You are here: Home > CLI Commands > Just_CLI_Topics > wlan virtual-ap

wlan virtual-ap

wlan virtual-ap <profile-name>

aaa-profile <profile-name>

allowed-band <band>...

anyspot-profile <profile>

auth-failure-blacklist-time <seconds>

band-steering

blacklist

blacklist-time <seconds>

broadcast-filter all|arp

cellular-handoff-assist

clone <profile-name>

deny-inter-user-traffic

deny-time-range <range>

dos-prevention

dot11k-profile

dynamic-mcast-optimization

dynamic-mcast-optimization-threshold

fdb-update-on-assoc

forward-mode {tunnel|bridge|split-tunnel|decrypt-tunnel}

ha-disc-onassoc

hs2-profile

mobile-ip

no ...

openflow-enable

preserve-vlan

rap-operation {always|backup|persistent|standard}

ssid-profile <profile-name>

steering-mode band-balancing|force-5ghz|prefer-5ghz

strict-compliance

vap-enable

vlan <vlan>...

vlan-mobility

wan-operation

wmm-traffic-management-profile

Description

This command configures a virtual AP profile.

Syntax

Parameter

Description

Range

Default

<profile-name>

Name of this profile. The name must be 1-63 characters.

“default”

aaa-profile

Name of the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile that applies to this virtual AP.

“default”

allowed-band

The bandBand refers to a specified range of frequencies of electromagnetic radiation.(s) on which to use the virtual AP:

a802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. bandBand refers to a specified range of frequencies of electromagnetic radiation. only (5 GHzGigahertz.)

g802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g bandBand refers to a specified range of frequencies of electromagnetic radiation. only (2.4 GHzGigahertz.)

all—both 802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. and 802.11b802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps./g bandsBand refers to a specified range of frequencies of electromagnetic radiation.
(5 GHzGigahertz. and 2.4 GHzGigahertz.)

a, g, all

all

anyspot-profile

Anyspot Profile associated with this Virtual AP Profile. The anyspot client probe suppression feature decreases network traffic by suppressing probe requests from clients attempting to locate and connect to other known networks.

auth-failure-blacklist-time

Time, in seconds, a client is blocked if it fails repeated authentication. A value of 0 blocks a client iindefinitely.

0-2,147,483,647 seconds

0

band-steering

ARMAdaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. ’s bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature can encourage or require dual-bandBand refers to a specified range of frequencies of electromagnetic radiation. capable clients to stay on the 5 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. on dual-bandBand refers to a specified range of frequencies of electromagnetic radiation. APs. This frees up resources on the 2.4 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. for single bandBand refers to a specified range of frequencies of electromagnetic radiation. clients like VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. phones.

BandBand refers to a specified range of frequencies of electromagnetic radiation. steering reduces co-channel interference and increases available bandwidth for dual-bandBand refers to a specified range of frequencies of electromagnetic radiation. clients, because there are more channels on the 5 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. than on the 2.4 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation.. Dual-bandBand refers to a specified range of frequencies of electromagnetic radiation. 802.11n802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz.-capable clients may see even greater bandwidth improvements, because the bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature will automatically select between 40MHz or 20 MHzMegahertz channels in 802.11n802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz. networks. This feature is disabled by default, and must be enabled in a Virtual AP profile.

The bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature supports three steering modes, which can be configured via the steering-mode parameter:

BandBand refers to a specified range of frequencies of electromagnetic radiation. steering can be configured on both campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. and remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. that have a virtual AP profile set to tunnel, decrypt-tunnel, split-tunnel or bridge forwarding mode. Note, however, that if a campus or remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. has virtual AP profiles configured in bridge or split-tunnel forwarding mode but no virtual AP in tunnel mode, those APs will gather information about 5G-capable clients independently and will not exchange this information with other APs that also have bridge or split-tunnel virtual APs only.

disabled

blacklist

Enables detection of DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service. attacks, such as ping or SYN floods, that are not spoofed deauth attacks.

enabled

blacklist-time

Number of seconds that a client is quarantined from the network after being blacklisted.

0-2,147,483,647 seconds

3600 seconds
(1 hour)

broadcast-filter

Filter out broadcast and multicast traffic in the air.

all

NOTE: Do not enable this option for virtual APs configured in bridge forwarding mode. This configuration parameter is only intended for use for virtual APs in tunnel mode. In tunnel mode, all packets travel to the managed device, so the managed device is able to drop all broadcast traffic. When a virtual AP is configured to use bridge forwarding mode, most data traffic stays local to the AP, and the managed device is not able to filter out that broadcast traffic.

IMPORTANT: If you enable this option, you must also enable the Broadcast-Filter ARP parameter in the stateful firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. configuration to prevent ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests from being dropped. Note also that although a virtual AP profile can be replicated from a Mobility Master to managed device, stateful firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. settings do not. If you select the broadcast-filter all option for a Virtual AP Profile on a Mobility Master, you must enable the broadcast-filter arp setting on each individual managed device.

arp

If enabled, all broadcast ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests are converted to unicast and sent directly to the client. You can check the status of this option using the show ap active and the show datapath tunnel command. If enabled, the output will display the letter a in the flags column.

Do not enable this option for virtual APs configured in bridge forwarding mode. This configuration parameter is only intended for use for virtual APs in tunnel mode. In tunnel mode, all packets travel to the managed device, so the managed device is able to convert ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests directed to the broadcast address into unicast. When a virtual AP is configured to use bridge forwarding mode, most data traffic stays local to the AP, and the managed device is not able to convert that broadcast traffic.

For the option all, the default value is disabled.

 

For the option arp, the default value is enabled.

cellular-handoff-assist

When both the client match and cellular handoff assist features are enabled, the cellular handoff assist feature can help a dual-mode, 3GThird Generation of Wireless Mobile Telecommunications Technology. See W-CDMA. or 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE.-capable Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. device such as an iPhone, iPad, or Android client at the edge of Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. network coverage switch from Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. to an alternate 3GThird Generation of Wireless Mobile Telecommunications Technology. See W-CDMA. or 4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. radio that provides better network access. This feature is disabled by default, and is recommended only for Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. hotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. deployments.

disabled

clone

Name of an existing traffic management profile from which parameter values are copied.

deny-inter-user-traffic

Select this check box to deny traffic between the clients using this virtual AP profile.

The firewall command includes an option to deny all inter-user traffic, regardless of the Virtual AP profile used by those clients.

If the global setting to deny inter-user traffic is enabled, all inter-user traffic between clients will be denied, regardless of the settings configured in the virtual AP profiles. If the setting to deny inter-user traffic is disabled globally but enabled on an individual virtual ap, only the traffic between un-trusted users and the clients on that particular virtual AP will be blocked.

disabled

deny-time-range

Specify the name of the time range for which the AP will deny access. Time ranges can be defined using the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command time-range.

dos-prevention

If enabled, APs ignore deauthentication frames from clients. This prevents a successful deauth attack from being carried out against the AP. This does not affect third-party APs.

disabled

dot11k-profile

Name of an 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. profile to be associated with this VAP.

default

dynamic-mcast-optimization

Enable or /Disable dynamic multicast optimization. This parameter can only be enabled on a managed device with a PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

disabled

dynamic-mcast- optimization-threshold

Maximum number of high-throughput stations in a multicast group beyond which dynamic multicast optimization stops.

2-255 stations

6 stations

fdb-update-on-assoc

This parameter enables seamless failover for silent clients, allowing them to re-associate. If you select this option, the managed device will generate a Layer 2 update on behalf of client to update forwarding tables in bridge devices.

Default: Disabled

disabled

forward-mode

Controls whether 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames are tunneled to the managed device using generic routing encapsulation (GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.), bridged into the local EthernetEthernet is a network protocol for data transmission over LAN. LANLocal Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. (for remote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.), or a combination thereof depending on the destination (corporate traffic goes to the managed device, and Internet access remains local).

Select one of the following forward modes:

Tunnel: When an AP is in tunnel forwarding mode, the AP handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses. The AP sends all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. data packets, action frames and EAPOL frames over a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the managed device for processing. The managed device removes or adds the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. headers, decrypts or encrypts 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames and applies firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. rules to the user traffic as usual.

Bridge: When an AP is in bridge mode, data is bridged onto the local EthernetEthernet is a network protocol for data transmission over LAN. LANLocal Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server.. When in bridge mode, the AP handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, encryption or decryption processes, and firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. enforcement. 802.11e802.11e is an enhancement to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer with a coordinated Time Division Multiple Access (TDMA) construct. It adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels, and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and VoIP. and 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. action frames are also processed by the AP, which then sends out responses as needed. An AP in bridge mode supports only the 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication type.

Split-Tunnel: Data frames are either tunneled or bridged, depending on the destination (corporate traffic goes to the managed device, and Internet access remains local). The AP handles all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, encryption or decryption, and firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. enforcement. 802.11e802.11e is an enhancement to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer with a coordinated Time Division Multiple Access (TDMA) construct. It adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels, and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and VoIP. and 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. action frames are also processed by the AP, which then sends out responses as needed. An AP in split-tunnel mode supports only the 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication type.

Decrypt-Tunnel: An AP in decrypt-tunnel forwarding mode decrypts and decapsulates all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames from a station and sends the 802.3 frames through the GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the managed device, which then applies firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policies to the user traffic. This mode allows a network to utilize the encryption or decryption capacity the AP while reducing the demand for processing resources on the managed device. APs in decrypt-tunnel forwarding mode also manage all 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. association requests and responses, and process all 802.11e802.11e is an enhancement to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer with a coordinated Time Division Multiple Access (TDMA) construct. It adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels, and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and VoIP. and 802.11k802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. action frames.

NOTE: Virtual APs in bridge or split-tunnel mode using static WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. should use key slots 2-4 on the managed device. Key slot 1 should only be used with Virtual APs in tunnel mode.

tunnel

bridge
split-tunnel decrypt-tunnel

tunnel

ha-disc-onassoc

If enabled, home agent discovery is triggered on client association instead of home agent discovery based on traffic from client. Mobility on association can speed up roaming and improve connectivity for clients that do not send many uplink packets to trigger mobility (VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. clients). Best practices is to leave this parameter disabled, as it increases IP mobility control traffic between managed devices in the same mobility domain. Enable this parameter only when voice issues are observed in VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. clients.

NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and configured on the managed device. For more information about this parameter, refer Home Agent Discovery on Association

disabled

hs2-profile

Enables or disables a hotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. profile. This is enabled by default.

enabled

mobile-ip

Enables or disables IP mobility on a virtual AP. This is enabled by default. L3 mobility service is active on a VAP only if router mobile is also enabled on the managed device.

enabled

no

Negates any configured parameter.

openflow-enable

Enables OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. on AP forwarding path.

preserve-vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.

This parameter allows clients to retain their previous VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. assignment if the client disassociates from an AP and then immediately re-associates either with same AP or another AP on same managed device.

   

rap-operation

Configures when the virtual AP operates on a remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.:

always—Permanently enables the virtual AP (Bridge Mode only). This option can be used for non-802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. bridge VAPs.

backup—Enables the virtual AP if the remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. cannot connect to the managed device (Bridge Mode only). This option can be used for non-802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. bridge VAPs.

persistent—Permanently enables the virtual AP after the remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. initially connects to the managed device (Bridge Mode only). This option can be used for any (Open or PSKPre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. or 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.) bridge VAPs.

standard—Enables the virtual AP when the remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. connects to the managed device. This option can be used for any (bridge or split-tunnel or tunnel or d-tunnel) VAPs.

always or
backup or
persistent or
standard

standard

ssid-profile

Name of the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile that applies to this virtual AP.

default

steering-mode

BandBand refers to a specified range of frequencies of electromagnetic radiation. steering supports three different bandBand refers to a specified range of frequencies of electromagnetic radiation. steering modes.

Force-5GHz: When the AP is configured in force-5GHz bandBand refers to a specified range of frequencies of electromagnetic radiation. steering mode, the AP will try to force 5 GHzGigahertz.-capable APs to use that radio bandBand refers to a specified range of frequencies of electromagnetic radiation..

Prefer-5GHz (Default): If you configure the AP to use prefer-5GHz bandBand refers to a specified range of frequencies of electromagnetic radiation. steering mode, the AP will try to steer the client to 5G bandBand refers to a specified range of frequencies of electromagnetic radiation. (if the client is 5G capable) but will let the client connect on the 2.4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. bandBand refers to a specified range of frequencies of electromagnetic radiation. if the client persists in 2.4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. association attempts.

Balance-bands: In this bandBand refers to a specified range of frequencies of electromagnetic radiation. steering mode, the AP tries to balance the clients across the two radios in order to best utilize the available 2.4GFourth Generation of Wireless Mobile Telecommunications Technology. See LTE. bandwidth. This feature takes into account the fact that the 5 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. has more channels than the 2.4 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation., and that the 5 GHzGigahertz. channels operate in 40 MHzMegahertz while the 2.5 GHzGigahertz. bandBand refers to a specified range of frequencies of electromagnetic radiation. operates in 20 MHzMegahertz.

NOTE: Steering modes do not take effect until the bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature has been enabled. The bandBand refers to a specified range of frequencies of electromagnetic radiation. steering feature in ArubaOS versions 3.3.2-5.0 does not support multiple bandBand refers to a specified range of frequencies of electromagnetic radiation.-steering modes. The bandBand refers to a specified range of frequencies of electromagnetic radiation.-steering feature in these versions of ArubaOS functions the same way as the default prefer-5GHz steering mode available in ArubaOS 6.0 and later.

Force-5 GHzGigahertz.

prefer-5 GHzGigahertz.

balance-bandsBand refers to a specified range of frequencies of electromagnetic radiation.

prefer-5 GHzGigahertz.

strict-compliance

If enabled, the AP denies client association requests if the AP and client station have no common rates defined. Some legacy client stations which are not fully 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing.-compliant may not include their configured rates in their association requests. Such non-compliant stations may have difficulty associating with APs unless strict compliance is disabled.

disabled

vap-enable

Enable or disable the virtual AP.

enabled

vlan

The VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.(s) into which users are placed in order to obtain an IP address. Enter VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. as a comma-separated list of existing VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs or VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. names. A mixture of names and numeric IDs are not allowed.

NOTE: You must add an existing VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID to the Virtual AP profile.

 

1

vlan-mobility

VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. mobility retains the client VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on roaming irrespective of the VAP VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., provided the user VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are extended.

VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. mobility and mobile IP are mutually exclusive.

VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. mobility does not re-use user firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. sessions on roaming as the sessions will have to be recreated locally on the roamed managed device.

disabled

wan-operation

Specify the wan-operation to enable Virtual AP depending on the state of the WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. link.

always backup
primary

always

wmm-traffic- management-profile

Specify the WMMWi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK). Traffic Management Profile to be associated with this Virtual AP Profile.

__

Usage Guidelines

WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. profiles configure WLANsWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. in the form of virtual AP profiles. A virtual AP profile contains an SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile which defines the WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. and an AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile which defines the authentication for the WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection.. You can configure and apply multiple instances of virtual AP profiles to an AP group or to an individual AP.

A named VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. can be deleted although it is configured in a virtual AP profile. If this occurs the virtual AP profiles becomes invalid. If the named VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. is added back later the virtual AP becomes valid again.

The broadcast-filter arp parameter is enabled by default. If your Mobility Master supports clients behind a wireless bridge or virtual clients on VMware devices, you must disable the broadcast-filter arp setting to allow those clients to obtain an IP address. In previous releases of ArubaOS, the virtual AP profile included two unique broadcast filter parameters; the broadcast-filter all parameter, which filtered out all broadcast and multicast traffic in the air except DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  response frames (these were converted to unicast frames and sent to the corresponding client) and the broadcast-filter arp parameter, which converted broadcast ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests to unicast messages sent directly to the client.

The broadcast-filter arp setting includes the additional functionality of broadcast-filter all parameter, where DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  response frames are sent as unicast to the corresponding client. This can impact DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  discover or requested packets for clients behind a wireless bridge and virtual clients on VMware devices. Disable the broadcast-filter arp setting using the wlan virtual-ap <profile> no broadcast-filter arp command to resolve this issue and allow clients behind a wireless bridge or VMware devices to receive an IP address.

If there is only one VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. defined, then the Mobility Master will send IPv6 RAs as usual. If, however, there are multiple VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., then the Mobility Master will automatically convert 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. multicast frames to unicast. This conversion prevents RARouter Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. frames from being sent with a multicast key to all clients on the BSSIDBasic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly., which could lead to clients having multiple IPv6 addresses.

Example

The following command configures a virtual AP:

(host) [md] (config) #wlan virtual-ap corpnet

(host) [md] (Virtual AP profile "corpnet") #vlan 1

(host) [md] (Virtual AP profile "corpnet") #aaa-profile corpnet

Command History

Version

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/