Commands For Wapi Authentication Access

21. Commands for WAPI authentication and access

21.1 Commands for global configuration

21.1.1 wapi enable

Command: wapi enable
no wapi enable
Function: Enable global WAPI function. The no command disables this function.
Parameters: None
Default: Disable
Command mode: Wireless Global Mode
Usage guide: Use this command to enable the WAPI globaly. If global WAPI is not enabled, other WAPI commands cannot be configured. Use the show wireless wapi status command to check whether the global WAPI function is enabled.
Example: Disable the global WAPI function, and then enable it.

active500EM(config-wireless)#no wapi enable
active500EM(config-wireless)#wapi enable

 

21.1.2 wapi authentication-server

Command: wapi authentication-server <1-5> <ipAddr> [port <0-65535> ] no wapi authentication-server [<1-5>] Function: Configure the IPv4 AS when the WAPI certificate authenticates. The no command deletes the IPv4 AS.
Parameters:

  • <1-5>: server number; 5 AS servers can be configured by the system.
  • <ipAddr>: IPv4 address of the authentication server.
  • <0-65535>: the port of the authentication packets, which is handled by the authentication server. Select 3810 port as the default. The field of port is optional, and if it is not configured, 3810 port is selected as the default.

Command mode: Wireless Global Mode
Default: None
Usage guide: Use this command to configure the IPv4 AS when the WAPI certificate authenticates.
The port field is optional, and if it is not configured, the default is set to 3810. It cannot be
deleted if the server is bound to the network. Use show wireless wapi authentication-server status command to check the configured AS status.
Example: Configure the ip address of AS server 1 as 192.168.1.100, and the port is 65535.

active500EM(config-wireless)#wapi authentication-server 1 ip 192.168.1.100 port 65535

 
 

21.1.3 wapi authentication-server timeout

Command: wapi authentication-server timeout <1~1000> no wapi authentication-server timeout
Function: Configure the timeout timeframe for the response from the AS server. The no command resets the
default to 3s.

Parameters: <1-1000>: the unit is s and identifies the authentication timeout timeframe for the response from the AS server.
Command mode: Wireless Global Mode
Default: 3s.
Usage guide: This command is used to configure the timeout timeframe for the response from the AS server. The AC sends the certificate to the AS server to authenticate the requisition information. If the AS server response is not received in this time, the authentication fails. If the retransmission is configured, the AC will retransmit. If there is still no response after more than one retransmission, the authentication fails. Use show wireless wapi status command to view the configured timeout.
Example: Configure the timeout of AS server response to 1000s.

active500EM(config-wireless)#wapi authentication-server timeout 1000

 

21.1.4 wapi authentication-server retransmit

Command: wapi authentication-server retransmit<0~100> no wapi authentication-server retransmit
Function: Configure the number of times the AC retransmits the sending authentication to the AS. When there is no response after the timeout, then retransmit. The no command resets the time to a default of 3.
Parameters: <0-100>: the number of times the AC retransmits the sending authentication to the AS.
Default: Wireless Global Mode
Command guide: 3 times.
Usage guide: This command is used to configure the number of times the AC retransmits sending authentication to the AS. The AC sends the certificate to the AS server to identify the requisition information. If the AS server response is not received in this timeframe, the requisition fails. If the retransmission is configured, the AC will retransmit. If there is still no response after more than one retransmission, the authentication fails. Use show wireless wapi status command to view the number of times the AC retransmits.
Example: Configure number of times the AC retransmits sending requisitions to the AS to 100.

active500EM(config-wireless)#wapi authentication-server retransmit 100

 

21.1.5 wapi certificate format

Command: wapi certificate format {gbw | x509} no wapi certificate format
Function: Configure the certificate format when using WAPI authentication certification. The no command resets the default format to X509.
Parameters:

  • {gbw | x509}: enter the format of the WAPI certificate.
  • GBW: a management system based on the the public key system.
  • X509: the digital certificate standard developed by the International Telecommunications Union (ITU-T); it is a management system for the public key system.

Default: Use the X509 certificate format.
Command guide: Wireless Global Mode
Usage guide: Use the X509 certificate format. Configure the WAPI certificate for authentication. The no command resets to the default format of X509. Use the show wireless wapi status command to
view the configured certificate format.
Example: Configure the certificate format to X509.

active500EM(config-wireless)#wapi certificate-format x509

 

21.1.6 wapi certificate-mode

Command: wapi certificate-mode {2|3} no wapi certificate-mode
Function: Configure the certificate mode when using WAPI authentication. The no command resets the certificate mode to the default of 2.
Parameters: {2|3}: 2 certificate mode or 3 certificate mode.
Default: 2 certificate mode.
Command guide: Wireless Global Mode
Usage guide: Configure the certificate mode when using WAPI authentication. The no command resets
the certificate mode to the default of 2. Use the show wireless wapi status command to view the configured certificate mode.
Example: Configure the certificate mode to 3 using WAPI authentication.

active500EM(config-wireless)#wapi certificate-mode 3

 

21.1.7 snmp-server enable traps wapi

Command: snmp-server enable traps wapi no snmp-server enable traps wapi
Function: Enable global WAPI traps. The no command disables all WAPI traps functions.
Parameters: None
Default: Disable.
Command guide: Global Mode
Usage guide: Use this command to enable WAPI traps. The no command disables all WAPI traps.
Example: Enable WAPI traps (enable snmp-server and global traps function first).

active500EM(config)#snmp-server enable
active500EM(config)#snmp-server enable traps
active500EM(config)#snmp-server enable traps wapi

 

21.2 Commands for network configuration

21.2.1 security mode

Command: security mode {none | static-wep | wep-dot1x | wpa-enterprise | wpa-personal | wapi-certificate | wapi- psk} no security mode
Function: Configure the authentication and encryption method that the network supports. The no command deletes the configured authentication and encryption method.
Parameters:

  • none: there is no wireless authentication and encryption configuration.
  • WAPI-certificate: configure the WAPI access authentication method.
  • wapi-psk: configure the WAPI access authentication method to pre-shared key authentication.
  • Default: None(lawful method).

Command guide: Network Configuration Mode
Usage guide: This command can configure authentication and encryption methods for networks. The no command deletes the authentication and encryption methods that the network supports. Use the show wireless network <1-1024> command to view the configured authentication and encryption methods.
Example: Configure network 101 to use WAPI pre-shared key authentication.

active500EM(config-wireless)#network 101
active500EM(config-network)#security mode wapi-psk

 

21.2.2 wapi authentication-server

Command: wapi authentication-server <1-5> no wapi authentication-server
Function: Configure the ipv4 AS number value used by the network when it uses the WAPI certificate authentication method. The no command deletes the ipv4 AS.
Parameters: <1-5>: WAPI authentication server number.
Default: None
Command guide: Network Configuration Mode
Usage guide: Configure the ipv4 AS value used by the network when it uses the WAPI authentication certificate. The no command deletes the ipv4 AS. One network can only configure one ipv4 AS. Use the show wireless network <1-1024> wapi status command to view the number of APs used by the network.
Example: Configure the ipv4 AS number value used by the network 101 when it uses the WAPI certificate authentication method of 5.

active500EM(config-wireless)#network 101
active500EM(config-network)#wapi authentication-server 5

 

21.2.3 wapi bk-refresh-rate

Command: wapi bk-refresh-rate <0,30-43200> no wapi bk-refresh-rate
Function: Configure the BK refresh rate of the network when it uses WAPI authentication. The no command resets to default.
Parameters: <0,30-43200>: the refresh rate of BK key; unit is second. 0 means to disable the BK key refresh function.
Default: 43200s
Command guide: Network Configuration Mode
Usage guide: Configure the BK refresh rate of the network when it uses WAPI authentication. The no command resets to default. Use the show wireless network <1-1024> wapi status command to view the BK refresh rate of the network when it uses WAPI authentication.
Example: Configure the BK refresh rate of the network when it uses the WAPI authentication value of 3000s.

active500EM(config-network)#wapi bk-refresh-rate 30000

 

21.2.4 wapi msk-refresh client-offline

Command: wapi msk-refresh client-offline no wapi msk-refresh client-offline
Function: Enable the function in which the offline user triggers MSK refresh when the network uses WAPI authentication. The no command disables this function.
Parameters: None
Default: Disable
Command guide: Network Configuration Mode
Usage guide: Enable the function in which the offline user triggers MSK refresh when the network uses WAPI authentication. The no command disables this function. Use the show wireless network <1-1024> wapi status command to check if this function is enabled.
Example: Enable the function in which the offline user triggers MSK refresh when the network uses WAPI authentication.

active500EM(config-network)#wapi msk-refresh client-offline

 

21.2.5 wapi msk-refresh-rate

Command: wapi msk-refresh-rate {packet-based <30-86400>|} { time-based <30- 86400>|} no wapi msk-refresh-rate
Function: Configure the MSK refresh rate when the network uses WAPI authentication. The no command resets the refresh rate default to 86400s.
Parameters:

  • packet-based <0,30-86400>: configure MSK refresh based on the number of packets. 0 means MSK refresh is not triggered.
  • time-based <0,30-86400>: configure MSK refresh rate based on a time interval; unit is second. 0 means that the MSK refresh is not triggered by time.

Default: Time interval triggers the multicast key refresh. The time interval is 86400s.
Command guide: Network Configuration Mode
Usage guide: Configure the MSK refresh rate when the network uses WAPI authentication. The no command resets the refresh rate default to 86400s. When the parameters of packet-based and time-based both exist and they are not 0, it means that both of them trigger the MSK refresh. When both of them are 0, the MSK refresh is disabled. Notice: The configurations of packet-based and time-based are independent. Use the show wireless network <1-1024> wapi status command to view the MSK refresh rate.
Example: Configure the MSK refresh rate when the network uses WAPI authentication; trigger the refresh rate to every 40000 packets and every 50000s.

active500EM(config-network)#wapi msk-refresh-rate packet-based 40000 time-based 50000

21.2.6 wapi psk

Command: wapi psk {ciper | pass-phrase} <value> no wapi psk
Function: Configure the pre-shared key of the network when it uses WAPI PSK authentication. The no command deletes this pre-shared key.
Parameters:

  • {ciper | pass-phrase}: ciper means to select the PSK value of the WAPI AKM kit for PSK mode, BK will be produced by this object. Pass-phrase is a method that can be replaced. Use command-key algorithm to configure the PSK. This variable allows inputting a command. When this variable is written, WAPI will use a command-key algorithm to export a pre-shared key.
  • <value>: key value.

Default: None
Command guide: Network Configuration Mode
Usage guide: Configure the network pre-shared key when it uses WAPI PSK authentication. The no command deletes this pre-shared key. Use the show wireless network <1-1024> wapi status command to view the configured WAPI PSK.
Example: Configure the network pre-shared key when it uses a WAPI PSK authentication method of 12345678.

active500EM(config-network)#wapi psk cipher 12345678

 

21.2.7 wapi psk length

Command: wapi psk length <8-64> no wapi psk length
Function: Configure the key length when the network uses WAPI PSK authentication. The no command resets the default to 8.
Parameters: <8-64>: length of WAPI PSK.
Default: 8
Command guide: Network Configuration Mode
Usage guide: Configure the key length when the network uses WAPI PSK authentication. The no command resets the default to 8. Use the show wireless network <1-1024> wapi status command to view the configured length of the pre-shared key.
Example: Configure the key length when the the network uses WAPI PSK authentication to 64.

active500EM(config-network)#wapi psk length 64

 

21.2.8 wapi psk type

Command: wapi psk type {ascii | hex} no wepkey type
Function: Configure the key type when the network uses WAPI PSK authentication. The no command resets the default to Hex.
Parameters: {ascii | hex}: type of WAPI PSK; represented with ASCII and hexadecimal, respectively.
Default: Hex
Command guide: Network Configuration Mode
Usage guide: Configure the key type when the network uses WAPI PSK authentication. The no command resets the default to Hex. Use the show wireless network <1-1024> wapi status command to view the configured type of pre-shared key.
Example: Configure the key type when the network uses ASCII WAPI PSK authentication.

active500EM(config-network)#wapi psk type ascii

 

21.2.9 wapi usk-refresh-rate

Command: wapi usk-refresh-rate {packet-based <0,30-86400>|} { time-based <30- 86400>|} no wapi usk-refresh-rate
Function: Configure the USK refresh rate when the network uses WAPI PSK authentication. The no command resets the default value. Rate triggers unicast key refresh. The time interval is 86400s.
Parameters:

  • packet-based <0,30-86400>: configure the USK refresh based on the number of packets. 0 means not to trigger USK refresh.
  • time-based <0,30-86400>: configure USK refresh based on the time interval; unit is second. 0 means time does not trigger the MSK refresh.

Default: The refresh rate triggers the unicast key refresh and the time interval is 86400s.
Command guide: Network Configuration Mode
Usage guide: Configure the USK refresh rate when the network uses WAPI PSK authentication. The no command resets the default value. When the parameters of packet-based and time-based both exist, and are not 0, it means that both trigger the USK refresh. When both are 0, USK refresh is disabled. Notice: The configurations of packet-based and time-based are independent. Use the show wireless network <1- 1024> wapi status command to view the USK refresh rate.
Example: Configure the USK refresh rate when the network uses WAPI PSK authentication; trigger the refresh to every 40000 packets and every 50000s.

active500EM(config-network)#wapi usk-refresh-rate packet-based 40000 time-based 50000

21.3 Commands for AP database

21.3.1 wapi certificate ap

Command: wapi certificate ap <name> no wapi certificate ap
Function: Configure the AP certificate file name in the AP database. This certificate is used by the AP to conduct user WAPI authentication. The command deletes the configured authentication file.
Parameters: <name>: the authentication file name represented with a string; length of 1 to 128 characters, including all the characters that can be printed. When selecting X509 certificate format, the file name must end with .cer; when selecting GBW certificate format, the file name must end with .wcr.
Default: None
Command guide: AP Database Global Mode
Usage guide: Configure the AP certificate file name in the AP database. This certificate is used by the AP to conduct WAPI authentication to the user. The command deletes the configured authentication file. This command modifies or configures the file name and will not issue a certificate to the AP. Use the wapi certificate- distribute command to issue a certificate to the AP.
Example: Configure the the AP certificate file name with MAC address of f8-f7-d3-00-03-a0as AP101.cer.

active500EM(config-wireless)#ap database f8-f7-d3-00-03-a0
active500EM(config-ap)#wapi certificate ap AP101.cer

 

21.3.2 wapi certificate as

Command: wapi certificate as <name> no wapi certificate as
Function: Configure the AS server certificate file name related to the AP in the AP database. This certificate is used by the AP to conduct authentication against the AS message in WAPI authentication. The no command deletes the certificate file name.
Parameters: <name>: the authentication file name represented with a string. Length is 1 to 128 characters, including all the characters that can be printed. When selecting the X509 certificate format, the file name must end with .cer. When selecting GBW certificate format, the file name must end with. wcr.
Default: None
Command guide: AP Database Global Mode
Usage guide: Configure the AS server certificate file name related to the AP in the AP database. This certificate is used by the AP to conduct authentication to the AS message in the WAPI authentication. The no command deletes the certificate file name. This command modifies or configures the file name and will not issue a certificate to the AP. Use the wapi certificate- distribute command to issue a certificate to the AP.
Example: Configure the AP AS certificate file name with MAC address of f8-f7-d3-00-03-a0 as AS101.cer.

active500EM(config-wireless)#ap database f8-f7-d3-00-03-a0
active500EM(config-ap)#wapi certificate as AS101.cer

 

21.3.3 wapi certificate ca

Command: wapi certificate ca <name> no wapi certificate ca
Function: Configure the CA root certificate file related to the AP in AP database. This certificate is used by the AP to conduct certificate checking to the AP certificate and the AS server certificate. The no command deletes the CA root certificate file name.
Parameters: <name>: the authentication file name represented with a string; length is 1 to 128 characters, including all the characters that can be printed. When selecting the X509 certificate format, the file name must end with .cer; when selecting GBW certificate format, the file name must end with. wcr.
Default: None
Command guide: AP Database Global Mode
Usage guide: Configure the CA root certificate file related to the AP in the AP database. This certificate is used by the AP to conduct certificate checking to the AP certificate and AS server certificate. The no command deletes the CA root certificate file name. This command modifies or configures the file name and will not issue a certificate to the AP. Use the wapi certificate-distribute command to issue a certificate to the AP.
Example: Configure the CA root certificate file name of the AP with a MAC address of f8-f7-d3-00-03-a0as CA101.cer.

active500EM(config-wireless)#ap database f8-f7-d3-00-03-a0
active500EM(config-ap)#wapi certificate ca CA101.cer

 

21.4 Commands for Admin

21.4.1 clear wireless wapi ap statistics

Command: clear wireless wapi ap [<macaddr>] statistics
Function: Clear WAPI statistic information of the appointed AP or all APs.
Parameters: <macaddr>: MAC address of AP; this parameter is optional.
Default: None
Command guide: Privileged EXEC Mode
Usage guide: If this command contains a MAC address, clear the WAPI statistic information of the appointed AP. If a parameter is not entered, it will clear WAPI statistic information on all APs.
Example: Clear wapi statistic information of the appointed AP with a MAC address of f8-f7-d3-00-03-a0.

active500EM#clear wireless wapi ap f8-f7-d3-00-03-a0 statistics
The AP wapi statistics will be cleared. Are you sure you want to clear the statistics on the switch? [Y/N] y The ap wapi statistics have been cleared.

 

21.4.2 copy wapi-certificate

Command: copy wapi-certificate <source-url> <destination-url>
Function: Import the certificates of AP, AS, and CA to AC manually.
Parameters:

  • <source-url>: source path of the certificate file; for example, tftp:server-ip/ path/filename.
    * <destination-url>: the destination path copied by certificate file.
    Default: NoneCommand guide: Privileged EXEC Mode
    Usage guide: Import the certificates of AP, AS, and CA to the AC manually. After receiving the certificate, it needs to be imported to the AC manually, and the AC will issue it to the AP.
    Example: Import the AP certificates of AP20120625.cer to the AC.
    <code>active500EM#copy wapi-certificate tftp:
    192.168.1.45/AP20120625.cer

AP20120625.cer</code>

21.4.3 show wireless network wapi status

Command: show wireless network <1-1024> wapi status
Function: Show the network status of the WAPI configuration.
Parameters: <1-1024>: network number.
Default: None
Command guide: Privileged EXEC Mode.
Usage guide: Use this command to query network configuration and show the WAPI configuration parameters.
Example: View the WAPI configuration parameters of network 101.

active500EM#show wireless network 101 wapi status
Network ID................101
Wapi Authentication-Server-Index...................0
Wapi Psk Configuration Method........ cipher
Wapi Psk Type.......................... ASCII
Wapi Psk Length...................9
Wapi Psk....................................... 123456789
Wapi Bk-Refresh-Rate........................... 10000
Wapi Usk-Refresh-Method................... timePacket-based
Wapi Usk-Refresh-Time-Rate..................... 30000
Wapi Usk-Refresh-Packet-Rate................... 20000
Wapi Msk-Refresh-Method................... timePacket-based
Wapi Msk-Refresh-Time-Rate..................... 50000
Wapi Msk-Refresh-Packet-Rate................... 40000
Wapi Msk-Refresh Client-Offline................ Enable

 

21.4.4 show wireless wapi ap statistics

Command: show wireless wapi ap <macaddr> statistics
Function: Show the AP WAPI statistics.
Parameters; <macaddr>: MAC address of AP.
Default; None
Command guide; Privileged EXEC Mode
Usage guide; Show the AP WAPI statistics for an identified MAC address.
Example; Show the WAPI statistics of the AP with the MAC address of f8-f7-d3-00-03-a0.

active500EM#show wireless wapi ap f8-f7-d3-00-03-a0 statistics
MAC address..............f8-f7-d3-00-03-a0
WPI Replay Counters...............0
WPI Decryptable Errors..............0
WPI MIC Errors..............0
WAI Sign Errors..............0
WAI HMAC Errors.............0
WAI Authentication Result Failures..............0
WAI Discard Counters..............0
WAI Timeout Counters..............0
WAI Format Errors..............0
WAI Certificate Handshake Failures..............0
WAI Unicast Handshake Failures..............0
WAI Multicast Handshake Failures..............0

 

21.4.5 show wireless wapi ap-certificate status

Command show the wireless wapi ap-certificate [<macaddr>] Function: Show the AP certification status.
Parameters: [<macaddr>]: MAC address of the AP.
Default: None
Command guide: Privileged EXEC Mode
Usage guide: When there is a MAC address, show the certificate installation status of the appointed AP. If there is no MAC address, show the certificate installation status of all APs.
Example: After showing the certificate installation status of all APs, show the certificate installation status of the AP with the MAC address of f8-f7-d3-00-03-a0.

active500EM#show wireless wapi ap-certificate status
Certificate Status.................. Success
Certificate Total AP count.............1
Certificate Success AP count.............1
Certificate Failure AP count.............0
active500EM#show wireless wapi ap-certificate f8-f7-d3-00-03-a0 status
MAC address....................................f8-f7-d3-00-03-a0
AP Certificate Name............................ AP20120625.cer
AS Certificate Name............................ as20120625.cer
CA Certificate Name............................
Certificate Status............................. Success

 

21.4.6 show wireless wapi authentication-server status

Command: show wireless wapi authentication-server status
Function Show global WAPI AS configuration.
Parameters: None
Default: None
Command guide: Privileged EXEC Mode
Usage guide; Use this command to show global WAPI AS configuration.
Example; Show global WAPI AS configuration.

active500EM#show wireless wapi authentication-server status
Server Index IP Address Port             Socket No
------------ --------------- -------- --------
1      192.168.1.200         3810       0
2      192.168.1.202         3810       0
3      192.168.1.203         3810       0
4      192.168.1.204         3810       0
5      192.168.1.205         3810       0

 

21.4.7 show wireless wapi status

Command: show wireless wapi status
Function: Show global WAPI status.
Parameters: None
Default: None
Command guide: Privileged EXEC Mode
Usage guide: Use this command to show global WAPI status.
Example: Show global WAPI status.

active500EM#show wireless wapi status
Wapi Mode...................................... Enable
Wapi Certificate Format........................ x509
Wapi Certificate Mode.......................... 2 certificate
Wapi Authentication-Server Timeout (Second)..........1000
Wapi Authentication-Server Retransmit..........100
Max-client Allowed...........200
Mix Radio Support.............................. Enable

 

21.4.8 wapi certificate- distribute

Command: wapi certificate- distribute [<macaddr>] Function: Issue the certificate file to the AP with the appointed MAC address or all managed APs if a MAC address is not entered.
Parameters: [<macaddr>]: MAC address of AP; this is an optional field. When this parameter is not input, a certificate will be issued to all managed APs.
Default: None
Command guide: Privileged EXEC Mode
Usage guide: Use this command to issue the certificate file to the AP with the appointed MAC address or all managed APs, including AP certificate and AS certificate. If a 3 certificate mode is selected, there is also a CA certificate.
Example: Issue the certificate file to all managed APs.

active500EM#wapi certificate-distribute

 

21.5 Commands for debug

21.5.1 debug wireless wapi error

 
Command: debug wireless wapi error no debug wireless wapi error
Function: Enable error debugging on-off in client WAPI authentication. The no command disables this on-off.
Parameters: None
Default: Disable
Command guide: Privileged EXEC Mode
Usage guide: Use this command to enable error debugging on-off during client WAPI authentication. The user can examine the debugging error information in the client WAPI authentication on the AC controller platform. The no command disables this on-off.
Example: Enable error debugging on-off during client WAPI authentication.

active500EM#debug wireless wapi error
error WD-LEVEL-WAPI-ERROR debug is on

 

21.5.2 debug wireless wapi internal

 
Command: debug wireless wapi internal <macaddr> no debug wireless wapi internal <macaddr>
Function: Enable the internal detailed debugging on-off in the client WAPI authentication. The no command disables this on-off.
Parameters: <macaddr>: MAC address of the AP.
Default: Disable.
Command guide: Privileged EXEC Mode
Usage guide: Use this command to enable the internal detailed debugging on-off in the client WAPI authentication. Users can examine the internal detailed debugging information in the client WAPI authentication on the AC controller platform. The no command disables this on-off.
Example: Enable the internal detailed debug on-off in the client WAPI authentication for the AP with a MAC address of f8-f7-d3-00-03-a0.

active500EM#debug wireless wapi internal f8-f7-d3-00-03-a0
MAC: f8-f7-d3-00-03-a0 internal WD-LEVEL-WAPI-INTERNAL, debug is on

 

21.5.3 debug wireless wapi packet

 
Command: Debug wireless wapi packet{all | receive | send | dump} <macaddr> no debug wireless wapi packet{all | receive | send | dump} <macaddr>
Function: Enable the debug information in the client WAPI authentication. The no command disables it.
Parameters:

  • send: enable the sending packet debugging information to the AP and the AS in the client during WAPI authentication.
  • receive: enable the receiving packet debugging information to the AP and the AS in the client during WAPI authentication.
  • dump: enable printing of the sending and receiving packets from the AP and the AS in client WAPI authentication.
  • all: enable printing of debugging information of the sending and receiving packets when processing STA association.
  • <macaddr>: launch the MAC address of the AP in authentication.
  • Default: Disable

Command guide: Privileged EXEC Mode
Usage guide: Use this command to enable the debugging during client WAPI authentication. Users can examine the debug packets information in the client WAPI authentication on the AC controller platform. The no command disables the debug information.
Example: For the AP with the MAC address of f8-f7-d3-00-03-a0 AP, enable the printing of debug information for sending and receiving packets when processing STA association.

active500EM#debug wireless wapi packet all f8-f7-d3-00-03-a0
MAC: f8-f7-d3-00-03-a0 packet WD-LEVEL-WAPI-PKT-RX debug is on
MAC: f8-f7-d3-00-03-a0 packet WD-LEVEL-WAPI-PKT-TX debug is on
MAC: f8-f7-d3-00-03-a0 packet WD-LEVEL-WAPI-PKT-DUMP debug is on

 

21.5.4 Debug Wireless WAPI Trace

Command: debug wireless wapi trace <macaddr> no debug wireless wapi trace <macaddr>
Function: Enable debug tracing during client WAPI authentication. The no command disables this command.
Parameters:<macaddr>: MAC address of the AP.
Default: Disable.
Command guide: Privileged EXEC Mode
Usage guide: Use this command to enable debug tracing in client WAPI authentication. The user can examine the debug tracing information in the client WAPI authentication on the AC controller platform. The no command disables this function.
Example: For the AP with the MAC address of f8-f7-d3-00-03-a0 AP, enable the debug trace in the client WAPI authentication.

active500EM#debug wireless wapi trace f8-f7-d3-00-03-a0
MAC: f8-f7-d3-00-03-a0 internal WD-LEVEL-WAPI-TRACE debug is on

Return to Controller Wireless CLI