You are here: Home > CLI Commands > Just_CLI_Topics > ap wired-ap-profile

ap wired-ap-profile

ap wired-ap-profile {default | <profile-name>}

broadcast

clone {default | <source> }

forward-mode {bridge|split-tunnel|tunnel}

no

switchport {access vlan <vlan> | mode {access|trunk} | trunk {allowed vlan <vlan-list>| add <vlan-list> | except <vlan-list> | remove <vlan-list>}} | {native vlan <vlan>}

trusted

wired-ap-enable

wired-ap-mode {normal|daisy-chain}

Description

This command configures a wired AP profile.

Syntax

Parameter

Description

Default

ap wired-ap-profile

<profile-name>

Name of this instance of the profile. The name must be 1–63 characters.

default

broadcast

Forward broadcast traffic to this tunnel.

clone <source>

Name of an existing wired AP profile from which parameter values are copied.

default

forward-mode

In this default forwarding mode, the AP handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, but sends all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. data packets, action frames and EAPOL frames over a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the managed device for processing. The managed device removes or adds the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. headers, decrypts or encrypts 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames and applies firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. rules to the user traffic as usual. This parameter controls whether data is tunneled to the managed device using generic routing encapsulation (GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.), bridged into the local EthernetEthernet is a network protocol for data transmission over LAN. LANLocal Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. (for remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.), or a combination thereof depending on the destination (corporate traffic goes to the managed device, and Internet access remains local). All forwarding modes support bandBand refers to a specified range of frequencies of electromagnetic radiation. steering, TSPECTraffic Specification. TSPEC allows an 802.11e client or a QoS-capable wireless client to signal its traffic requirements to the AP. or TCLAS enforcement, 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. and station blacklisting.

bridge

802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames are bridged into the local EthernetEthernet is a network protocol for data transmission over LAN. LANLocal Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server.. When a remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. or campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. is in bridge mode, the AP handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, encryption or decryption processes, and firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. enforcement. The 802.11e802.11e is an enhancement to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer with a coordinated Time Division Multiple Access (TDMA) construct. It adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels, and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and VoIP. and 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. action frames are also processed by the AP, which then sends out responses as needed.

An AP in bridge mode supports 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. and MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication types.

NOTE: Virtual APs in bridge mode using static WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. should use key slots 2–4 on the managed device. Key slot 1 should only be used with Virtual APs in tunnel mode.

split-tunnel

802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames are either tunneled or bridged, depending on the destination (corporate traffic goes to the managed device, and Internet access remains local). An AP in split-tunnel mode supports only the 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication type.

An AP in split-tunnel forwarding mode handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, encryption or decryption, and firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. enforcement. The 802.11e802.11e is an enhancement to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer with a coordinated Time Division Multiple Access (TDMA) construct. It adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels, and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and VoIP. and 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. action frames are also processed by the AP, which then sends out responses as needed.

NOTE: Virtual APs in split-tunnel mode using static WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. should use key slots 2–4 on the managed device. Key slot 1 should only be used with Virtual APs in tunnel mode.

tunnel

In this default forwarding mode, the AP handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, but sends all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. data packets, action frames, and EAPOL frames over a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the managed device for processing. The managed device removes or adds the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. headers, decrypts or encrypts 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames and applies firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. rules to the user traffic as usual.

no

Negates any configured parameter.

switchport

Configures the switching mode characteristics for the port.

access vlan <vlan>

The VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to which the port belongs. The default is VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1.

mode {access|trunk}

The mode for the port, either access or trunk mode. The default is access mode.

trunk allowed vlan

{add <vlan-list> |

except <vlan-list>|

remove <vlan-list>|

<vlan-list}

Allows multiple VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on the port interface.

You must define this parameter using VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs or VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. names

VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs and VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. names cannot be listed together.

trunk native vlan <vlan>

The native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. for the port (frames on the native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are not tagged with 802.1q tags).

trusted

Sets port as either trusted or untrusted. The default setting is untrusted.

wired-ap-enable

Enables the wired AP. The wired AP is disabled by default.

wired-ap-mode

Enables the wired AP mode. The wired AP mode can be set to daisy-chain or normal modes.

daisy-chain

Enables daisy-chain mode. In this mode, the port works on trusted bridge mode and it retains the previous wired port configuration even when the Controller is disconnected.

normal

Enables the wired AP in normal mode.

Usage Guidelines

This command is only applicable to Aruba APs that support a second EthernetEthernet is a network protocol for data transmission over LAN. port. The wired AP profile configures the second EthernetEthernet is a network protocol for data transmission over LAN. port (enet1) on the AP.

For mesh deployments, this command is applicable to all Aruba APs configured as mesh nodes. If you are using mesh to join multiple EthernetEthernet is a network protocol for data transmission over LAN. LANs, configure and enable bridging on the mesh point EthernetEthernet is a network protocol for data transmission over LAN. port.

Mesh nodes only support bridge mode and tunnel mode on their wired ports (enet0 or enet1). Split tunnel mode is not supported.

Use the bridge mode to configure bridging on the mesh point EthernetEthernet is a network protocol for data transmission over LAN. port. Use tunnel mode to configure secure jack operation on the mesh node EthernetEthernet is a network protocol for data transmission over LAN. port.

When configuring the EthernetEthernet is a network protocol for data transmission over LAN. ports on APs with multiple EthernetEthernet is a network protocol for data transmission over LAN. ports, note the following requirements:

If configured as a mesh portal, connect enet0 to the managed device to obtain an IP address. The wired AP profile controls enet1.Only enet1 supports secure jack operation.

If configured as a mesh point, the same wired AP profile will control both enet0 and enet1.

Example

The following command configures the enet1 port on a multi-port AP as a trunk port:

(host) [mynode] (config) #ap wired-ap-profile wiredap1

(host) [mynode] (Wired AP profile "wiredap1") #switchport mode trunk

(host) [mynode] (Wired AP profile "wiredap1") #switchport trunk allowed 4,5

Command History

Release

Modification

ArubaOS 8.4.0.0

The wired-ap-mode parameter introduced.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system, except for noted parameters.

Config mode Mobility Master.

/*]]>*/