416| Virtual APs AOS-W 6.5.3.x| User Guide
Parameter Description
Convert Broadcast
ARP requests to
unicast
If enabled, all broadcast ARP requests are converted to unicast and sent directly to
the client. You can check the status of this option using the show ap active and the
show datapath tunnel command. If enabled, the output will display the letter a in
the flags column.
This configuration parameter is only intended for use for virtual APs in tunnel mode.
In tunnel mode, all packets travel to the switch, so the switch is able to convert ARP
requests directed to the broadcast address into unicast.
When a virtual AP is configured to use bridge forwarding mode, most data traffic
stays local to the AP, and the switch is not able to convert that broadcast traffic.
Beginning with AOS-W 6.1.3.2, this parameter is enabled by default. Behaviors
associated with these settings are enabled upon upgrade to AOS-W 6.1.3.2. If your
switch supports clients behind a wireless bridge or virtual clients on VMware
devices, you must disable this setting to allow those clients to obtain an IP address.
In previous releases of AOS-W, the virtual AP profile included two unique broadcast
filter parameters; the drop broadcast and multicast parameter, which filtered
out all broadcast and multicast traffic in the air except DHCP response frames
(these were converted to unicast frames and sent to the corresponding client) and
the conert ARP requests to unicast parameter, which converted broadcast ARP
requests to unicast messages sent directly to the client.
Starting with AOS-W 6.1.3.2, the Convert Broadcast ARP requests to unicast
setting includes the additional functionality of broadcast-filter all parameter, where
DHCP response frames are sent as unicast to the corresponding client. This can
impact DHCP discover/requested packets for clients behind a wireless bridge and
virtual clients on VMware devices. Disable this option to resolve this issue and allow
clients behind a wireless bridge or VMware devices to receive an IP address.
Default: Enabled
Advanced Configuration Settings
Cellular Handoff
Assist
When both the client match and the cellular handoff assist features are enabled,
the cellular handoff assist feature can help a dual-mode, 3G/4G-capable Wi-Fi
device such as an iPhone, iPad or Android client at the end of a Wi-Fi network switch
from Wi-Fi to an alternate 3G/4G radio that provides better network access.
Dynamic Multicast
Optimization (DMO)
Threshold
Maximum number of high-throughput stations in a multicast group beyond which
dynamic multicast optimization stops.
Range: 2-255 stations
Default: 6 stations.
Blacklist Time Number of seconds that a client is quarantined from the network after being
blacklisted. Default: 3600 seconds (1 hour)
Authentication Failure
Blacklist Time
Time, in seconds, a client is blocked if it fails repeated authentication. The default
setting is 3600 seconds (1 hour). A value of 0 blocks the client indefinitely.
Deny inter user traffic Select this check box to deny traffic between the clients using this virtual AP profile.
The global firewall shown the Configuration>Advanced Services > Stateful
Firewall > Global window also includes an option to deny all inter-user traffic,
regardless of the Virtual AP profile used by those clients.
If the global setting to deny inter-user traffic is enabled, all inter-user traffic
between clients will be denied, regardless of the settings configured in the virtual
AP profiles. If the setting to deny inter-user traffic is disabled globally but enabled
on an individual virtual ap, only the traffic between un-trusted users and the clients
on that particular virtual AP will be blocked.
Table 97: Virtual AP Profile Parameters
To Next Page
Loading...