WX3500H五, 27/03/2020 - 12:38 的修訂版本

修訂版本可以讓你追蹤文章的多個版本的不同之處。

最後更新: 2020-03-19

 


Display Client Info.

 

wlan client

display wlan client ?

  • ap                    # Specify an AP
  • association        # Display association client information
  • frequency-band  # Specify a frequency band
  • mac-address       # Specify a client by its MAC address
  • service-template  # Specify a service template
  • status                 # Client status
  • verbose              # Detailed information

# Client by AP

display wlan client ap ap19

Total number of clients: 19

MAC address    User name            AP name               R IP address      VLAN
????-????-???? N/A                  ap19                  3 172.16.1.127    1
....

# Client by SSID

display wlan client service-template 2

Total number of clients: 19

MAC address    User name            AP name               R IP address      VLAN
????-????-???? N/A                  ap19                  3 172.16.1.127    1
....

# Client by MAC

display wlan client status [mac-address H-H-H]

Total number of clients: 91

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID
????-????-????  N/A          N/A   26/19.5Mbps     0.00%    ap34               1

wlan ap

display wlan ap statistics online-record

Time                     Manual AP    Auto AP      Total        Total delta
2020-03-16/15:59:21      37           0            37           0
...

display wlan ap all

Total number of APs: 40
Total number of connected APs: 37
Total number of connected manual APs: 37
Total number of connected auto APs: 0
Total number of connected common APs: 37
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 256
Remaining APs: 219
Total AP licenses: 40
Remaining AP licenses: 3
Sync AP licenses: 0

                                 AP information
 State : I = Idle,      J  = Join,       JA = JoinAck,    IL = ImageLoad
         C = Config,    DC = DataCheck,  R  = Run,   M = Master,  B = Backup

AP name                        APID  State Model           Serial ID
ap1                            1     R/M   WA5530          ?????
...

wlan statistics

display wlan statistics client [mac-address H-H-H]

 MAC address                  : ????-????-????
 AP name                      : ap9
 Radio ID                     : 3
 SSID                         : Oasis Staff
 BSSID                        : 441a-fa32-cd11
 RSSI                         : 21
 Sent frames:
   Back ground                : 1/46 (frames/bytes)
   Best effort                : 103836/112765717 (frames/bytes)
   Video                      : 0/0 (frames/bytes)
   Voice                      : 4/736 (frames/bytes)
 Received frames:
   Back ground                : 0/0 (frames/bytes)
   Best effort                : 68224/6888394 (frames/bytes)
   Video                      : 0/0 (frames/bytes)
   Voice                      : 0/0 (frames/bytes)
 Discarded frames:
   Back ground                : 0/0 (frames/bytes)
   Best effort                : 0/0 (frames/bytes)
   Video                      : 0/0 (frames/bytes)
   Voice                      : 0/0 (frames/bytes)

 


 

 


Setting

 

portal host-check enable

無線Portal客戶端合法性檢查功能。

默認情況下, 無線Portal客戶端合法性檢查功能處於關閉狀態, 設備僅根據ARP表項對Portal客戶端進行合法性檢查.

在採用本地轉發模式的無線組網環境中,AC上沒有Portal客戶端的ARP表項,為了保證合法用戶可以進行Portal認證,需要開啟無線Portal客戶端合法性檢查功能。

本功能開啟後,當設備收到未認證Portal用戶的認證報文後,將使用WLAN Snooping表、DHCP Snooping表和ARP表對其進行合法性檢查。

如果在這三個表中查詢到該Portal客戶端信息,則認為其合法並允許進行Portal認證。

可通過display ip source binding命令查看到WLAN Snooping表項或DHCP Snooping表項的相關信息。

captive-bypass     

Prevent automatic popup of the portal authentication page

By default, the captive-bypass feature is disabled.

The device automatically pushes the portal authentication page to iOS mobile devices and some Android mobile devices when they are connected to a portal-enabled network.

The captive-bypass feature enables the device to push the portal authentication page to the iOS and Android devices only when the users access the Internet by using a browser.

If the users do not perform authentication but press the home button to return to the desktop,

the Wi-Fi connection is terminated. To maintain the Wi-Fi connection in such cases, you can enable the optimized captive-bypass feature.

 


logbuffer

 

reset logbuffer

display logbuffer
 


Portal

 

Setting

local-user MyPortalUser class network
 password cipher ????
 access-limit 1024
 service-type portal
 authorization-attribute idle-cut 15
 authorization-attribute user-role network-operator
 description for portal

portal user-logoff after-client-offline enable       # 無線 Portal 用戶自動下線功能

portal free-rule 1 destination ip 8.8.4.4 255.255.255.255 udp 53
portal free-rule 2 destination ip 8.8.8.8 255.255.255.255 udp 53

domain mydomain
 authorization-attribute session-timeout 60    # 限時用 1 hour
 accounting start-fail offline
 authentication portal local
 authorization portal local
 accounting portal local

portal web-server MyPortal
 url http://192.168.13.2/portal
 url-parameter ip source-address
 url-parameter mac source-mac
 url-parameter ssid ssid

portal local-web-server http
 default-logon-page defaultfile.zip

wlan service-template 3
 ssid test123
 vlan 13
 portal enable method direct        # 開啟Portal認證
 portal domain mydomain             # 每個Portal用戶都屬於一個認證域, 且在其所屬的認證域內進行認證/授權/計費
 portal apply web-server MyPortal   # 指定用 "MyPortal"
 portal user-dhcp-only
 service-template enable

Checking

display domain

...
Domain: mydomain
  State: Active
  Portal  authentication scheme:  Local
  Portal  authorization  scheme:  Local
  Portal  accounting     scheme:  Local
  Default authentication scheme:  Local
  Default authorization  scheme:  Local
  Default accounting     scheme:  Local
  Accounting start failure action: Offline
  Accounting update failure action: Online
  Accounting quota out action: Offline
  Service type: HSI
  Session time: Exclude idle time
  DHCPv6-follow-IPv6CP timeout: 60 seconds
  Authorization attributes:
    Idle cut: Disabled
    Session timeout: 60 minutes
    IGMP access limit: 4
    MLD access limit: 4

Default domain name: system

display portal web-server

Portal Web server: MyPortal
  Type             : IMC
  URL              : http://192.168.13.2/portal/
  URL parameters   : ip=source-address
                     mac=source-mac
                     ssid=ssid
  VPN instance     : Not configured
  Server detection : Interval: 5 s  Attempts: 3  Action: log
  IPv4 status      : Up
  IPv6 status      : N/A
  Captive-bypass   : Disabled
  If-match         : Not configured

# check online user

display portal user count

Total number of users: 1

display portal user all

Total portal users: 0

OR

Total portal users: 1
Username: MyPortalUser
  AP name: ap27
  Radio ID: 1
  SSID: MySSID
  Portal server: N/A
  State: Online
  VPN instance: N/A
  MAC             IP                    VLAN    Interface
  ????-????-????  192.168.13.101        13      WLAN-BSS1/0/184
  Authorization information:
    DHCP IP pool: N/A
    User profile: N/A
    Session group profile: N/A
    ACL number: N/A
    Inbound CAR: N/A
    Outbound CAR: N/A

# By Username

display portal user username MyPortalUser

# By IP

display portal user ip 192.168.13.101

display portal user all brief

  IP address          Mac address         Online duration     Username
  192.168.13.117      ????-????-????      00:51:25            MyPortalUser

display portal user all verbose

...
AAA:
  Realtime accounting interval: 0s, retry times: 1
  Idle cut: N/A
  Session duration: 3600 sec, remaining: 438 sec
  Remaining traffic: N/A
  Login time: 2020-03-27 11:43:59 UTC+8
  Online time(hh:mm:ss): 00:52:42
  DHCP IP pool: N/A
...
Flow statistic:
  Uplink   packets/bytes: 88468/62991160
  Downlink packets/bytes: 125424/114578732

 

Force logoff

portal delete-user ?

  X.X.X.X    Specify a portal user by the IPv4 address
  all        All online portal users
  auth-type  Specify an authentication type
  interface  Portal users on an interface
  ipv6       Specify a portal user by the IPv6 address
  mac        Specify a MAC address
  username   Specify a username

配置Portal僅允許DHCP用戶上線

system-view
wlan service-template 3
portal user-dhcp-only

配置此功能後, IP地址為靜態配置的 Portal 認證用戶將不能上線. 此配置不會影響已經在線的用戶

maximum number of portal users

By default, no limit is set on the number of portal users on an interface.

By default, no limit is set on the global number of portal users.

If you set the maximum number smaller than the current number of portal users on an interface,

this configuration still takes effect.

The online users are not affected but the system forbids new portal users to log in from the interface.

Setting the maximum number of portal users on an interface

1.     Enter system view.

system-view

2.     Enter Layer 3 interface view.

interface interface-type interface-number

3.     Set the maximum number of portal users.

portal { ipv4-max-user | ipv6-max-user } max-number

Setting the global maximum number of portal users

1.     Enter system view.

system-view

2.     Set the global maximum number of portal users.

portal max-user max-number

If you set the global maximum number smaller than the number of current online portal users on the device,

this configuration still takes effect.

The online users are not affected but the system forbids new portal users to log in.