You are here: Home > CLI Commands > Just_CLI_Topics > wlan ssid-profile

wlan ssid-profile

wlan ssid-profile <profile-name>

a-basic-rates <mbps>

a-beacon-rate

a-tx-rates <mbps>

advertise-ap-name

advertise-location

ageout <seconds>

auth-req-thresh <auth-req-thresh>

battery-boost

clone <profile-name>

deny-bcast
disable-probe-retry

dot11r profile

dtim-period <milliseconds>

eapol-rate-opt

edca-parameters-profile {ap|station} <profile-name>

enforce-user-vlan

essid <name>

g-basic-rates <mbps>

g-beacon-rate

g-tx-rates <mbps>

hide-ssid

ht-ssid-profile <profile-name>

local-probe-req-thresh

max-clients <number>

max-retries <number>

max-tx-fail <number>

mcast-rate-opt

mfp-capable

mfp-required

multicast-rate

no ...

okc

opmode {bSec-128|bSec-256|dynamic-wep|enhanced-open|mpsk-aes|opensystem|static-wep|wpa-aes|wpa-psk-aes|wpa-psk-tkip|wpa-tkip|wpa2-aes|wpa2-psk-aes|wpa2-psk-tkip|wpa2-tkip|wpa3-aes-ccm-128|wpa3-aes-gcm-256|wpa3-aes-gcm-256 |wpa3-cnsa|wpa3-sae-aes|xSec}

qbss-load-enable

refresh-direction <bidirectional/rx-only/tx-only>

rts-threshold <number>

short-preamble

ssid-enable

strict-svp

wepkey1 <key>

wepkey2 <key>

wepkey3 <key>

wepkey4 <key>

weptxkey <index>

wmm

wmm-be-dscp <best-effort>

wmm-bk-dscp <background>

wmm-ts-min-inact-int <milliseconds>

wmm-uapsd

wmm-vi-dscp <video>

wmm-vo-dscp <voice>

wpa-hexkey <psk>

wpa-passphrase <string>

Description

This command configures an SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile.

Syntax

 

Description

Range

Default

<profile-name>

Name of this instance of the profile. The name must be 1-63 characters.

“default”

a-basic-rates

List of supported 802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. rates, in MbpsMegabits per second, that are advertised in beacon frames and probe responses.

6, 9, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

6, 12, 24 MbpsMegabits per second

a-beacon-rate

Sets the beacon rate for 802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. (use for DASDistributed Antenna System. DAS is a network of antenna nodes strategically placed around a geographical area or structure for additional cellular coverage. only). Using this parameter in normal operation may cause connectivity problems.

default, 6, 9, 12, 18,24,36,48,54 MbpsMegabits per second

minimum valid rate

a-tx-rates

Set of 802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. rates at which the AP is allowed to send data. The actual transmit rate depends on what the client is able to handle, based on information sent at the time of association and on the current error or loss rate of the client.

6, 9, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

6, 9, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

advertise-ap-name

If enabled, APs that are part of this VAP will broadcast the AP Name information in the beacons frames.

advertise-location

If enabled, APs that are part of this VAP will broadcast their GPSGlobal Positioning System. A satellite-based global navigation system. coordinates in the beacons and probe response frames as part of a vendor-specific Information Element.

disabled

ageout

Time, in seconds, that a client is allowed to remain idle before being aged out.

 

1000 seconds

auth-req-thresh

The SNRSignal-to-Noise Ratio. SNR is used for comparing the level of a desired signal with the level of background noise. threshold below which incoming authentication requests are ignored.

Use this parameter instead of the local probe request threshold parameter to filter out low SNRSignal-to-Noise Ratio. SNR is used for comparing the level of a desired signal with the level of background noise. authentication request.

NOTE: Use this parameter with caution. Consult technical support before configuring this parameter.

0-100 dBDecibel. Unit of measure for sound or noise and is the difference or ratio between two signal levels.

0 dBDecibel. Unit of measure for sound or noise and is the difference or ratio between two signal levels.

battery-boost

Converts multicast traffic to unicast before delivery to the client, thus allowing you to set a longer DTIMDelivery Traffic Indication Message. DTIM is a kind of traffic indication map. A DTIM interval determines when the APs must deliver broadcast and multicast frames to their associated clients in power save mode. interval. The longer interval keeps associated wireless clients from activating their radios for multicast indication and delivery, leaving them in power-save mode longer and thus lengthening battery life.

NOTE: This parameter requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license. This parameter should not be enabled if you plan on using the Push-To-Talk feature for Polycom SpectraLink devices.

disabled

clone

Name of an existing SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile from which parameter values are copied.

deny-bcast

When a client sends a broadcast probe request frame to search for all available SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., this option controls whether or not the system responds for this SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. When enabled, no response is sent and clients have to know the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. in order to associate to the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. When disabled, a probe response frame is sent for this SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

disabled

disable-probe-retry

Enables or disables battery MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. level retries for probe response frames. By default this parameter is enabled, which mean that MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. level retries for probe response frames is disabled.

NOTE: This parameter is not supported for 200 Series, 210 Series, 220 Series, 270 Series access points.

 

enabled

dot11r-profile

Associates the dot11r-profile with the SSID profile.

dtim-period

Specifies the interval, in milliseconds, between the sending of DTIMs in the beacon. This is the maximum number of beacon cycles before unacknowledged network broadcasts are flushed. When using wireless clients that employ power management features to sleep, the client must revive at least once during the DTIMDelivery Traffic Indication Message. DTIM is a kind of traffic indication map. A DTIM interval determines when the APs must deliver broadcast and multicast frames to their associated clients in power save mode. period to receive broadcasts.

 

1

eapol-rate-opt

Uses a more conservative rate for more reliable delivery of EAPOL frames.

enabled

edca-parameters-profile

Name of the EDCAEnhanced Distributed Channel Access. The EDCA function in the IEEE 802.11e Quality of Service standard supports differentiated and distributed access to wireless medium based on traffic priority and Access Category types. See WMM and WME. profile that applies to this SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

NOTE: This parameter requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license. Configure this parameter only under the guidance of your Aruba representative.

ap|station

Assigns the specified EDCAEnhanced Distributed Channel Access. The EDCA function in the IEEE 802.11e Quality of Service standard supports differentiated and distributed access to wireless medium based on traffic priority and Access Category types. See WMM and WME. profile to AP or station (client).

enforce-user-vlan

Enforces data traffic only in user's assigned vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. (Open stations only).

essid

Name that uniquely identifies a wireless network. The ESSIDExtended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. can be up to 32 characters. If the ESSIDExtended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. includes spaces, you must enclose it in quotation marks.

aruba-ap

g-basic-rates

List of supported 802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g rates that are advertised in beacon frames and probe responses.

1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

1, 2 MbpsMegabits per second

g-beacon-rate

Sets the beacon rate for 802.11g802.11g offers transmission over relatively short distances at up to 54 Mbps, compared with the 11 Mbps theoretical maximum of 802.11b standard. 802.11g employs Orthogonal Frequency Division Multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speed of 11 Mbps, so that 802.11b and 802.11g devices can be compatible within a single network. (use for DASDistributed Antenna System. DAS is a network of antenna nodes strategically placed around a geographical area or structure for additional cellular coverage. only). Using this parameter in normal operation may cause connectivity problems.

default, 1,2,5, 6 9, 11, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

minimum valid rate

g-tx-rates

Set of 802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g rates at which the AP is allowed to send data. The actual transmit rate depends on what the client is able to handle, based on information sent at the time of association and on the current error or loss rate of the client.

1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 MbpsMegabits per second

hide-ssid

Enables or disables hiding of the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. name in beacon frames. Note that hiding the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. does very little to increase security.

disabled

ht-ssid-profile

Name of high-throughput SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile to use for configuring high-throughput support. See wlan ht-ssid-profile.

“default”

local-probe-req-thresh

APs will not respond to client probe requests if the SNRSignal-to-Noise Ratio. SNR is used for comparing the level of a desired signal with the level of background noise. value in the probe request is less than the specified threshold value.

0-100 dBDecibel. Unit of measure for sound or noise and is the difference or ratio between two signal levels.

0 dBDecibel. Unit of measure for sound or noise and is the difference or ratio between two signal levels.

max-clients

Maximum number of wireless clients for the AP. This parameter is limited to 255 clients per radio.

0-255

64

max-retries

Maximum number of retries allowed for the AP to send a frame.

0-15

4

max-tx-fail

The AP assumes the client has left and should be deauthorized when the AP detects this number of consecutive frames were not delivered because the max-retries threshold was exceeded.

0 -2,147,483,647

0

mcast-rate-opt

Enables or disables scanning of all active stations currently associated to an AP to select the lowest transmission rate for broadcast and multicast frames. This option only applies to broadcast and multicast data frames; 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. management frames are transmitted at the lowest configured rate.

NOTE: Do not enable this parameter unless instructed to do so by your Aruba technical support representative.

disabled

mfp-capable

When enabled, the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. supports management frame protection (MFP) capable clients and traditional clients.

disabled

mfp-required

When enabled, the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. only supports MFP capable clients.

disabled

multicast-rate

When configured, the Mobility Master chooses the rate for video multicast frames. You can configure MCSModulation and Coding Scheme. MCS is used as a parameter to determine the data rate of a wireless connection for high throughput. rates as well. MCSModulation and Coding Scheme. MCS is used as a parameter to determine the data rate of a wireless connection for high throughput. is an important setting because it provides for potentially greater throughput.

NOTE: The following information displays the MCSModulation and Coding Scheme. MCS is used as a parameter to determine the data rate of a wireless connection for high throughput. rate if the short-guard-intvl-20MHz parameter in ht-ssid-profile is either enabled or disabled:

MCS Streams 20 MHz 20 MHz SGI

--- ------- ------ ----------

0 1 6.5 7.2

1 1 13.0 14.4

2 1 19.5 21.7

3 1 26.0 28.9

4 1 39.0 43.3

5 1 52.0 57.8

6 1 58.5 65.0

7 1 65.0 72.2

8 2 13.0 14.4

9 2 26.0 28.9

10 2 39.0 43.3

11 2 52.0 57.8

12 2 78.0 86.7

13 2 104.0 115.6

14 2 117.0 130.0

15 2 130.0 144.4

NOTE: The MCSModulation and Coding Scheme. MCS is used as a parameter to determine the data rate of a wireless connection for high throughput. rates for video multicast are supported in all 802.11n802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz. -capable APs.

default, 6, 9, 12, 18, 24, 36, 48, 54 MbpsMegabits per second
mcs0-mcs15

default

multiple-tx-replay-co

Enables Multiple Tx Replay Counters.

no

Negates any configured parameter.

okc

OKCOpportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. is a similar technique, not defined by 802.11i802.11i provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards. It requires new encryption key protocols, known as Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES)., available for authentication between multiple APs in a network where those APs are under common administrative control. An Aruba deployment with multiple APs under the control of a single controller is one such example. Using OKCOpportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. , a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys.

Enabled

opmode

The layer-2 authentication and encryption to be used on this ESSIDExtended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. to protect access and ensure the privacy of the data transmitted to and from the network.

opensystem

bSec-128

WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. GCM-128 encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.

bSec-256

WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. GCM-256 encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.

dynamic-wep

WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. with dynamic keys.

enhanced-open

Improved data encryption in open Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. networks and protects data from sniffing. Enhanced open replaces open system as the default opmode.

mpsk-aes

AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption using a pre-shared key.

opensystem

No authentication and encryption.

static-wep

WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. with static keys.

wpa-aes

WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority..

wpa-psk-aes

WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption using a preshared key.

wpa-psk-tkip

WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. with TKIPTemporal Key Integrity Protocol. A part of the WPA encryption standard for wireless networks. TKIP is the next-generation Wired Equivalent Privacy (WEP) that provides per-packet key mixing to address the flaws encountered in the WEP standard. encryption using a preshared key.

wpa-tkip

WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. with TKIPTemporal Key Integrity Protocol. A part of the WPA encryption standard for wireless networks. TKIP is the next-generation Wired Equivalent Privacy (WEP) that provides per-packet key mixing to address the flaws encountered in the WEP standard. encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority..

wpa2-aes

WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority..

wpa2-psk-aes

WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption using a preshared key.

wpa2-psk-tkip

WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. with TKIPTemporal Key Integrity Protocol. A part of the WPA encryption standard for wireless networks. TKIP is the next-generation Wired Equivalent Privacy (WEP) that provides per-packet key mixing to address the flaws encountered in the WEP standard. encryption using a preshared key.

wpa2-tkip

WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. with TKIPTemporal Key Integrity Protocol. A part of the WPA encryption standard for wireless networks. TKIP is the next-generation Wired Equivalent Privacy (WEP) that provides per-packet key mixing to address the flaws encountered in the WEP standard. encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority..

wpa3-aes-ccm-128

WPA3 with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. CCM-128 encryption and dynamic keys using 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority..

wpa3-aes-gcm-256

WPA3 with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. GCM-256 encryption.

wpa3-cnsa

WPA3 with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. GCM-256 encryption using CNSA (192 bit).

wpa3-sae-aes

WPA3 with AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption using Simultaneous Authentication of Equals.

xSec

Encryption and tunneling of Layer-2 traffic between the managed device and wired or wireless clients, or between managed devices. To use xSec encryption, you must use a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication server. For clients, you must install the Funk Odyssey client software.

Requires installation of the xSec license. For xSec between managed devices, you must install an xSec license in each managed device.

opmode-transition

Enables backward compatibility for enhanced open or WPA3-SAE-AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. opmodes.

enabled

qbss-load-enable

Enables the AP to advertise the QBSS load element. The element includes the following parameters that provide information on the traffic situation:

Station count: The total number of stations associated to the QBSS.

Channel utilization: The percentage of time (normalized to 255) the channel is sensed to be busy. The access point uses either the physical or the virtual carrier sense mechanism to sense a busy channel.

Available admission capacity: The remaining amount of medium time (measured as number of 32us/s) available for a station via explicit admission control.

The QAP uses these parameters to decide whether to accept an admission control request. A wireless station uses these parameters to choose the appropriate access points.

NOTE: Ensure that wmm is enabled for legacy APs to advertise the QBSS load element. For 802.11n802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz. APs, ensure that either wmm or high throughput is enabled.

disabled

refresh-direction

The refresh direction of WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile.

bi-directional

<bidirectional>

Bidirectional data frames that are used for station refresh.

<rx-only>

Received data frames that are used for station refresh.

NOTE: The receive-only mode does not use null frames for station refresh.

<tx-only>

Transmitted data frames that are used for station refresh.

rts-threshold

Wireless clients transmitting frames larger than this threshold must issue RTSRequest to Send. RTS refers to the data transmission and protection mechanism used by the 802.11 wireless networking protocol to prevent frame collision occurrences. See CTS. and wait for the AP to respond with CTSClear to Send. The CTS refers to the data transmission and protection mechanism used by the 802.11 wireless networking protocol to prevent frame collision occurrences. See RTS. . This helps prevent mid-air collisions for wireless clients that are not within wireless peer range and cannot detect when other wireless clients are transmitting.

 

2333 bytes

short-preamble

Enables or disables short preamble for 802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g radios. Network performance may be higher when short preamble is enabled. In mixed radio environments, some 802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps. wireless client stations may experience difficulty associating with the AP using short preamble. To use only long preamble, disable short preamble. Legacy client devices that use only long preamble generally can be updated to support short preamble.

enabled

strict-svp

Enable Strict Spectralink Voice Protocol (SVPSpectraLink Voice Priority. SVP is an open, straightforward QoS approach that has been adopted by most leading vendors of WLAN APs. SVP favors isochronous voice packets over asynchronous data packets when contending for the wireless medium and when transmitting packets onto the wired LAN.)

disabled

wepkey1 - wepkey4

Static WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key associated with the key index. Can be 10 or 26 hex characters in length.

weptxkey

Key index that specifies which static WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key is to be used. Can be 1, 2, 3, or 4.

1, 2, 3, 4

1

wmm

Enables or disables WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK)., also known as IEEEInstitute of Electrical and Electronics Engineers. 802.11e802.11e is an enhancement to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer with a coordinated Time Division Multiple Access (TDMA) construct. It adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels, and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and VoIP. Enhanced Distribution Coordination Function. WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). provides prioritization of specific traffic relative to other traffic in the network.

disabled

wmm-be-dscp

DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. value used to map WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). best-effort traffic.

0-63

wmm-bk-dscp

DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. used to map WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). background traffic.

0-63

wmm-ts-min-inact-int

Specifies the minimum inactivity time-out threshold of WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). traffic. This setting is useful in environments where low inactivity interval time-outs are advertised, which may cause unwanted timeouts.

0-3,600,000

0 milliseconds

wmm-uapsd

Enable WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). UAPSD powersave.

enabled

wmm-vi-dscp

DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. used to map WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). video traffic.

0-63

wmm-vo-dscp

DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. used to map WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). voice traffic.

0-63

wpa-hexkey

WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. PSKPre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. .

wpa-passphrase

WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. passphrase with which to generate a PSKPre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. .

Usage Guidelines

The SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile configures the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. Default WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). mappings exist for all SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. After you customize an WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). mapping and apply it to the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., the Mobility Master overwrites the default mapping values and uses the user-configured values.

Suite-B Cryptography

The opmode parameters for Suite-B encryption, wpa2-aes-gcm-128 and wpa2-aes-gcm-256, require the ACR license. All 7000 Series and 7200 Series support Suite-B encryption.

Multicast Rate Optimization

The Multicast Rate Optimization feature dynamically selects the rate for sending broadcast/multicast frames on any BSSBasic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. . This feature determines the optimal rate for sending broadcast and multicast frames based on the lowest of the unicast rates across all associated clients.

When the Multicast Rate Optimization option (mcast-rate-opt) is enabled, the Mobility Master scans the list of all associated stations in that BSSBasic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. and finds the lowest transmission rate as indicated by the rate adaptation state for each station. If there are no associated stations in the BSSBasic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. , it selects the lowest configured rate as the transmission rate for broadcast and multicast frames.

This feature is disabled by default. Multicast Rate Optimization applies to broadcast and multicast frames only. 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. management frames are not affected by this feature and will be transmitted at the lowest configured rate.

 

The Multicast Rate Optimization feature should only be enabled on a BSSBasic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. where all associated stations are sending or receiving unicast data. If there is no unicast data to or from a particular station, then the rate adaptation state may not accurately reflect the current sustainable transmission rate for that station. This could result in a higher packet error rate for broadcast or multicast packets at that station.

Example

The following command configures an SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. for WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. authentication:

(host) [md] (config) #wlan ssid-profile corpnet

(host) [md] (SSID Profile "corpnet") #essid Corpnet

(host) [md] (SSID Profile "corpnet") #opmode wpa2-aes

Command History

Release

Description

ArubaOS 8.5.0.0

Added the refresh-direction parameter and the wpa3-aes-gcm-256 sub-parameter to the opmode parameter.

ArubaOS 8.4.0.0

Added enhanced-open, mpsk-aes, opensystem, wpa3-aes-ccm-128, wpa3-cnsa, and wpa-sae-aes sub-parameters to the opmode parameter and the opmode-transition parameter.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms, except for the noted opmode parameters.

Base operating system, except for the noted parameters.

Config mode on Mobility Master.

/*]]>*/