Parameter
Description
Security
Level
Upload
Certificate
Click
Upload Certificate
and browse to upload a certificate file for the
internal server. For more information on certificates, see
Enterprise
,
Personal
, and
Open
security
levels
Fast Roaming
You can configure the following fast roaming options for the WLAN SSID:
l
Opportunistic Key Caching
: You can enable
Opportunistic Key
Caching
(OKC) when
WPA-2 Enterprise
and
Both (WPA2 & WPA)
encryption types are selected. If OKC is enabled, a cached pairwise
master key (PMK) is used when the client roams to a new IAP. This allows
faster roaming of clients without the need for a complete 802.1X
authentication.
l
802.11r
: Selecting this check box enables fast BSS transition. The Fast
BSS Transition mechanism minimizes the delay when a client transitions
from one BSS to another within the same cluster. This option is available
only when WPA-2 Enterprise and WPA-2 personal encryption keys are
selected.
l
802.11k
: Selecting this check box enables 802.11k roaming on the SSID
profile. The 802.11k protocol enables IAPs and clients to dynamically
measure the available radio resources. When 802.11k is enabled, IAPs
and clients send neighbor reports, beacon reports, and link
measurement reports to each other.
l
802.11v
: Selecting this check box enables the 802.11v-based BSS
transition. 802.11v standard defines mechanisms for wireless network
management enhancements and BSS transition management. It allows
client devices to exchange information about the network topology and
RF environment. The BSS transition management mechanism enables
an IAP to request a voice client to transition to a specific IAP, or suggest
a set of preferred IAPs to a voice client, due to network load balancing or
BSS termination. It also helps the voice client identify the best IAP to
transition to as they roam.
Enterprise
,
Personal
, and
Open
security
levels.
Table 23:
Configuration Parameters for WLAN Security Settings in an Employee or Voice Network
4. Click
Next
to configure access rules. For more information, see
Configuring Access Rules for a WLAN SSID
.
In the CLI
To configure enterprise security settings for the Employee and Voice users:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# opmode {wpa2-aes|wpa-tkip,wpa2-aes|dynamic-wep}
(Instant AP)(SSID Profile <name>)# leap-use-session-key
(Instant AP)(SSID Profile <name>)# termination
(Instant AP)(SSID Profile <name>)# auth-server <server-name>
(Instant AP)(SSID Profile <name>)# external-server
(Instant AP)(SSID Profile <name>)# server-load-balancing
(Instant AP)(SSID Profile <name>)# blacklist
(Instant AP)(SSID Profile <name>)# mac-authentication
(Instant AP)(SSID Profile <name>)# l2-auth-failthrough
(Instant AP)(SSID Profile <name>)# auth-survivability
(Instant AP)(SSID Profile <name>)# radius-accounting
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Wireless Network Profiles |
97