The keep-service enable command enables service holding upon CAPWAP link disconnection in a VAP profile.
The undo keep-service enable command disables service holding upon CAPWAP link disconnection in a VAP profile.
By default, service holding upon CAPWAP link disconnection is disabled in a VAP profile.
Parameter |
Description |
Value |
|---|---|---|
allow new-access |
Enables offline APs to allow access of new STAs. |
- |
no-auth |
Allows STAs using Portal authentication or MAC address authentication to go online without authentication. |
- |
Usage Scenario
When service data is forwarded in direct mode, service holding upon CAPWAP link disconnection can be enabled in a VAP profile. When the CAPWAP link between an AP and an AC is disconnected, the AP in the VAP profile can continue providing data services. In this way, direct forwarding of data services no longer depends on the CAPWAP link, which enhances service data forwarding reliability.
Enabling offline APs to allow access of new STAs based on VAPs is applicable to the scenario where the administrator wants to configure different emergency policies for different VAPs on a network. On networks without high security requirements, customers require that offline APs still allow access of new STAs when CAPWAP links between the APs and AC are faulty. To meet this demand, you can run the keep-service enable allow new-access command to enable offline APs to allow access of new STAs. After this function is enabled, STAs can still connect to APs in fault state when the CAPWAP links between the APs and AC are disconnected. If you want to enable offline APs to allow access of new STAs in Portal authentication or MAC address authentication mode, no-auth must be specified.
Precautions
The configuration performed using this command in a VAP profile has a higher priority than that performed using the keep-service enable and keep-service enable allow new-access commands in the AP system profile.
This function is applicable only to scenarios where service data is forwarded in direct mode.
This function is applicable to scenarios where service data is forwarded in direct mode, and STA authentication mode is Portal, MAC address, open, WEP, or WPA/WPA2-PSK. For STAs using MAC address authentication, you can run this command to enable an offline AP to allow access of the STAs without authentication. In addition, you can configure the WAN authentication escape function to enable the AP to allow access of STAs after successful authentication. For STAs using 802.1X authentication, service holding upon CAPWAP link disconnection does not take effect. You can configure the WAN authentication escape function to enable an offline AP to allow access of STAs after successful authentication.
This function in a VAP profile conflicts with the offline management function (configured using temporary-management enable (VAP profile view) command), AP-offline backup service VAP (configured using the type service-backup ap-offline command), and device containment. Service holding upon CAPWAP link disconnection does not take effect when configured with one of the preceding three functions.
WDS networks do not support service holding upon CAPWAP link disconnection.