You are here: Home > CLI Commands > Just_CLI_Topics > ap provisioning-profile

ap provisioning-profile

ap provisioning-profile {default | <profile-name>}

ap-lldp-pse-detect {disabled | enabled}

ap-poe-power-optimization

ap2xx-prestandard-poe-detection

apdot1x-factory-cert

apdot1x-passwd <apdot1x-passwd>

apdot1x-tls

apdot1x-tls-suffix

apdot1x-tls-suffix-domain <apdot1x-tls-suffix-domain>

apdot1x-username <apdot1x-username>

cellular_nw_preference {3g-only | 4g-only | advanced | auto}

clone {default | <source>}

link-priority-cellular <link-priority-cellular>

link-priority-ethernet <link-priority-ethernet>

master {clear | set <masterstr>}

no

pppoe-passwd <pppoe-passwd>

pppoe-service-name <pppoe-service-name>

pppoe-user <pppoe-user>

remote-ap

uplink-vlan <uplink-vlan>

usb-csr

usb-dev <usb-dev>

usb-dial <usb-dial>

usb-init <usb-init>

usb-modeswitch <usb-modeswitch [-v | -p | -V | -P | -M]>

usb-passwd <usb-passwd>

usb-power-mode {auto | enable | disable}

usb-tty <usb-tty>

usb-tty-control <usb-tty-control>

usb-type

usb-user <usb-user>

Description

This command defines a provisioning profile for an AP or group of APs.

Syntax

Parameter

Description

Range

Default

ap provisioning-profile <profile-name>

Configures a provisioning profile for an AP or a group of APs. Give a name for the profile.

 

default

ap-lldp-pse-detect

Enabling causes the AP to detect the POE type via LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. POE TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed.. Use one of the following parameters:

enabled: The AP uses PSE TYPE in the POE TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. to detect the PSE type.

disabled: The AP detects the POE using the HW classification.

   

ap-poe-power-optimization

Enabling optimization minimizes the POE draw of the AP. Enabling optimization may disable some parts of the AP. Disabling optimization ensures all features are enabled. Use one of the following parameters:

enabled: USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. and EthernetEthernet is a network protocol for data transmission over LAN. port (eth1) are shut down on AP.

disabled: AP operates in normal mode.

 

disabled

ap2xx-prestandard-poe-detection

Configures the prestandard PoEPower over Ethernet. PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables. The IEEE 802.3af PoE standard provides up to 15.4 W of power on each port. detection on 200 Series APs.

The POE+ pre-standard detection is only available on 200 Series APs.

It consists of a basic voltage comparator. If the line voltage is equal to or greater than 51 V, the PSE is assumed to be 802.3at802.3at is an IEEE standard for PoE version that supplies up to 25.5W of DC power. See PoE+. compatible.

apdot1x-factory-cert

Enables AP to use factory certificates when doing 802.1x EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216..Custom cert available.

   

apdot1x-passwd

Sets the password of the AP to authenticate to 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. using PEAPProtected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS..

apdot1x-tls

Enables AP to perform 802.1x authentication using EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216..

   

apdot1x-tls-suffix

Enables AP to use EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216. username as suffix.

disabled

apdot1x-tls-suffix-domain <apdot1x-tls-suffix-domain>

Sets the suffix domain for AP dot1x EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216. username. If defined, use EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216. username as suffix, else use aruba.ap.

1- 63 string length

 

apdot1x-username <apdot1x-username>

Sets the username of the AP to authenticate to 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. using PEAPProtected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS..

cellular_nw_preference

{3g-only | 4g-only | advanced | auto}

The cellular network preference setting allows you to select how the modem should operate.

auto (default)

3g_only: Locks the modem to operate only in 3GThird Generation of Wireless Mobile Telecommunications Technology. See W-CDMA..

4g_only: Locks the modem to operate only in 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE..

advanced: The Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. controls the cellular network service selection based on an Received Signal Strength Indication (RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values.) threshold-based approach. Initially the modem is set to the default auto mode. This allows the modem firmware to select the available network. The Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. determines the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. value for the available network type (for example 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE.), checks whether the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. is within required range, and if so, connects to that network. If the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. for the modem’s selected network is not within the required range, the Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. will then check the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. limit of an alternate network (for example, 3GThird Generation of Wireless Mobile Telecommunications Technology. See W-CDMA.), and reconnect to that alternate network.

The Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. will repeat the above steps each time it tries to connect using a 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. multimode modem in this mode.

The Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. determines the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. value for the available network type (for example 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE.), checks whether the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. is within required range, and if so, connects to that network.

If the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. for the modem’s selected network is not within the required range, the Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. will then check the RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. limit of an alternate network (for example, 3GThird Generation of Wireless Mobile Telecommunications Technology. See W-CDMA.), and reconnect to that alternate network. The Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. will repeat the above steps each time it tries to connect using a 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. multimode modem in this mode.

auto

clone <source>

Clones an existing AP provisioning profile.

default

link-priority-cellular
<link-priority-cellular>

Sets the priority of the cellular uplink. By default, the cellular uplink is a lower priority than the wired uplink; making the wired link the primary link and the cellular link the secondary or backup link.

Configuring the cellular link with a higher priority than your wired link priority will set your cellular link as the primary controller link.

0–255

0

link-priority-ethernet
<link-priority-ethernet>

Sets the priority of the wired uplink. Each uplink type has an associated priority; wired ports having the highest priority by default.

 

 

master

Changes the FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. or IP address for the Mobility Master.

set <masterstr>

Specifies the IP address or FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. for the Mobility Master.

clear

Clear the definition for the Mobility Master in this profile.

no

Negates any configured parameter.

pppoe-passwd

<pppoe-passwd>

PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. password for the AP.

pppoe-servicename <pppoe-service-name>

PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. service name for the AP.

pppoe-user <pppoe-user>

PPPoEPoint-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. username for the AP.

remote-ap

Specifies that the profile is to be associated with a remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. using certificates.

uplink-vlan <uplink-vlan>

If you configure an uplink VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on an AP connected to a port in trunk mode, the AP sends and receives frames tagged with this VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on its EthernetEthernet is a network protocol for data transmission over LAN. uplink.

By default, an AP has an uplink vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. of 0, which disables this feature.

NOTE: If an AP is provisioned with an uplink VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., it must be connected to a trunk mode port or the frames of the AP will be dropped.

0–4095

0 (disabled)

usb-csr

Configures the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. storage for CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. and private Key file

 

 

usb-dev <usb-dev>

Configures the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. device identifier.

usb-dial <usb-dial>

Configures the dial string for the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. modem. This parameter only needs to be specified if the default string is not correct.

usb-init <usb-init>

The initialization string for the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. modem. This parameter only needs to be specified if the default string is not correct.

usb-modeswitch <usb-modeswitch>

-v for default_vendor

-p for default_product

-V for target_vendor

-P for target_product

-M for message_content

USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. cellular devices on remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. typically register as modems, but may occasionally register as a mass-storage device. If a remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. cannot recognize its USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. cellular modem, use the usb-modeswitch command to specify the parameters for the hardware model of the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. cellular data-card.

NOTE: You must enclose the entire modeswitch parameter string in quotation marks.

usb-passwd <usb-passwd>

A PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. password, if provided by the cellular service provider.

usb-power-mode

{auto| enable|disable}

Set the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. power mode to control the power to the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. port.

usb-tty <usb-tty>

The TTYTeleTypeWriter. TTY-enabled devices allow telephones to transmit text communications for people who are deaf or hard of hearing as well as transmit voice communication. device path for the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. modem. This parameter only needs to be specified if the default path is not correct.

usb-tty-control

<usb-tty-control>

The TTYTeleTypeWriter. TTY-enabled devices allow telephones to transmit text communications for people who are deaf or hard of hearing as well as transmit voice communication. device control path for the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. modem. This parameter only needs to be specified if the default path is not correct.

usb-type

Specify the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. driver type.

acm: Use ACM driver

airprime: Use Airprime driver

ether: Use CDC Ether driver for direct IP 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

hso: Use HSO driver for newer Option

huawei-cdc: Use Huawei driver for 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

lnetgear-gobi: Use Gobi driver for Netgear 340U or 341U 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

none: Disable 3GThird Generation of Wireless Mobile Telecommunications Technology. See W-CDMA. or 2G network on USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices.

option: Use Option driver

option-novatel-u620: Use Option driver for Novatel U620L 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

pantech-3g: Same as "pantech-uml290" - to support upgrade

pantech-auto: Use Pantech driver for Automatic modem mode

pantech-uml290: Use Pantech USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. driver for UML290 device

ptumlusbnet: Use Pantech USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. driver for 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

rndis: Use a RNDIS driver for a 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

rndis-1800: Same as RNDIS - to use for L800 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

rndis-pantech-uml295: Use RNDIS driver for Pantech UML 295 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

sierra-evdo: Use EVDO Sierra Wireless driver

sierra-gsm: Use GSM Sierra Wireless driver

sierrausbnet: Use SIERRA Direct IP driver for 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. device

storage: Use USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. flash as storage device for storing Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. certificates

none

usb-user <usb-user>

The PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. username provided by the cellular service provider.

Usage Guidelines

The AP provisioning profile allows you to define a set of provisioning parameters to an AP group. These settings can be saved or assigned to an AP group by using the ap-group <group> provisioning-profile <profile> command.

In order to enable cellular uplink for a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. it must have the device driver for the USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. data card and the correct configuration parameters. ArubaOS includes device drivers for the most common hardware types, but you can use the usb commands in this profile to configure a Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. to recognize and use an unknown USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. modem type.

Examples

The following commands create a provisioning profile named profile_branch, in which the cellular link is the primary uplink because it has a higher priority than the EthernetEthernet is a network protocol for data transmission over LAN. link:

(host) [mynode] (config) #ap provision-profile profile_branch

(host) [mynode] (Provisioning profile "profile_branch") #link-priority-cellular 2

(host) [mynode] (Provisioning profile "profile_branch") #link-priority-ethernet 1

(host) [mynode] (Provisioning profile "profile_branch") #usb-type acm

(host) [mynode] (Provisioning profile "profile_branch") #usb-modeswitch "-v 0x106c -p 0x3b06 -V 0x106c -P 0x3717 -M 5534243b82e238c24000000800008ff020000000000000000000000000000"

Related Commands

Command

Description

provision-ap

Change provisioning parameters for an individual AP. This command does not save the provisioning parameters settings in a reusable profile.

Command History

Release

Modification

ArubaOS 8.4.0.0

The apdot1x-tls-suffix and apdot1x-tls-suffix-domain parameters were added.

ArubaOS 8.2.0.0

The apdot1x-factory-cert , apdot1x-tls, and ap-lldp-pse-detect parameters were added.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/