You are here: Home > CLI Commands > Just_CLI_Topics > show wlan virtual-ap

show wlan virtual-ap

show wlan virtual-ap [<profile-name>]

Description

Displays the list of all Virtual AP profiles, or detailed configuration information for a specific Virtual AP profile.

Syntax

Parameter

Description

<profile-name>

Name of a Virtual AP profile

Usage Guidelines

Issue this command without the <profile-name> parameter to display the entire Virtual AP profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.

Examples

The example below shows that the managed device has six configured Virtual AP profiles. The References column lists the number of other profiles with references to the Virtual AP profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)

(host) [mynode] #show wlan virtual-ap

 

Virtual AP profile List

-----------------------

Name References Profile Status

---- ---------- --------------

coltrane-vap-profile 1

default 2

MegTest 1

Remote 1

test-vap-profile 1

wizardtest-vap-profile 1

Total: 6

The following example shows configuration settings defined for the profile wizardtest-vap-profile:

(host) [mynode] #show wlan virtual-ap test-vap-profile

 

Virtual AP profile "wizardtest-vap-profile"

----------------------------

Parameter Value

--------- -----

AAA Profile                               default

802.11K Profile                           default

SSID Profile                              default

Virtual AP enable                         Enabled

VLAN                                      N/A

Forward mode                              tunnel

Allowed band                              all

Band Steering                             Disabled

Steering Mode prefer-5ghz

Dynamic Multicast Optimization (DMO)       Enabled

Dynamic Multicast Optimization (DMO)       Threshold 6

Drop Broadcast and Multicast               Disabled

Convert Broadcast ARP requests to unicast  Enabled

Authentication Failure Blacklist Time      3600 sec

Blacklist Time        3600 sec

Deny inter user traffic                    Disabled

Deny time range                            N/A

DoS Prevention                             Disabled

HA Discovery on-association                Disabled

Mobile IP                                  Enabled

Preserve Client VLAN                      Disabled

Remote-AP Operation                        standard

Station Blacklisting                       Enabled

Strict Compliance                         Disabled

VLAN Mobility                              Disabled

FDB Update on Assoc                        Disabled

WMM Traffic Management Profile             N/A

Anyspot Profile N/A

The output of this command includes the following data columns:

Parameter

Description

AAA Profile

Name of the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile associated with this virtual AP.

802.11K Profile

Name of an 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. profile associated with this virtual AP.

SSID Profile

Name of an SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile associated with this virtual AP.

Virtual AP enable

Shows if the profile enables or disables the virtual AP.

VLAN

The VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.(s) into which users are placed in order to obtain an IP address.

Forward mode

Forwarding mode defined on the profile:

tunnel mode

bridge mode

split-tunnel mode

decrypt-tunnel mode

The forwarding mode controls whether data is tunneled to the managed device using generic routing encapsulation (GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.), bridged into the local EthernetEthernet is a network protocol for data transmission over LAN. LANLocal Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. (for remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.), or a combination thereof depending on the destination (corporate traffic goes to the managed device, and Internet access remains local).

When an AP is configured to use the decrypt-tunnel forwarding mode, that AP decrypts and decapsulates all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames from a client and sends the 802.3 frames through the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the managed device, which then applies firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policies to the user traffic. When the managed device sends traffic to a client, the managed device sends 802.3 traffic through the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the AP, which then converts it to encrypted 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. and forwards to the client.

Allowed band

The bandBand refers to a specified range of frequencies of electromagnetic radiation.(s) on which to use the virtual AP:

a802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. bandBand refers to a specified range of frequencies of electromagnetic radiation. only (5 GHzGigahertz.)

g802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g bandBand refers to a specified range of frequencies of electromagnetic radiation. only (2.4 GHzGigahertz.)

all—both 802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. and 802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g bandsBand refers to a specified range of frequencies of electromagnetic radiation. (5 GHzGigahertz. and 2.4 GHzGigahertz.)

Band Steering

If enabled, ARMAdaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. ’s bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature encourages dual-bandBand refers to a specified range of frequencies of electromagnetic radiation. capable clients to stay on the 5GHz bandBand refers to a specified range of frequencies of electromagnetic radiation. on dual-bandBand refers to a specified range of frequencies of electromagnetic radiation. APs. This frees up resources on the 2.4 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. for single bandBand refers to a specified range of frequencies of electromagnetic radiation. clients like VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. phones.

Steering Mode

BandBand refers to a specified range of frequencies of electromagnetic radiation. steering supports three different bandBand refers to a specified range of frequencies of electromagnetic radiation. steering modes:

Force-5GHz: When the AP is configured in force-5GHz bandBand refers to a specified range of frequencies of electromagnetic radiation. steering mode, the AP will try to force 5 Ghz-capable APs to use that radio bandBand refers to a specified range of frequencies of electromagnetic radiation..

Prefer-5GHz (Default): If you configure the AP to use prefer-5GHz bandBand refers to a specified range of frequencies of electromagnetic radiation. steering mode, the AP will try to steer the client to 5G bandBand refers to a specified range of frequencies of electromagnetic radiation. (if the client is 5G capable) but will let the client connect on the 2.4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. bandBand refers to a specified range of frequencies of electromagnetic radiation. if the client persists in 2.4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. association attempts.

Balance-bands: In this bandBand refers to a specified range of frequencies of electromagnetic radiation. steering mode, the AP tries to balance the clients across the two radios in order to best utilize the available 2.4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. bandwidth. This feature takes into account the fact that the 5Ghz bandBand refers to a specified range of frequencies of electromagnetic radiation. has more channels than the 2.4 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation., and that the 5 GHzGigahertz. channels operate in 40 MHzMegahertz while the 2.5 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. operates in 20 MHzMegahertz.

NOTE: Steering modes do not take effect until the bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature has been enabled. The bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature in ArubaOS versions 3.3.2-5.0 does not support multiple bandBand refers to a specified range of frequencies of electromagnetic radiation.-steering modes. The bandBand refers to a specified range of frequencies of electromagnetic radiation.-steering feature in these versions of ArubaOS functions the same way as the default prefer-5GHz steering mode available in ArubaOS 6.0 and later.

Dynamic Multicast Optimization (DMO)

If enabled DMODynamic Multicast Optimization. DMO is a process of converting multicast streams into unicast streams over a wireless link to enhance the quality and reliability of streaming videos, while preserving the bandwidth available to non-video clients. techniques will be used to reliably transmit video data.

Dynamic Multicast Optimization (DMO) Threshold

Maximum number of high-throughput stations in a multicast group beyond which dynamic multicast optimization stops.

Drop Broadcast and Multicast

If enabled, the virtual AP will filter out broadcast and multicast traffic in the air.

Convert Broadcast ARP requests to unicast

If enabled, all broadcast ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests are converted to unicast and sent directly to the client.

Authentication Failure Blacklist Time

Time, in seconds, a client is blocked if it fails repeated authentication. An authentication failure blacklist time of 0 blocks failed users indefinitely.

Blacklist Time

Number of seconds that a client is quarantined from the network after being blacklisted.

Deny Inter User Traffic

This  option, when enabled, denies traffic between the clients using this virtual AP profile.

The firewall comand includes an option to deny all inter-user traffic, regardless of the Virtual AP profile used by those clients.

If the global setting to deny inter-user traffic is enabled, all inter-user traffic between clients will be denied, regardless of the settings configured in the virtual AP profiles. If the setting to deny inter-user traffic is disabled globally but enabled on an individual virtual ap, only the traffic between un-trusted users and the clients on that particular virtual AP will be blocked.

Deny time range

Time range for which the AP will deny access.

DoS Prevention

If enabled, APs ignore deauthentication frames from clients. This prevents a successful deauth attack from being carried out against the AP. This does not affect third-party APs.

HA Discovery on-association

If enabled, home agent discovery is triggered on client association instead of home agent discovery based on traffic from client. Mobility on association can speed up roaming and improve connectivity for clients that do not send many uplink packets to trigger mobility (VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. clients). Best practices is to leave this parameter disabled as it increases IP mobility control traffic between controllers in the same mobility domain. Enable this parameter only when voice issues are observed in VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. clients.

NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and configured on the controller. For more information about this parameter, refer to Home Agent Discovery on Association

Mobile IP

Shows if the profile has enabled or disabled IP mobility.

Preserve Client VLAN

This parameter allows clients to retain their previous VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. assignment if the client disassociates from an AP and then immediately re-associates either with same AP or another AP on same controller.

Remote-AP Operation

Shows when the virtual AP operates on a remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.:

always—Permanently enables the virtual AP (Bridge Mode only). This option can be used for non-802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. bridge VAPs.

backup—Enables the virtual AP if the remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. cannot connect to the controller (Bridge Mode only). This option can be used for non-802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. bridge VAPs.

persistent—Permanently enables the virtual AP after the remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. initially connects to the controller (Bridge Mode only). This option can be used for any (Open/PSKPre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. /802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.) bridge VAPs.

standard—Enables the virtual AP when the remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. connects to the controller. This option can be used for any (bridge/split-tunnel/tunnel/d-tunnel) VAPs.

Station Blacklisting

Shows if the profile has enabled or disabled detection of denial of service (DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service.) attacks, such as ping or SYN floods, that are not spoofed deauth attacks.

Strict Compliance

If enabled, the AP denies client association requests if the AP and client station have no common rates defined. Some legacy client stations which are not fully 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing.-compliant may not include their configured rates in their association requests. Such non-compliant stations may have difficulty associating with APs unless strict compliance is disabled.

Multi Association

If enabled, this feature allows a station to be associated to multiple APs. If this feature is disabled, when a station moves to new AP it will be de authorized by the AP to which it was previously connected, deleting station context and flushing key caching information

Fast Roaming

Shows if the AP has enabled or disabled fast roaming.

VLAN Mobility

Shows if the AP has enabled or disabled VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. (Layer-2) mobility.

WMM Traffic Management Profile

WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). Traffic Management Profile associated with this Virtual AP Profile

Anyspot profile

Anyspot Profile associated with this Virtual AP Profile

Related Commands

Command

Description

wlan virtual-ap

This command configures a virtual AP profile.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/