Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

101

102

103

104

105

106

107

108

109

110

Parameter Description

Security Level

Type

Delimiter

character

Specify a character (for example, colon or dash) as a delimiter for the MAC

address string. When configured, the IAP will use the delimiter in the MAC

authentication request. For example, if you specify the colon as a delimiter,

MAC addresses in the xx:xx:xx:xx:xx:xx format are used. If the delimiter is

not specified, the MAC address in the xxxxxxxxxxxx format is used.

This option is available only when MAC authentication is enabled.

Enterprise,

Personal, and Open

security levels.

Uppercase

support

Set to Enabled to allow the IAP to use uppercase letters in MAC address

string for MAC authentication.

This option is available only if MAC authentication is enabled.

Enterprise,

Personal, and Open

security levels.

Upload

Certificate

Click Upload Certificate and browse to upload a certificate file for the

internal server. For more information on certificates, see Uploading

Certificates on page 174.

Enterprise,

Personal, and Open

security levels

Fast Roaming

You can configure the following fast roaming options for the WLAN SSID:

l Opportunistic Key Caching: When WPA-2 Enterprise and Both (WPA2-

WPA) encryption types are selected and if 802.1x authentication

method is configured, the Opportunistic Key Caching (OKC) is enabled

by default. If OKC is enabled, a cached pairwise master key (PMK) is

used when the client roams to a new AP. This allows faster roaming of

clients without the need for a complete 802.1x authentication.

l 802.11r: Selecting this checkbox enables fast BSS transition. The Fast

BSS Transition mechanism minimizes the delay when a client

transitions from one BSS to another within the same cluster.

l 802.11k: Selecting this checkbox enables 802.11k roaming on the SSID

profile. The 802.11k protocol enables IAPs and clients to dynamically

measure the available radio resources. When 802.11k is enabled, IAPs

and clients send neighbor reports, beacon reports, and link

measurement reports to each other.

l 802.11v: Selecting this checkbox enables 802.11v based BSS

transition.802.11v standard defines mechanisms for wireless network

management enhancements and BSStransition management. It allows

the client devices to exchange information about the network topology

and RF environment. The BSS transition management mechanism

enables an AP to request a voice client to transition to a specific AP, or

suggest a set of preferred APs to a voice client, due to network load

balancing or BSS termination. It also helps the voice client identify the

best AP to transition to as they roam.

Enterprise,

Personal, and Open

security levels.

NOTE: OKC

roaming can be

configured only for

the Enterprise

security level.

Table 21:

Configuration Parameters for WLANSecurity Settings in an Employee or Voice Network

4. Click Next to configure access rules. For more information, see Configuring Access Rules for a WLAN SSID

Profile on page 104.

In the CLI

To configure enterprise security settings for the employee and voice users of a WLAN SSID profile:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# opmode {wpa2-aes|wpa-tkip,wpa2-aes|wpa-psk-tkip,wpa2-psk-

aes|dynamic-wep}

(Instant AP)(SSID Profile <name>)# leap-use-session-key

(Instant AP)(SSID Profile <name>)# termination

(Instant AP)(SSID Profile <name>)# auth-server <server-name>

(Instant AP)(SSID Profile <name>)# external-server

(Instant AP)(SSID Profile <name>)# server-load-balancing

(Instant AP)(SSID Profile <name>)# blacklist

Aruba Instant 6.4.0.2-4.1 | User Guide Wireless Network Profiles | 103