name }
Parameters
all Displays the configuration of all operator -

domain profiles.

name profile- Displays the configuration of a specified The operator

name operator domain profile. domain profile must
exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the command to view the configuration of operator domain profiles.
Example
# Display the configuration of all operator domain profiles.
<HUAWEI> display operator-domain-profile all
------------------------------------------------------------
------------------------------------------------------------
operator-domain-profile1 1
------------------------------------------------------------
Total: 1
Table 17-11 Description of the display operator-domain-profile all command

output
Item Description
Profile name Name of an operator domain profile
Reference Number of times an operator domain

# Display the configuration of the operator domain profile operator-domain-

profile1.
<HUAWEI> display operator-domain-profile name operator-domain-profile1
------------------------------------------------------------
Index Domain name
------------------------------------------------------------
0 attwireless.com
------------------------------------------------------------

Table 17-12 Description of the display operator-domain-profile name profile-

name command output
Item Description
Index Index of an operator domain
Domain name Name of an operator domain.

17.12 display operator-name-profile

Function
The display operator-name-profile command displays information about an
operator name profile.
Format
display operator-name-profile { all | name profile-name }
Parameters
operator name profiles.
name profile-name Displays information about a The operator name

specified operator name profile. profile must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display operator-name-profile command to view information
about an operator name profile.
Example
# Display information about all operator name profiles.

<HUAWEI> display operator-name-profile all

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
operator-name-profile1 1
--------------------------------------------------------------------------------
Total: 1
Table 17-13 Description of the display operator-name-profile all command

output
Item Description
Profile name Name of an operator name profile.
Reference Number of times an operator name

# Display information about the operator name profile operator-name-profile1.

<HUAWEI> display operator-name-profile name operator-name-profile1
--------------------------------------------------------------------------------
Index Language-code Name
--------------------------------------------------------------------------------
0 en att
--------------------------------------------------------------------------------
Table 17-14 Description of the display operator-name-profile name profile-

name command output
Item Description
Index Index of a friendly operator name.
Language-code Language type.

operator-friendly-name command.
Name Friendly operator name.

operator-friendly-name command.
17.13 display references cellular-network-profile

Function
The display references cellular-network-profile command displays reference
information about a cellular network profile.
Format
display references cellular-network-profile name profile-name

Parameters
name profile-name Displays reference information The cellular network
about a specified cellular network profile must exist.
profile.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references cellular-network-profile command to view
reference information about a cellular network profile.
Example
# Display reference information about the cellular network profile cellular-
network-profile1.
<HUAWEI> display references cellular-network-profile name cellular-network-profile1
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
hotspot2-profile hotspot
-------------------------------------------------------------------------------
Total: 1
Table 17-15 Description of the display references cellular-network-profile

command output
Item Description
Reference type Type of the profile to which the

cellular network profile is bound.
Reference name Name of the profile to which the

cellular network profile is bound.
17.14 display references connection-capability-profile

Function
The display references connection-capability-profile command displays
reference information about a connection capability profile.

Format
display references connection-capability-profile name profile-name
Parameters

name profile-name Displays reference information The connection capability
about a specified connection profile must exist.
capability profile.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references connection-capability-profile command to
view reference information about a connection capability profile.
Example
# Display reference information about the connection capability profile
connection-capability-profile1.
<HUAWEI> display references connection-capability-profile name connection-capability-profile1
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Total: 1
Table 17-16 Description of the display references connection-capability-profile

command output
Item Description

connection capability profile is bound.

connection capability profile is bound.

17.15 display references hotspot2-profile

Function
The display references hotspot2-profile command displays reference information
about a Hotspot2.0 profile.
Format
display references hotspot2-profile name profile-name
Parameters
name profile- Specifies the name of a Hotspot2.0 The Hotspot2.0

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
When configuring Hotspot2.0 services, you can run this command to view
reference information about a Hotspot2.0 profile.
Example
# Display reference information about the Hotspot2.0 profile hotspot.
<HUAWEI> display references hotspot2-profile name hotspot
-------------------------------------------------------------------
-------------------------------------------------------------------
VAP profile vap-profile1
-------------------------------------------------------------------
Total:1

Table 17-17 Description of the display references hotspot2-profile name profile-

name command output
Item Description

Hotspot2.0 profile is bound.
● VAP profile. To configure it, run the
hotspot2-profile (VAP profile
view) command.

Hotspot2.0 profile is bound.
To configure it, run the hotspot2-
profile (VAP profile view) command.
17.16 display references nai-realm-profile

Function
The display references nai-realm-profile command displays reference
information about a NAI realm profile.
Format
display references nai-realm-profile name profile-name
Parameters
name profile- Displays reference information about a The NAI realm

name specified NAI realm profile. profile must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the command to view reference information about a NAI realm
profile.

Example
# Display reference information about the NAI realm profile nai-realm-profile1.
<HUAWEI> display references nai-realm-profile name nai-realm-profile1
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Total: 1
Table 17-18 Description of the display references nai-realm-profile command

output
Item Description
Reference type Type of the profile to which the NAI

realm profile is bound.
Reference name Name of the profile to which the NAI

realm profile is bound.
17.17 display references operating-class-profile

Function
The display references operating-class-profile command displays reference
information about an operating class profile.
Format
display references operating-class-profile name profile-name
Parameters
name profile- # Display reference information about a The operating class

name specified operating class profile. profile must exist.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
You can run the command to view reference information about an operating class
profile.
Example
# Display reference information about the operating class profile operating-class-
profile1.
<HUAWEI> display references operating-class-profile name operating-class-profile1
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Total: 1
Table 17-19 Description of the display references operating-class-profile

command output
Item Description

operating class profile is bound.

operating class profile is bound.
17.18 display references operator-domain-profile

Function
The display references operator-domain-profile command displays reference
information about an operator domain profile.
Format
display references operator-domain-profile name profile-name
Parameters
name profile- Displays reference information about a The operator

name specified operator domain profile. domain profile must
exist.
Views
All views

Default Level
1: Monitoring level
Usage Guidelines
You can run the command to view reference information about an operator
domain profile.
Example
# Display reference information about the operator domain profile operator-
domain-profile1.
<HUAWEI> display references operator-domain-profile name operator-domain-profile1
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Total: 1
Table 17-20 Description of the display references operator-domain-profile

command output
Item Description

operator domain profile is bound.

operator domain profile is bound.
17.19 display references operator-name-profile

Function
The display references operator-name-profile command displays reference
information about an operator name profile.
Format
display references operator-name-profile name profile-name
Parameters
name profile-name Displays reference information The operator name
about a specified operator name profile must exist.
profile.

Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display references operator-name-profile command to view
reference information about an operator name profile.
Example
# Display reference information about the operator name profile operator-name-
profile1.
<HUAWEI> display references operator-name-profile name operator-name-profile1
-------------------------------------------------------------------
-------------------------------------------------------------------
-------------------------------------------------------------------
Total:1
Table 17-21 Description of the display references operator-name-profile

command output
Item Description

operator name profile is bound.

operator name profile is bound.
17.20 display references roaming-consortium-profile

Function
The display references roaming-consortium-profile command displays reference
information about a roaming consortium profile.
Format
display references roaming-consortium-profile name profile-name

Parameters
name profile- Specifies the name of a roaming The roaming

name consortium profile. consortium profile
must exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
reference information about a roaming consortium profile.
Example
# Display reference information about the roaming consortium profile roaming-
consortium-profile1.
<HUAWEI> display references roaming-consortium-profile name roaming-consortium-profile1
-------------------------------------------------------------------
-------------------------------------------------------------------
-------------------------------------------------------------------
Total:1
Table 17-22 Description of the display references roaming-consortium-profile

name profile-name command output
Item Description

roaming consortium profile is bound.
● hotspot2-profile: Hotspot2.0 profile.
To configure it, run the roaming-
consortium-profile (Hotspot2.0

roaming consortium profile is bound.
To configure it, run the roaming-
consortium-profile (Hotspot2.0

17.21 display references venue-name-profile

Function
The display references venue-name-profile command displays reference
information about a venue name profile.
Format
display references venue-name-profile name profile-name
Parameters
name profile- Specifies the name of a venue name The venue name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
reference information about a venue name profile.
Example
# Display reference information about the venue name profile venue-name-
profile1.
<HUAWEI> display references venue-name-profile name venue-name-profile1
-------------------------------------------------------------------
-------------------------------------------------------------------
-------------------------------------------------------------------
Total:1

Table 17-23 Description of the display references venue-name-profile name

Item Description
Reference type Type of the profile to which the venue

name profile is bound.
● hotspot2-profile: Hotspot2.0 profile.
To configure it, run the venue-
name-profile (Hotspot2.0 profile
view) command.

venue name profile is bound.
To configure it, run the venue-name-
profile (Hotspot2.0 profile view)
command.
17.22 display roaming-consortium-profile

Function
The display roaming-consortium-profile command displays the configuration of
a roaming consortium profile.
Format
display roaming-consortium-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a roaming The roaming

name consortium profile. consortium profile
must exist.
all Displays the configuration of all roaming -

consortium profiles.
Views
All views
Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
configuration of a roaming consortium profile.
Example
# Display the configuration of all roaming consortium profiles on a device.
<HUAWEI> display roaming-consortium-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
roaming-consortium-profile1 1
--------------------------------------------------------------------------------
Total: 1
Table 17-24 Description of the display roaming-consortium-profile all

command output
Item Description
Profile name Name of a roaming consortium profile.
Reference Number of times a roaming

consortium profile is referenced.
# Display the configuration of the roaming consortium profile roaming-

consortium-profile1.
<HUAWEI> display roaming-consortium-profile name roaming-consortium-profile1
-------------------------------------------------------------------------------
Index Roaming consortium OI In beacon
-------------------------------------------------------------------------------
0 00-11-22 Y
-------------------------------------------------------------------------------
Total: 1
Table 17-25 Description of the display roaming-consortium-profile name

Item Description
Index Index of a roaming consortium

member.
Roaming consortium OI OI of a roaming consortium member.

roaming-consortium-oi command.

Item Description
In beacon Whether Beacon and Probe Response

frames sent from APs carry OIs of
roaming consortium members.
● Y: Yes
● N: No
roaming-consortium-oi command.
17.23 display venue-name-profile

Function
The display venue-name-profile command displays the configuration of a venue
name profile.
Format
display venue-name-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a venue name The venue name
all Displays the configuration of all venue -

name profiles.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
configuration of venue name profiles.

Example
# Display the configuration of all venue name profiles on a device.
<HUAWEI> display venue-name-profile all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
venue-name-profile1 1
--------------------------------------------------------------------------------
Total: 1
Table 17-26 Description of the display venue-name-profile all command output
Item Description
Profile name Name of a venue name profile.
Reference Number of times a venue name profile

is referenced.
# Display the configuration of the venue name profile venue-name-profile1.

<HUAWEI> display venue-name-profile name venue-name-profile1
--------------------------------------------------------------------------------
Index Language code Name
--------------------------------------------------------------------------------
0 en CenterStation
--------------------------------------------------------------------------------
Table 17-27 Description of the display venue-name-profile name profile-name

command output
Item Description
Index Index of venue name information.
Language code Language type.

venue-name command.
Name Venue name.

venue-name command.
17.24 domain-name
Function
The domain-name command configures a domain name for a hotspot operator.
The undo domain-name command deletes the domain name of a hotspot

operator.

By default, no domain name is configured for a hotspot operator.
Format
domain-name domain-name
undo domain-name domain-name
Parameters
domain- Specifies the domain name of a hotspot The value is a string

name operator. of 1 to 63
characters in
compliance with
RFC1035. It does
not contain
question marks (?)
or spaces, and
cannot begin or end
with double
quotation marks ("
").
Views
Operator domain profile view
Default Level
Usage Guidelines
After a domain name is configured for a hotspot operator, terminals can query the
domain name through ANQP to select desired networks.
A maximum of 32 hotspot operator domain names can be configured using the

Example
# Configure domain name attwireless.com for a hotspot operator.
[HUAWEI] wlan
[HUAWEI-wlan-view] operator-domain-profile name operator-domain-profile1
[HUAWEI-wlan-op-domain-prof-operator-domain-profile1] domain-name attwireless.com

17.25 hessid
Function
The hessid command configures a Homogenous Extended Service Set Identifier
(HESSID) for a Hotspot2.0 network.
The undo hessid command deletes an HESSID.
By default, no HESSID is configured.
Format
hessid mac-address
undo hessid
Parameters
mac-address Specifies an HESSID. The value is in H-H-

H format. An H is a
hexadecimal
number of 4 digits.
Views
Default Level
Usage Guidelines
Usage Scenario
When multiple Hotspot2.0 networks are available, user terminals need to identify
service providers of the connected networks. An SSID is not as unique as an
HESSID, which can uniquely identify APs of the same service provider. Among the
APs, the BSSID of one AP is used as the HESSID. The HESSID is an optional
parameter in a Hotspot2.0 profile. Beacon and Probe Response frames sent from
Hotspot2.0-capable APs carry network parameter information, which helps user
terminals to determine whether network parameters need to be renewed.
Precautions
If the HESSID is configured repeatedly, only the latest HESSID takes effect.

Example
# Set the HESSID to 00e0-fc12-3456 in Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] hessid 00e0-fc12-3456
17.26 hotspot2-profile
Function
The hotspot2-profile command creates a Hotspot2.0 profile or displays the view
of an existing Hotspot2.0 profile.
The undo hotspot2-profile command deletes a Hotspot2.0 profile.
By default, no Hotspot2.0 profile is available.
Format
hotspot2-profile name profile-name
undo hotspot2-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a Hotspot2.0 The value is a string

insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all Hotspot2.0 profiles. -
Views
WLAN view
Default Level

Usage Guidelines
Usage Scenario
To configure Hotspot2.0 services, create a Hotspot2.0 profile, configure network

parameters in the Hotspot2.0 profile view, and bind the Hotspot2.0 profile to a
VAP profile.
Follow-up Procedure
Configure the network type, roaming consortium list, and NAI realm list in the
Hotspot2.0 profile and bind the Hotspot2.0 profile to a VAP profile to make the
configuration take effect.
Precautions
The device supports a maximum of 32 Hotspot2.0 profiles.
● In a Hotspot2.0 profile, network parameters and Internet access status are

mandatory and can be configured using the network-type command.
● Ensure that at least one of the following ANQP parameters is configured in a
Hotspot2.0 profile.
– Roaming consortium list: Run the roaming-consortium-profile
(Hotspot2.0 profile view) command to bind a roaming consortium
profile to the Hotspot2.0 profile.
– NAI realm list: Run the nai-realm-profile (Hotspot2.0 profile view)
command to bind a NAI realm profile to the Hotspot2.0 profile.
– 3GPP cellular network: Run the cellular-network-profile (Hotspot2.0
profile view) command to bind a cellular network profile to the
Hotspot2.0 profile.
● The following ANQP parameters are recommended.
– Roaming consortium list: Run the roaming-consortium-profile
(Hotspot2.0 profile view) command to bind a roaming consortium
profile to the Hotspot2.0 profile.
– Domain name list: Run the operator-domain-profile (Hotspot2.0
profile view) command to bind an operator domain profile to the
Hotspot2.0 profile.
Example
# Create Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot]
17.27 hotspot2-profile (VAP profile view)

Function
The hotspot2-profile command binds a Hotspot2.0 profile to a VAP profile.

The undo hotspot2-profile command unbinds a Hotspot2.0 profile from a VAP

profile.
By default, no Hotspot2.0 profile is bound to a VAP profile.
Format
hotspot2-profile profile-name
undo hotspot2-profile
Parameters
profile-name Specifies the name of a Hotspot2.0 The Hotspot2.0

Views
VAP profile view
Default Level
Usage Guidelines
Usage Scenario
You can configure network parameters through Hotspot2.0 profiles. After

Hotspot2.0 profiles are applied, user terminals can obtain network information
from APs and access the networks. After the configuration is complete, bind the
Hotspot2.0 profile to a VAP profile to make the configuration take effect.
Precautions
Hotspot2.0 services require WPA2–802.1X authentication (WPA2 enterprise

edition). Ensure that the security policy is set to WPA2–802.1X in the security
profile bound to the VAP profile.
When a VAP profile has been bound to a radio, services will be interrupted when a
Hotspot2.0 profile is bound to or unbound from the VAP profile, or parameters in
the bound Hotspot2.0 profile are modified. Exercise caution when performing this
operation.
Example
# Bind Hotspot2.0 profile hotspot to VAP profile vap-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] vap-profile name vap-profile1
[HUAWEI-wlan-vap-prof-vap-profile1] hotspot2-profile hotspot

17.28 ipv4-address-avail
Function
The ipv4-address-avail command configures available types of IPv4 addresses on
a Hotspot2.0 network.
The undo ipv4-address-avail command deletes available types of IPv4 addresses

on a Hotspot2.0 network.
By default, no available type of IPv4 addresses is configured.
Format
ipv4-address-avail { not-available | available | port-restricted [ single-nat |
double-nat ] | private { single-nat | double-nat } | unknown }
undo ipv4-address-avail
Parameters
not-available Indicates that IPv4 addresses are not -

available.
available Indicates that IPv4 addresses are -

available.
port- Indicates port restricted IPv4 addresses -

restricted are available.
[ single-nat | ● single-nat: Single-NATed and port-
double-nat ] restricted IPv4 addresses are available.
● single-nat: Double-NATed and port-
restricted IPv4 addresses are available.
private Indicates that private IPv4 addresses are -

{ single-nat | available.
double-nat } ● single-nat: Single-NATed private IPv4
addresses are available.
● double-nat: Double-NATed private
IPv4 addresses are available.
unknown Indicates that availability of the IPv4 -

address type is not known.
Views

Default Level
Usage Guidelines
Usage Scenario
When user terminals connect to a Hotspot2.0 network, Hotspot2.0 can transfer
available IPv4 address types as ANQP parameters to the user terminals through
APs. In this way, the user terminals can know the IP address types they can obtain
after connecting to the network.
Example
# Set IPv4 addresses to available in hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] ipv4-address-avail available
17.29 nai-realm-profile
Function
The nai-realm-profile command creates a NAI realm profile or displays the view
of an existing NAI realm profile.
The undo nai-realm-profile command deletes a NAI realm profile.
By default, no NAI realm profile is available in the system.
Format
nai-realm-profile name profile-name
undo nai-realm-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a NAI realm The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").

all Deletes all NAI realm profiles. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
A NAI realm profile is used to configure the network access identifier (NAI) realm
name, authentication mode, and authentication parameters for networks
accessible to users.
Precautions
The device supports a maximum of 32 NAI realm profiles.
Example
# Create NAI realm profile nai-realm-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] nai-realm-profile name nai-realm-profile1
[HUAWEI-wlan-nai-realm-prof-nai-realm-profile1]
17.30 nai-realm-profile (Hotspot2.0 profile view)

Function
The nai-realm-profile command binds a NAI realm profile to a Hotspot2.0 profile.
The undo nai-realm-profile command unbinds a NAI realm profile from a

Hotspot2.0 profile.
By default, no NAI realm profile is bound to a Hotspot2.0 profile.
Format
nai-realm-profile profile-name
undo nai-realm-profile

Parameters
profile-name Specifies the name of a NAI realm The NAI realm

Views
Default Level
Usage Guidelines
Usage Scenario
You can configure Hotspot2.0 services on a non-cellular network. When
connecting to the non-cellular network, user terminals can obtain service provider
information of the network, including the NAI realm name and authentication
mode. This facilitates terminal access. You can run the nai-realm-profile
command to create a NAI realm profile and the nai-realm command in the NAI
realm profile view to configure NAI realms, and then bind the NAI realm profile to
a Hotspot2.0 profile to make the configuration take effect.
Example
# Bind NAI realm profile nai-realm-profile1 to Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] nai-realm-profile nai-realm-profile1
17.31 nai-realm
Function
The nai-realm command configures a network access identifier (NAI) realm.
The undo nai-realm command deletes a NAI realm.
By default, no NAI realm is configured.
Format
nai-realm realm-name realm-name [ eap-method-type eap-method-type [ eap-
authen-id eap-authen-id eap-authen-para eap-authen-para ] ]
undo nai-realm realm-name realm-name [ eap-method-type eap-method-type
[ eap-authen-id eap-authen-id ] ]

Parameters
realm-name Specifies a NAI realm name. The value is a string

realm-name of 1 to 63
characters. It does
not contain
question marks (?)
or spaces, and
cannot begin or end
with double
quotation marks ("
").
eap-method- Specifies an EAP authentication mode for Enumerated value:

type eap- a NAI realm. ● eap-aka: EAP-
method-type AKA
authentication
● eap-sim: GSM
Subscriber
Identity Modules
● eap-tls: EAP-TLS
● eap-ttls: EAP-
TTLS
eap-authen- Specifies an EAP authentication ID for a The value is an

id eap- NAI realm. integer that ranges
authen-id from 0 to 255.
eap-authen- Specifies the EAP authentication The value is an

para eap- parameter of a NAI realm. integer that ranges
authen-para from 0 to 255.
Views
NAI realm profile view
Default Level
Usage Guidelines
Usage Scenario
After you configure a NAI realm, terminals can access the configured operator
network.
A maximum of 32 NAI realms can be configured using the nai-realm command.
Precautions

● If you configure the same name for NAI realms, the NAI realm with fuzzy
command configuration will overwrite the NAI realm with exact command
configuration.
For example, the nai-realm realm-name attwireless.com command
configuration will overwrite the nai-realm realm-name attwireless.com
eap-method-type eap-aka command configuration, and the nai-realm
realm-name attwireless.com eap-method-type eap-aka command
configuration will overwrite the nai-realm realm-name attwireless.com
eap-method-type eap-aka eap-authen-id 1 eap-authen-para 1 command
configuration.
● NAI realms are deleted according to the longest matching rule.
For example, the NAI realm configured using the nai-realm realm-name
attwireless.com command cannot be deleted using the undo nai-realm
realm-name attwireless.com eap-method-type eap-aka command.
Example
# Configure NAI realm attwireless.com.
[HUAWEI] wlan
[HUAWEI-wlan-view] nai-realm-profile name nai-realm-profile1
[HUAWEI-wlan-nai-realm-prof-nai-realm-profile1] nai-realm realm-name attwireless.com
17.32 network-authen-type
Function
The network-authen-type command sets a network authentication type for a
Hotspot2.0 profile.
The undo network-authen-type command deletes a network authentication

type.
By default, no network authentication type is configured.
Format
network-authen-type { acceptance [ redirect-url url ] | dns-redirection | http-
https-redirection redirect-url url | online-enroll }
undo network-authen-type
Parameters
acceptance Indicates acceptance of terms and -

conditions.
redirect-url Specifies the redirected URL address. -

url

dns- Indicates DNS redirection. -

redirection
http-https- Indicates HTTP and HTTPS redirection. -

redirection
online-enroll Indicates online enrollment. -
Views
Default Level
Usage Guidelines
Usage Scenario
Beacon and Probe Response frames sent from Hotspot2.0-capable APs carry
network parameter information, which helps user terminals to discover and select
proper networks. If the network operator requests user terminals to execute
specified actions, for example, opening a web page for Portal authentication, the
Additional Steps Required for Access (ASRA) field must be set to 1, indicating that
user terminals must implement extra authentication when connecting to a
network. You can run the network-authen-type command to specify a network
authentication type.
Example
# Set the network authentication type to online enrollment in Hotspot2.0 profile
hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] network-authen-type online-enroll
17.33 network-type
Function
The network-type command sets a network type and Internet access status in a
Hotspot2.0 profile.
The undo network-type command restores the default network type and Internet
access status.
By default, the network type is set to wildcard, and Internet access is not
supported.

Format
network-type { emergency-service | personal-device | private | private-guest |
public-chargeable | public-free | test | wildcard } [ internet-access ]
undo network-type
Parameters
emergency- Indicates an emergency service network. -

service
personal- Indicates a personal device network. -

device
private Indicates a private network. -
private- Indicates a private network with guest -

guest access.
public- Indicates a chargeable public network. -

chargeable
public-free Indicates a free public network. -
test Indicates a test network. -
wildcard Indicates a wildcard network. -
internet- Indicates that Internet access is -

access supported.
Views
Default Level
Usage Guidelines
Usage Scenario
When multiple Hotspot2.0 networks are available, user terminals need to obtain
information of each network to select the network to access. The network type
and Internet access status are mandatory in a Hotspot2.0 profile. Beacon and
Probe Response frames sent from Hotspot2.0-capable APs carry network
parameter information, which helps user terminals to discover and select proper
networks.
Precautions
If the command is executed repeatedly, only the latest configuration takes effect.

Example
# Set the network type to free public network and configure the network to
provide Internet access in Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] network-type public-free internet-access
17.34 operating-class-indication
Function
The operating-class-indication command configures an operating class
indication.
The undo operating-class-indication command deletes an operating class

indication.
By default, no operating class indication is configured in the system.
Format
operating-class-indication operating-class-value
undo operating-class-indication operating-class-value
Parameters
operating- Indicates the operating class indication. The value is an

class-value integer that ranges
from 1 to 255.
Views
Operating class profile view
Default Level
Usage Guidelines
After an operating class indication is configured, users can obtain the indication
through ANQP for network selection.
You can configure a maximum of 32 operating class indications using this

command.

Example
# Set the operating class indication to 95.
[HUAWEI] wlan
[HUAWEI-wlan-view] operating-class-profile name operating-class-profile1
[HUAWEI-wlan-op-class-prof-operating-class-profile1] operating-class-indication 95
17.35 operating-class-profile
Function
The operating-class-profile command creates an operating class profile or
displays the view of an existing operating class profile.
The undo operating-class-profile command deletes an operating class profile.
By default, no operating class profile is configured in the system.
Format
operating-class-profile name profile-name
undo operating-class-profile { name profile-name | all }
Parameters
name profile- Indicates the name of the operating class The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Indicates to delete all operating class -

profiles.
Views
WLAN view
Default Level

Usage Guidelines
Usage Scenario
The operating class profile is used to configure the operating class indication of AP
in on the hotspot2.0 network. When a STA accesses the network, it can obtain
channel information used to access a Wi-Fi frequency from AP so that the STA can
set up a connection.
Precautions
The device supports a maximum of 32 operating class profiles.
Example
# Create an operating class profile named operating-class-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] operating-class-profile name operating-class-profile1
[HUAWEI-wlan-op-class-prof-operating-class-profile1]
17.36 operating-class-profile (Hotspot2.0 profile view)

Function
The operating-class-profile command binds the specified operating class profile
to a Hotspot2.0 profile view.
The undo operating-class-profile command unbinds the specified operating class

profile from a Hotspot2.0 profile view.
By default, no operating class profile is bound to a Hotspot2.0 profile view.
Format
operating-class-profile profile-name
undo operating-class-profile
Parameters
profile-name Indicates the name of the operating class The value must be
profile. the name of an
existing operating
class profile.
Views

Default Level
Usage Guidelines
Usage Scenario
When a STA accesses a Hotspot2.0 network, it can obtain channel information
used to access a Wi-Fi frequency from the AP so that the STA can set up a
connection. Before binding an operating class profile to a Hotspot2.0 profile, you
need to run the operating-class-profile command to create an operating class
profile and run the operating-class-indication command in the profile view to
configure an operating class indication.
Example
# Bind the operating class profile operating-class-profile1 to the hotspot profile.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] operating-class-profile operating-class-profile1
17.37 operator-domain-profile
Function
The operator-domain-profile command creates a network domain name profile
or displays the view of an existing network domain name profile.
The undo operator-domain-profile command deletes a network domain name
profile.
By default, no network domain name profile is available in the system.
Format
operator-domain-profile name profile-name
undo operator-domain-profile { name profile-name | all }

Parameters
name profile- Indicates the network domain name The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Indicates to delete all network domain -

name profiles.
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
A network domain name profile is used to configure the operator domain profile.
STAs can obtain the domain name information through ANQP, which is used as a
basis for network selection.
Precautions
The device supports a maximum of 32 operator domain profiles.
Example
# Create a network domain name profile named operator-domain-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] operator-domain-profile name operator-domain-profile1
[HUAWEI-wlan-op-domain-prof-operator-domain-profile1]

17.38 operator-domain-profile (Hotspot2.0 profile

view)
Function
The operator-domain-profile command binds the specified operator domain
profile to a Hotspot2.0 profile view.
The undo operator-domain-profile command unbinds the specified operator
domain profile from a Hotspot2.0 profile view.
By default, no operator domain profile is bound to a Hotspot2.0 profile.
Format
operator-domain-profile profile-name
undo operator-domain-profile
Parameters
profile-name Indicates the name of the operator The value must be

domain profile. the name of an
existing operator
domain profile.
Views
Default Level
Usage Guidelines
Usage Scenario
When a STA accesses the Hotspot2.0 network, it can obtain the network operator
domain name information from the AP so that the STA can select a network.
Before binding an operator domain profile to a Hotspot2.0 profile, run the
operator-domain-profile command to create an operator domain profile and run
the domain-name command in the profile view to configure the operator name.
Example
# Bind the operator domain profile operator-domain-profile1 to the hotspot
profile.

[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] operator-domain-profile operator-domain-profile1
17.39 operator-friendly-name
Function
The operator-friendly-name command configures the operator friendly name.
The undo operator-friendly-name command deletes the operator friendly name.
By default, no operator friendly name is configured in an operator name profile
view.
Format
operator-friendly-name language-code language-code name name
undo operator-friendly-name language-code language-code name name
Parameters
language- Indicates the language. The value is a string

code of 2 to 3 characters.
language- For the value of
code each language, see
the definition in
ISO639-2 Codes for
the Representation
of Names of
Languages. For
example, the value
is chi, zho, or zh for
Chinese, and eng
for English.

name name Indicates the operator friendly name. The value is a string
of 1 to 64 case-
● English venue
name: The value
is a string of
visible characters
without question
marks (?) and
spaces. It cannot
begin or end
with double
quotation marks
(" ").
● Non-English
venue name: It
cannot contain
half-width
question marks
(?).
To enter a non-
English venue name,
ensure that the
remote login
terminal supports
the UTF-8 encoding
format; otherwise,
the name cannot be
displayed.
Views
Operator name profile view
Default Level
Usage Guidelines
Usage Scenario
When a STA accesses the Hotspot2.0 network, it can obtain the operator name
from the AP. This command configures the language environment names so that
users can select a proper language.
If you need to enter a non-English name, you must use a tool to convert it into
hexadecimal UTF-8 code.
Precautions

If you run the operator-friendly-name multiple times, multiple operator friendly

names are configured. A maximum of 32 names can be configured.
Example
# Set the operator friendly name to operator-name-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] operator-name-profile name operator-name-profile1
[HUAWEI-wlan-op-name-prof-operator-name-profile1] operator-friendly-name language-code eng
name att
17.40 operator-name-profile
Function
The operator-name-profile command creates an operator name profile or
displays the view of an existing operator name profile.
The undo operator-name-profile command deletes the operator name profile.
By default, no operator name profile is available in the system.
Format
operator-name-profile name profile-name
undo operator-name-profile { name profile-name | all }
Parameters
name profile- Indicates the name of the operator name The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Indicates to delete all operator name -

profiles.
Views
WLAN view

Default Level
Usage Guidelines
Usage Scenario
You can specify different friendly names for different languages so that users can
select networks.
Follow-up Procedure
Run the operator-name-profile (Hotspot2.0 profile view) command to apply
the created operator name profile to a Hotspot2.0 profile.
Precautions
The device supports a maximum of 32 operator name profiles.
Example
# Create an operator name profile named operator-name-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] operator-name-profile name operator-name-profile1
[HUAWEI-wlan-op-name-prof-operator-name-profile1]
17.41 operator-name-profile (Hotspot2.0 profile view)

Function
The operator-name-profile command binds the specified operator name profile
to a Hotspot2.0 profile view.
The undo operator-name-profile command unbinds the specified operator name
profile from a Hotspot2.0 profile view.
By default, no operator name profile is bound to a Hotspot2.0 profile.
Format
operator-name-profile profile-name
undo operator-name-profile
Parameters
profile-name Indicates the name of the operator name The value must be
profile. the name of an
existing operator
name profile.

Views
Default Level
Usage Guidelines
Usage Scenario
When a STA accesses the Hotspot2.0 network, it can obtain the operator name
from the AP. Before binding an operator name profile to a Hotspot2.0 profile, run
the operator-name-profile command to create an operator name profile and run
the operating-class-indication command in the profile view to configure the
operator name.
Example
# Bind the operator name profile operator-name-profile1 to the hotspot profile.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] operator-name-profile operator-name-profile1
17.42 p2p-cross-connect disable

Function
The p2p-cross-connect disable command configures P2P management
information to prevent cross connections of P2P devices.
The undo p2p-cross-connect disable command deletes P2P management

information.
By default, P2P management information is not configured.
Format
p2p-cross-connect disable
undo p2p-cross-connect disable
Parameters
None.
Views

Default Level
Usage Guidelines
Usage Scenario
Hotspot2.0 provides security measures for STAs. It prevents direct access between
STAs to reduce the STA attack possibility. The P2P protocol allows direct
communication between STAs; therefore, a Hotspot2.0-supported AP can add P2P
management information into Beacon. In the management information, STAs are
not allowed to set up P2P connections with each other.
Precautions
The p2p-cross-connect disable command is not recommended. An AP does not
support the P2P protocol or process P2P packets; therefore, it is unnecessary to
remove P2P management information from packets.
Example
# Configure P2P management information in the hotspot profile.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] p2p-cross-connect disable
17.43 plmn-id
Function
The plmn-id command configures the Public Land Mobile Network (PLMN)
identifier.
The undo plmn-id command deletes the PLMN identifier.
By default, no PLMN identifier is configured in the cellular network profile.
Format
plmn-id plmn-id
undo plmn-id plmn-id
Parameters
plmn-id Indicates the PLMN identifier. The value is an

integer that ranges
from 10000 to
999999.

Views
Cellular network profile view
Default Level
Usage Guidelines
After the plmn-id command is executed, the AP notifies STAs of the operator
information on the Hotspot2.0 network. The STAs can obtain the PLMN identifier
to determine whether to select the cellular network according to the Hotspot2.0
network.
If you run the plmn-id multiple times, multiple PLMN identifiers are configured. A
maximum of 32 PLMN identifiers can be configured.
Example
# Set the PLMN identifier to 10001.
[HUAWEI] wlan
[HUAWEI-wlan-view] cellular-network-profile name cellular-network-profile1
[HUAWEI-wlan-cellular-network-prof-cellular-network-profile1] plmn-id 10001
17.44 roaming-consortium-oi
Function
The roaming-consortium-oi command configures the roaming consortium
identifier of the Hotspot2.0 network.
The undo roaming-consortium-oi command deletes the roaming consortium

identifier of the Hotspot2.0 network.
By default, no roaming consortium identifier is configured for the Hotspot2.0

network.
Format
roaming-consortium-oi oi-value [ in-beacon ]
undo roaming-consortium-oi oi-value
Parameters
oi-value Indicates the roaming The format is HH-HH-HH or

consortium identifier, which HH-HH-HH-HH-HH, in which H
is used to identify operators. is in the hexadecimal format.

in-beacon Indicates that the Beacon -

and probe-response frames
sent by the AP contain the
roaming consortium
identifier.
Views
Roaming consortium profile view
Default Level
Usage Guidelines
Usage Scenario
If STAs may roam between the Hotspot2.0 network and a network of another
operator, you can configure the OI of the operator that provides the roaming
service so that STAs can select networks.
Precautions
If you run this command multiple times, multiple OIs are configured. A maximum
of 32 OIs can be configured in a roaming consortium profile. To configure OIs in
the roaming consortium profile, the first OI must carry the in-beacon parameter.
A maximum of three OIs can be configured to carry the in-beacon parameter.
Example
# Add an OI 00-11-22 to the profile roaming-consortium-profile1 and add the
OI to the Beacon and probe-response frames sent by the AP.
[HUAWEI] wlan
[HUAWEI-wlan-view] roaming-consortium-profile name roaming-consortium-profile1
[HUAWEI-wlan-ro-co-prof-roaming-consortium-profile1] roaming-consortium-oi 00-11-22 in-beacon
17.45 roaming-consortium-profile
Function
The roaming-consortium-profile command creates a roaming consortium profile
or displays the view of an existing roaming consortium profile.
The undo roaming-consortium-profile command deletes a roaming consortium

profile.
By default, no roaming consortium profile is created.

Format
roaming-consortium-profile name profile-name
undo roaming-consortium-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a roaming The value is a string

name consortium profile. of 1 to 35 case-
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all roaming consortium profiles. -
Views
WLAN view
Default Level
Usage Guidelines
Usage Scenario
When configuring Hotspot2.0 services, configure network parameters according to

operator requirements. When connecting to networks, user terminals can obtain
the network parameters to select desired networks. If the user terminals need to
roam among Hotspot2.0 networks of different operators, configure a roaming
consortium profile and add the organization identifiers (OIs) of the operators to
the roaming consortium profile. In this way, after the user terminals connect to a
network of an operator in the profile, they can roam to networks of the other
operators while maintaining online.
Follow-up Procedure
Run the roaming-consortium-oi command to configure the roaming consortium

OI in the roaming consortium profile.
Precautions
The device supports a maximum of 32 roaming consortium profiles.

Example
# Create the roaming consortium profile roaming-consortium-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] roaming-consortium-profile name roaming-consortium-profile1
[HUAWEI-wlan-ro-co-prof-roaming-consortium-profile1]
17.46 roaming-consortium-profile (Hotspot2.0 profile

view)
Function
The roaming-consortium-profile command binds a roaming consortium profile
to a Hotspot2.0 profile.
The undo roaming-consortium-profile command unbinds a roaming consortium
profile from a Hotspot2.0 profile.
By default, no roaming consortium profile is bound to a Hotspot2.0 profile.
Format
roaming-consortium-profile profile-name
undo roaming-consortium-profile
Parameters
profile-name Specifies the name of a roaming The roaming

consortium profile. consortium profile
must exist.
Views
Default Level
Usage Guidelines
Usage Scenario
to the networks, they can obtain OIs of the operators used for STA roaming, which
helps them select desired networks. You can run the roaming-consortium-profile
command to create a roaming consortium profile and the roaming-consortium-oi

command in the roaming consortium profile view to configure operator OIs, and
then bind the roaming consortium profile to a Hotspot2.0 profile to make the
configuration take effect.
Example
# Bind roaming consortium profile roaming-consortium-profile1 to the Hotspot
2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] roaming-consortium-profile roaming-consortium-profile1
17.47 venue-name-profile
Function
The venue-name-profile command creates a venue name profile or displays the
view of an existing venue name profile.
The undo venue-name-profile command deletes a venue name profile.
By default, no venue name profile is created.
Format
venue-name-profile name profile-name
undo venue-name-profile { name profile-name | all }
Parameters
name profile- Specifies the name of a venue name The value is a string
insensitive
characters. It does
not contain
question marks (?)
or spaces, and
cannot start or end
with double
quotation marks ("
").
all Deletes all venue name profiles. -
Views
WLAN view

Default Level
Usage Guidelines
Usage Scenario
When configuring Hotspot2.0 services, configure network parameters according to
operator requirements. When connecting to networks, user terminals can obtain
the network parameters to select desired networks. The venue name describes
physical locations of a network and is an optional parameter.
Follow-up Procedure
Run the venue-name command in the venue name profile view to configure the
venue name. After creating a venue name profile, bind it to a Hotspot2.0 profile.
Precautions
The device supports a maximum of 32 venue name profiles.
Example
# Create the venue name profile venue-name-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] venue-name-profile name venue-name-profile1
[HUAWEI-wlan-ve-na-prof-venue-name-profile1]
17.48 venue-name-profile (Hotspot2.0 profile view)

Function
The venue-name-profile command binds a venue name profile to a Hotspot2.0
profile.
The undo venue-name-profile command unbinds a venue name profile from a
Hotspot2.0 profile.
By default, no venue name profile is bound to a Hotspot2.0 profile.
Format
venue-name-profile profile-name
undo venue-name-profile
Parameters
profile-name Specifies the name of a venue name The venue name


Views
Default Level
Usage Guidelines
Usage Scenario
You can configure Hotspot2.0 services for networks. When connecting to the
networks, user terminals can obtain location information of the networks from
APs, which helps them to select desired networks. You can run the venue-name-
profile command to create a venue name profile and the venue-name command
in the venue name profile view to configure venue names, and then bind the
venue name profile to a Hotspot2.0 profile to make the configuration take effect.
Example
# Bind venue name profile venue-name-profile1 to Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] venue-name-profile venue-name-profile1
17.49 venue-name
Function
The venue-name command configures a venue name for a Hotspot 2.0 network.
The undo venue-name command deletes the configured venue name.
By default, no venue name is configured.
Format
venue-name language-code language-code name venue-name
undo venue-name language-code language-code name venue-name

Parameters
language- Specifies the language type. The value is a string of 2 to 3

code characters.
language- For the value of each language,
code see the definition in ISO639-2
Codes for the Representation of
Names of Languages. For
example, the value is chi, zho,
or zh for Chinese, and eng for
English.
name venue- Specifies the venue name. The value is a string of 1 to 64

name case-sensitive characters.
● English venue name: The
value is a string of visible
characters without question
marks (?) and spaces. It
cannot begin or end with
double quotation marks (" ").
● Non-English venue name: It
cannot contain half-width
question marks (?).
To enter a non-English venue
name, ensure that the remote
login terminal supports the
UTF-8 encoding format;
otherwise, the name cannot be
displayed.
Views
Venue name profile view
Default Level
Usage Guidelines
Usage Scenario
You can use the command to configure venue names for Hotspot 2.0 networks to
identify physical locations of the networks, which helps user terminals select
desired networks. You can set the venue names in multiple languages for user
groups of different languages.
Precautions

This command can be configured repeatedly. A maximum of 32 venue names can

be configured in a venue name profile.
Example
# Set the language to English and configure the venue name CenterStation in
venue name profile venue-name-profile1.
[HUAWEI] wlan
[HUAWEI-wlan-view] venue-name-profile name venue-name-profile1
[HUAWEI-wlan-ve-na-prof-venue-name-profile1] venue-name language-code eng name CenterStation
17.50 venue-type
Function
The venue-type command configures the venue type of a Hotspot2.0 network.
The undo venue-type command deletes the configured venue type.
By default, no venue type information is configured for a Hotspot2.0 network.
Format
venue-type group-code venue-group type-code type-code-value
undo venue-type
Parameters
group-code Specifies the venue group type. The value is an

venue-group integer that ranges
from 0 to 255.
For meanings of
different venue
group values, see
7.3.1.34 Venue Info
field defined in IEEE
Std 802.11u-2011.
type-code Specifies the venue subtype. The value is an

type-code- integer that ranges
value from 0 to 255.
For meanings of
different venue
subtype values, see
7.3.1.34 Venue Info
field defined in IEEE
Std 802.11u-2011.

Views
Default Level
Usage Guidelines
Usage Scenario
When multiple Hotspot2.0 networks are available, user terminals need to obtain
information of each network to select the network to access. The venue type
information is optional in a Hotspot2.0 profile. Beacon and Probe Response frames
sent from Hotspot2.0-capable APs carry network parameter information, which
helps user terminals to discover and select proper networks.
group-code and type-code determine the venue type and identify the network
location. As predefined in the 802.11u protocol:
● If group-code is set to 2 (Business) and type-code to 3, the venue type
indicates Fire Station.
● If group-code is set to 3 (Educational) and type-code to 3, the venue type
indicates University or College.
Precautions
If the command is executed repeatedly, only the latest configuration takes effect.
Example
# Set the venue type to University or College in Hotspot2.0 profile hotspot.
[HUAWEI] wlan
[HUAWEI-wlan-hotspot2-prof-hotspot] venue-type group-code 3 type-code 3

Fat AP and Cloud AP
Command Reference 18 IoT AP Configuration Commands
18 IoT AP Configuration Commands
About This Chapter
IoT cards are supported only by the following models in cloud mode:
● AP2050DN, AP2050DN-E, AP2050DN-S, AP2051DN, AP2051DN-E, AP2051DN-
S, AP4030TN, AP4050DN-E, AP4051DN, AP4051DN-S, AP4051TN, AP4151DN,
AP5050DN-S, AP6050DN, AP6052DN, AP6150DN, AP7050DE, AP7050DN-E,
AP7052DE, AP7052DN, WA375DD-CE, AP7060DN, AirEngine 5760-10,
AP7152DN, AP6750-10T, R250D-E, R251D-E

18.1 iot-card reboot
18.2 iot-card reset-factory-configuration
18.3 iot-card reset-network-configuration
18.4 iot-card switch-firmware
18.1 iot-card reboot

Function
The iot-card reboot command resets an IoT card of an AP.
Format
iot-card reboot ap card { card-id | usb }
Parameters
ap Specifies an AP. -

Fat AP and Cloud AP
card-id Specifies the IoT card interface number. The value is an

integer that ranges
from 1 to 3.
usb Specifies the USB interface of an IoT -

card.
Views
WLAN view
Default Level
3: Management level
Usage Guidelines
The iot-card reboot command resets an IoT card of an AP.
Example
# Reset an IoT card on the USB interface of the AP.
[HUAWEI] wlan
[HUAWEI-wlan-view] iot-card reboot ap card usb
18.2 iot-card reset-factory-configuration

Function
The iot-card reset-factory-configuration command restores factory defaults of
an IoT card.
Format
iot-card reset-factory-configuration ap card card-id
Parameters
card card-id Specifies the ID of an IoT card. The IoT card ID must exist.

Fat AP and Cloud AP
Views
WLAN view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
If an IoT card cannot communicate with the AP due to an error in IoT card
parameter settings, you can run this command to restore factory defaults of the
IoT card.
Example
# Restore factory defaults of an IoT card.
[HUAWEI] wlan
[HUAWEI-wlan-view] iot-card reset-factory-configuration ap card 1
18.3 iot-card reset-network-configuration

Function
The iot-card reset-network-configuration command resets network parameters
of an IoT card.
Format
iot-card reset-network-configuration ap card card-id
Parameters
Views
WLAN view
Default Level
3: Management level

Fat AP and Cloud AP
Usage Guidelines
Usage Scenario
An IoT card involves network parameters for communicating with a host computer
(such as the card IP address, server IP address, and DNS address) and air interface
parameters in a wireless environment. In most cases, when the wireless
environment becomes stable, air interface parameters remain unchanged. When
the wired environment changes, you can only run the iot-card reset-network-
configuration command to reset network parameters of the IoT card. During this
process, the air interface parameters remain unchanged.
Example
# Reset network parameters of an IoT card.
[HUAWEI] wlan
[HUAWEI-wlan-view] iot-card reset-network-configuration ap card 1
18.4 iot-card switch-firmware

Function
The iot-card switch-firmware command switches the active and standby
partitions of an IoT card.
Format
iot-card switch-firmware ap card card-id
Parameters
Views
WLAN view
Default Level
3: Management level
Usage Guidelines
Usage Scenario

Fat AP and Cloud AP
Upon a fault on the current partition of an IoT card, you can run this command to
switch to the other partition.
Example
# Switch the active and standby partitions of an IoT card.
[HUAWEI] wlan
[HUAWEI-wlan-view] iot-card switch-firmware ap card 1

Fat AP and Cloud AP 19 WLAN Traffic Optimization Commands
19 WLAN Traffic Optimization

About This Chapter
19.1 broadcast-suppression auto-detect

19.2 display wlan igmp-snooping vap-cac
19.3 igmp-snooping max-bandwidth (traffic profile view)
19.4 igmp-snooping max-user (traffic profile view)
19.5 igmp-snooping enable (traffic profile view)
19.6 multicast-suppression auto-detect
19.7 service-guarantee
19.8 traffic-optimize arp-proxy enable
19.9 traffic-optimize bcmc deny all
19.10 traffic-optimize bcmc unicast-send
19.11 traffic-optimize bcmc unicast-send mismatch-action drop
19.12 traffic-optimize broadcast-suppression
19.13 traffic-optimize multicast-suppression
19.14 traffic-optimize multicast-unicast enable
19.15 traffic-optimize multicast-unicast dynamic-adaptive disable
19.16 traffic-optimize sta-bridge-forward disable
19.17 traffic-optimize tcp adjust-mss
19.18 traffic-optimize unicast-suppression
19.19 unicast-suppression auto-detect
19.20 unicast-suppression auto-detect disable

19.1 broadcast-suppression auto-detect
Function
The broadcast-suppression auto-detect command configures the rate limit for
broadcast packets during intelligent flow control.
The undo broadcast-suppression auto-detect command restores the default rate

limit for broadcast packets during intelligent flow control.
By default, the rate limit for broadcast packets is 256 pps.
Format
broadcast-suppression auto-detect packets packets
undo broadcast-suppression auto-detect packets
Parameters
packets packets Specifies the rate limit The value is an integer

for broadcast packets. that ranges from 64 to
14881000, in pps.
Views
System view
Default Level
Usage Guidelines
Usage Scenario
When there are a large number of broadcast, multicast, and unknown unicast
packets, the CPU becomes busy processing these packets and the buffer of the
packet receiving queue decreases. When the buffer falls below the threshold, the
device automatically limits the rates of these within the specified range. You can
run this command to specify a rate limit during intelligent flow control as
required.
Precautions
Rate limiting takes effect only for incoming upstream and downstream traffic.

Example
# Set the rate limit for broadcast packets during intelligent flow control to 300
pps.
[HUAWEI] broadcast-suppression auto-detect packets 300
19.2 display wlan igmp-snooping vap-cac

Function
The display wlan igmp-snooping vap-cac command displays the multicast CAC
configuration and statistics on a VAP.
Format
display wlan igmp-snooping vap-cac ap-id ap-id
Parameters
ap-id ap-id Specifies an AP ID. The AP ID must

exist.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run this command to check the multicast CAC configuration and statistics
on a VAP, including the bandwidth and user statistics.
Example
# Display the multicast CAC configuration and statistics on VAPs of the AP with ID
0.
<HUAWEI> display wlan igmp-snooping vap-cac ap-id 0
Info: This operation may take a few seconds, please wait.done.
Rf : Radio ID WID : WLAN ID
CurBw : Current bandwidth(kbps) MaxBw : Max bandwidth(kbps)
CurUser : Current user number MaxUser : Max user number
BwUtilization : Bandwidth utilization UserUtilization : User utilization
--------------------------------------------------------------------------------
Rf WID CurBw/MaxBw BwUtilization CurUser/MaxUser UserUtilization
--------------------------------------------------------------------------------

0 1 0/11 0% 0/6 0%
--------------------------------------------------------------------------------
Total: 1
Table 19-1 Description of the display wlan igmp-snooping vap-cac command

output
Item Description
Rf Radio ID.
WID WLAN ID.
CurBw/MaxBw Current multicast bandwidth/

Maximum multicast bandwidth of a
VAP.
BwUtilization Multicast bandwidth utilization.
CurUser/MaxUser Current number of multicast users/

Maximum number of multicast users
on a VAP.
UserUtilization Percentage of current multicast users

against the maximum number of
multicast users that are configured
globally.
19.3 igmp-snooping max-bandwidth (traffic profile

view)
Function
The igmp-snooping max-bandwidth command configures the maximum
multicast bandwidth for a VAP.
The undo igmp-snooping max-bandwidth command deletes the maximum
multicast bandwidth of a VAP.
By default, the maximum multicast bandwidth is not configured for a VAP.
Format
igmp-snooping max-bandwidth max-bandwidth
undo igmp-snooping max-bandwidth

Parameters
max-bandwidth Specifies the maximum The value is an integer

multicast bandwidth of a that ranges from 1 to
VAP. 10000000, in kbps.
Views
Traffic profile view
Default Level
Usage Guidelines
Usage Scenario
The maximum multicast bandwidth is configured for a VAP in a traffic profile to

limit the multicast traffic forwarding capacity of the VAP to which this traffic
profile is bound. When the available multicast bandwidth of a VAP is insufficient,
new users are prevented from joining multicast groups.
Precautions
After configuring the maximum multicast bandwidth for a VAP, run the igmp-
snooping group-bandwidth (system view) command to configure the
bandwidth of global multicast groups.
Example
# Set the maximum multicast bandwidth to 500 kbps in traffic profile p1.
[HUAWEI] wlan
[HUAWEI-wlan-view] traffic-profile name p1
[HUAWEI-wlan-traffic-prof-p1] igmp-snooping max-bandwidth 500
19.4 igmp-snooping max-user (traffic profile view)

Function
The igmp-snooping max-user command configures the maximum number of
multicast group memberships for a VAP.
The undo igmp-snooping max-user command deletes the maximum number of

multicast group memberships for a VAP.
By default, the maximum number of multicast group memberships is not

configured for a VAP.

Format
igmp-snooping max-user max-user
undo igmp-snooping max-user
Parameters
max-user Specifies the maximum The value is an integer

number of multicast that ranges from 1 to
group memberships on a 1000.
VAP.
Views
Default Level
Usage Guidelines
The maximum number of multicast group memberships on a VAP is configured in
a traffic profile to limit access of multicast users on the VAP to which this traffic
profile is bound. When the number of multicast group memberships on a VAP
reaches the maximum value, new users are prevented from joining multicast
groups.
Example
# Set the maximum number of multicast group memberships to 10 on the VAP to
which traffic profile p1 is bound.
[HUAWEI] wlan
[HUAWEI-wlan-traffic-prof-p1] igmp-snooping max-user 10
19.5 igmp-snooping enable (traffic profile view)
Function
The igmp-snooping enable command enables IGMP snooping in a traffic profile.
The undo igmp-snooping enable command disables IGMP snooping in a traffic

profile.
By default, IGMP snooping is disabled in a traffic profile.

Format
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
IGMP snooping is a basic Layer 2 multicast function that forwards and controls
multicast traffic at the data link layer. IGMP snooping runs on a Layer 2 device
and analyzes IGMP messages exchanged between a Layer 3 device and hosts to
set up and maintain a Layer 2 multicast forwarding table. The Layer 2 device
forwards multicast packets based on the Layer 2 multicast forwarding table.
After you disable IGMP snooping in a traffic profile using the undo igmp-
snooping enable command, all IGMP snooping configurations in the traffic profile
are deleted. When you run the igmp-snooping enable command to enable IGMP
snooping again, all IGMP snooping configurations are restored to the default
settings on the device.
Prerequisites
The traffic profile has been created using the traffic-profile (WLAN view)
command.
Example
# Enable IGMP snooping in traffic profile p1.
[HUAWEI] wlan
[HUAWEI-wlan-traffic-prof-p1] igmp-snooping enable
19.6 multicast-suppression auto-detect
Function
The multicast-suppression auto-detect command configures the rate limit for
multicast packets during intelligent flow control.

The undo multicast-suppression auto-detect command restores the default rate

limit for multicast packets during intelligent flow control.
By default, the rate limit for multicast packets is 256 pps.
Format
multicast-suppression auto-detect packets packets
undo multicast-suppression auto-detect packets
Parameters
packets packets Specifies the rate limit The value is an integer

for multicast packets. that ranges from 64 to
14881000, in pps.
Views
System view
Default Level
Usage Guidelines
Precautions
Rate limiting takes effect only for incoming upstream and downstream traffic.
This command is supported only by 802.11ac Wave 2 and 802.11ax APs.
Example
# Set the rate limit for multicast packets during intelligent flow control to 300 pps.
[HUAWEI] multicast-suppression auto-detect packets 300
19.7 service-guarantee
Function
The service-guarantee command configures the service guarantee mode.
The undo service-guarantee command restores the default service guarantee

mode.
The default service guarantee mode is performance-first.

Format
service-guarantee { performance-first | reliability-first }
undo service-guarantee
Parameters
performance-first Sets the service -

guarantee mode to
performance-first.
reliability-first The service guarantee -

mode is set to reliability-
first.
Views
SSID profile view
Default Level
Usage Guidelines
Usage Scenario
When an AP is connected to a VR device, retransmission of lost packets has a

great impact on user experience. Therefore, you can set the service guarantee
mode to reliability first. That is, when the VR throughput requirement is met, the
air interface rate can be lowered properly to reduce jitter and delay caused by
packet loss and retransmission, improving user experience. It is recommended that
the service assurance mode be set to reliability first in VR gaming scenarios and to
performance first in VR video scenarios.
Precautions
Changing the service guarantee mode will interrupt services of associated STAs.
Example
# Set the service guarantee mode to reliability-first.
[HUAWEI] wlan
[HUAWEI-wlan-ssid-prof-ssid1] service-guarantee reliability-first

19.8 traffic-optimize arp-proxy enable

Function
The traffic-optimize arp-proxy enable command enables ARP proxy on the
device.
The undo traffic-optimize arp-proxy enable command disables ARP proxy on the
device.
By default, ARP proxy is disabled.
Format
traffic-optimize arp-proxy enable
undo traffic-optimize arp-proxy enable
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
When an ARP Request packet is sent from a user or the network to another user,
the AP enabled with ARP proxy can reply to this packet. Compared with the
function of converting ARP multicast packets to ARP unicast packets, ARP proxy
can reduce the number of times a sleeping terminal is awakened to save power.
Precautions
The ARP proxy function is not available for roaming users.
Example
# Enable ARP proxy on the device in the traffic profile p1.
[HUAWEI] wlan
[HUAWEI-wlan-traffic-prof-p1] traffic-optimize arp-proxy enable

19.9 traffic-optimize bcmc deny all

Function
The traffic-optimize bcmc deny all command forbids an air interface to forward
downstream broadcast or multicast packets.
The undo traffic-optimize bcmc deny all command cancels the configuration of
forbidding an air interface to forward downstream broadcast or multicast packets.
By default, an air interface is allowed to forward downstream broadcast or

multicast packets.
Format
traffic-optimize bcmc deny all
undo traffic-optimize bcmc deny all
Parameters
None
Views
Default Level
Usage Guidelines
Usage Scenario
On an IP network, the ARP, ND, and DHCP protocols are the basic network
protocols and serve as the basis for packet forwarding on the entire network.
Broadcast or multicast packets of protocols other than the ARP, ND, and DHCP
protocols are optional on the IP network. When no services rely on transmission of
these broadcast or multicast packets on the network, you can run the command
to forbid an air interface to forward these broadcast or multicast packets to
improve the air interface performance.
Precautions
Before using the traffic-optimize bcmc deny all command to forbid an AP to

forward downstream broadcast or multicast packets, run the undo learn-client-
address ipv4 disable command to enable STA address learning and the traffic-
optimize bcmc unicast-send { arp | dhcp } * command to configure the function
of converting broadcast or multicast packets to unicast packets on an air interface.
Otherwise, the ARP and DHCP packets may fail to be forwarded.

Example
# Forbid an air interface to forward downstream broadcast or multicast packets in
the traffic profile p1.
[HUAWEI] wlan
[HUAWEI-wlan-traffic-prof-p1] traffic-optimize bcmc deny all
19.10 traffic-optimize bcmc unicast-send

Function
The traffic-optimize bcmc unicast-send { arp | dhcp } * command configures the
function of converting broadcast or multicast packets to unicast packets on an air
interface.
The undo traffic-optimize bcmc unicast-send { arp | dhcp } * command cancels

the configuration.
The undo traffic-optimize bcmc unicast-send command restores the default
configuration.
By default, the function of converting broadcast or multicast packets to unicast
packets is configured on an air interface.
Format
traffic-optimize bcmc unicast-send { arp | dhcp } *
undo traffic-optimize bcmc unicast-send { arp | dhcp } *
undo traffic-optimize bcmc unicast-send
Parameters
arp Specifies the ARP packets. -
dhcp Specifies the DHCP packets. -
Views
Default Level
Usage Guidelines
Usage Scenario

If an air interface sends a large number of broadcast or multicast packets when

being busy, the performance of the air interface will drop. To prevent this
situation, you can configure the function of converting broadc

Fat AP and Cloud AP V200R019C00 Command Reference PDF

Uploaded by

Copyright:

Available Formats

Fat AP and Cloud AP V200R019C00 Command Reference PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fat AP and Cloud AP V200R019C00 Command Reference PDF

Uploaded by

Copyright:

Available Formats

Fat AP and Cloud AP

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. i

1 About This Document.............................................................................................................1

3 Basic Configurations Commands....................................................................................... 16

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. ii

3.3.1 acl (user interface view)................................................................................................................................................. 46

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. iii

3.4.16 ecc local-key-pair destroy.......................................................................................................................................... 100

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. iv

3.5.9 close..................................................................................................................................................................................... 150

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. v

3.5.51 quit (FTP client view).................................................................................................................................................. 206

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. vi

3.6.18 startup system-software............................................................................................................................................ 270

4 Cloud-based Management Configuration Commands...............................................302

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. vii

4.17 ip-address (WAN view).................................................................................................................................................. 322

5 Device Management Commands.....................................................................................329

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. viii

5.4.5 clear event all................................................................................................................................................................... 374

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. ix

5.5.30 info-center rate-limit monitor-period.................................................................................................................... 438

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. x

5.7.7 poe af-inrush enable...................................................................................................................................................... 502

6 Interface Management Commands................................................................................ 517

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xi

6.2.11 port-down holdoff-timer............................................................................................................................................568

7 Network Interconnection Configurations Commands............................................... 585

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xii

7.3 VLAN Configuration Commands................................................................................................................................... 632

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xiii

7.4.18 revision-level.................................................................................................................................................................. 697

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xiv

7.6.6 arp scan.............................................................................................................................................................................. 751

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xv

7.7.19 dhcp relay information strategy.............................................................................................................................. 804

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xvi

7.7.61 display dhcp client statistics..................................................................................................................................... 866

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xvii

7.7.103 snmp-agent trap enable feature-name dhcp................................................................................................... 942

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xviii

7.9.15 display nat static interface enable....................................................................................................................... 1000

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xix

7.10.21 icmp redirect send................................................................................................................................................... 1067

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xx

7.13.1 display igmp-snooping configuration................................................................................................................. 1125

8 WAN Commands............................................................................................................... 1131

9 WLAN Service Configuration Commands (Common AP)........................................1157

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxi

9.19 display ap......................................................................................................................................................................... 1189

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxii

9.61 radio disable.................................................................................................................................................................... 1296

10 AP Management Configuration Commands............................................................ 1338

Issue 08 (2021-11-15) Copyright © Huawei Technologies Co., Ltd. xxiii

10.6 display ap optical-info................................................................................................................................................. 1344

11 WLAN Radio Resource Management Configuration Commands (Common AP)