Configuring System Parameters for an AP

To configure system parameters for an AP, complete the following steps:

  1. In the Aruba Central app, set the filter to a group that contains at least one AP.
    The dashboard context for the group is displayed.
  2. Under Manage, click Devices > Access Points.
    A list of APs is displayed in the List view.
  3. Click the Config icon.
    The tabs to configure the APs are displayed.
  4. Click Show Advanced and click the System tab.
    The System details page is displayed.
  5. Click the General accordion and configure the parameters described in Table 1.
  6. Click Save Settings.

The following table describes the system parameters for an AP.

Table 1: System Parameters

Data Pane Item


Set Country code for group

To configure a country code for the AP at the group level, select the country code from the Set Country code for group drop-down list. By default, no country code is configured for the AP device groups.

When a country code is configured for the group, it takes precedence over the country code setting configured t the device level.

System Location

Specify the system location of the AP.


To configure a time zone, select a time zone from the Timezone drop-down list.

If the selected timezone supports DST Daylight Saving Time. DST is also known as summer time that refers to the practice of advancing clocks, so that evenings have more daylight and mornings have less. Typically clocks are adjusted forward one hour near the start of spring and are adjusted backward in autumn. , the UI displays the "The selected country observes Daylight Savings Time" message.

NTP Server

This parameter allows you to configure NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers for the AP. Up to four NTP servers can be configured for the AP, each one separated by a comma.

To facilitate communication between various elements in a network, time synchronization between the elements and across the network is critical. Time synchronization allows you to:

  • Trace and track security gaps, network usage, and troubleshoot network issues.
  • Validate certificates.
  • Map an event on one network element to a corresponding event on another.
  • Maintain accurate time for billing services and similar.
  • NTP helps obtain the precise time from a server and regulate the local time in each network element. Connectivity to a valid NTP server is required to synchronize the AP clock to set the correct time. If NTP server is not configured in the AP network, an AP reboot may lead to variation in time data.

By default, the AP tries to connect to to synchronize time. The NTP server can also be provisioned through the DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  option 42. If the NTP server is configured, it takes precedence over the DHCP option 42 provisioned value. The NTP server provisioned through the DHCP option 42 is used if no server is configured. The default server is used if no NTP server is configured or provisioned through DHCP option 42.

To configure an NTP server, enter the IP address or the URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. of the NTP server and reboot the AP to apply the configuration changes.

DHCP Option 82 XML

DHCP Option 82 XML can be customized to cater to the requirements of any ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. using the conductor AP. To facilitate customization using a XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. definition, multiple parameters for Circuit ID and Remote ID options of DHCP Option 82 XML are introduced.

The XML file is used as the input and is validated against an XSD file in the conductor AP. The format in the XML file is parsed and stored in the DHCP relay which is used to insert Option 82 related values in the DHCP request packets sent from the client to the server.


From the drop-down list, select one of the following XML files:

  • default_dhcpopt82_1.xml

  • default_dhcpopt82_2.xml

  • default_dhcpopt82_3.xml

    Execute the show dhcp opt82 CLI command to see detailed information on default_dhcpopt82_3.xml.

    NOTE: default_dhcpopt82_3.xml is supported only on APs running ArubaOS or later versions.

The XML parameters for each of these options are:

DHCP Option 82 XML VLAN list

NOTE: This field is displayed if default_dhcpopt82_3.xml is selected in the DHCP Option 82 XML field.

Enter the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. values. The maximum number of supported VLANs is 128.

The VLAN values can be a range from 1-4094, or a comma separated list, or a combination of both.

Login Session Timeout

Allows you to set a timeout for login session.

Console Access

When enabled, the users can access AP through the console port.

WebUI Access

If an AP is connected to Aruba Central, you can use this option to disable AP communication via HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. or SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. . When you enable this feature, you can manage the AP through AP console or from Aruba Central. To manage from Aruba Central, navigate to Analyze > Tools > Console page to create a console session. For more information, see Creating Console Session.

LED Display

Enables or disables the LED Light Emitting Diode. LED is a semiconductor light source that emits light when an electric current passes through it. display for all APs in a cluster.

The LED display is always enabled during the AP reboot.

Optimize inter-VLAN traffic between same-AP clients

When enabled, traffic between two clients that are on the same AP but different VLANs will be directly routed by AP, if the AP is not the clients’ default gateway.

Disable this option to prevent the local routing of traffic if you have security and traffic management policies defined (such as policies for blocking, exempting, or monitoring the traffic between devices) for upstream devices. The routing traffic between the clients is sent to the clients’ upstream default gateway to make the forwarding decision.

URL Visibility

Turn on the toggle switch to enable URL data logging for client HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. and HTTPS sessions and allows APs to extract URL information and periodically log them on ALE Analytics and Location Engine. ALE gives visibility into everything the wireless network knows. This enables customers and partners to gain a wealth of information about the people on their premises. This can be very important for many different verticals and use cases. ALE includes a location engine that calculates associated and unassociated device location periodically using context streams, including RSSI readings, from WLAN controllers or Instant clusters. for DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. and application analytics.

Restrict uplink port to specified VLANs

Turn on the toggle switch to restrict the default uplink port settings and apply the settings of the wired port profile defined in enet<X>-port-profile.


Turn on the toggle switch to enable the RTP Real-Time Transport Protocol. RTP is a network protocol used for delivering audio and video over IP networks. traffic based on the DSCP Differentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. value set by the end user device.

UTB Filter Block

This parameter controls the band Band refers to a specified range of frequencies of electromagnetic radiation. on which the Ultra Tri-Band (UTB) limitation is applied in the regulatory domain profile.

The UTB filter supports channel band on both 5 GHz Gigahertz. and 6 GHz.

Listed below are the two options available:

  • 5 GHz—Select 5 GHz for upper band blocking. When the 6 GHz radio is also active, channels 149 and higher in the 5 GHz band will not be used.

  • 6 GHz—Select 6 GHz for lower band blocking. When the 5 GHz radio is also active, channels 1 to 29 in the 6 GHz band will not be used.

The default value is 6 GHz.

NOTE: The UTB Filter Block is applicable only to AP-635 hardware version 1. AP-635 hardware version 2 and the AP-650 Series access points include a hardware based UTB filter that allows all the channels to be used.

IPv6 Address Generation

Allows you to change the method with which IPv6 addresses are generated. Currently, there are two supported methods to generate IPv6 addresses.

PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. Cache Timeout (in hours)

Allows you to set a PMK cache timeout interval, in hours. PMK caching allows a client to skip 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication for those APs which are neighbors of current AP. The range is 1-2000 hours. The default value is eight hours.

NOTE: Aruba Central now supports PMK caching timeout in APs running ArubaOS 10, ArubaOS, or later versions.

You can now specify the country code and timezone for multiple APs. Select more than one AP from the Access Points table and click the edit icon on the pop-up window. In the new window, specify the Country code, timezone from the Timezone drop-down list and select Apply for all access points > Apply > Save Settings to apply the changes to all the access points in the group.