Parameter Description
Deny time range Click the drop-down list and select a configured time range for which the AP will
deny access. If you have not yet configured a time range, navigate to
Configuration > Security > Access Control > Time Ranges to define a time
range before configuring this setting in the virtual AP profile.
DoS Prevention If enabled, APs ignore deauthentication frames from clients. This prevents a
successful deauthorization attack from being carried out against the AP. This does
not affect third-party APs. Default: Disabled
HA Discovery
on-association
If enabled, home agent discovery is triggered on client association instead of home
agent discovery based on traffic from client. Mobility on association can speed up
roaming and improve connectivity for clients that do not send many uplink packets
to trigger mobility (VoIP clients). Best practices is to disable this parameter as it
increases IP mobility control traffic between switches in the same mobility domain.
Enable this parameter only when voice issues are observed in VoIP clients.
Default: Disabled
NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and
configured on the switch. For more information about this parameter, see HA
Discovery on Association on page 670
Mobile IP Enables or disables IP mobility for this virtual AP.
Default: Enabled
Preserve Client VLAN If you select this check box, clients retain their previous VLAN assignment if the cli-
ent disassociates from an AP and then immediately re-associates either with same
AP or another AP on the same switch.
Remote-AP Operation Configures when the virtual AP operates on a remote AP:
n always—Permanently enables the virtual AP (Bridge Mode only). This option
can be used for non-802.1X bridge VAPs.
n backup—Enables the virtual AP if the remote AP cannot connect to the switch
(Bridge Mode only). This option can be used for non-802.1X bridge VAPs.
n persistent—Permanently enables the virtual AP after the remote AP initially
connects to the switch (Bridge Mode only). This option can be used for any
(Open/PSK/802.1X) bridge VAPs.
n standard—Enables the virtual AP when the remote AP connects to the switch.
This option can be used for any (bridge/split-tunnel/tunnel/d-tunnel) VAPs.
Station Blacklisting Select the Station Blacklisting check box to enable detection of denial of service
(DoS) attacks, such as ping or SYN floods, that are not spoofed deauthorization
attacks.
Default: Enabled
Strict Compliance If enabled, the AP denies client association requests if the AP and client station have
no common rates defined. Some legacy client stations which are not fully 802.11-
compliant may not include their configured rates in their association requests. Such
non-compliant stations may have difficulty associating with APs unless strict
compliance is disabled. This parameter is disabled by default.
VLAN Mobility Enable or disable VLAN (Layer-2) mobility.
Default: Disabled
FDB Update on Assoc
This parameter enables seamless failover for silent clients, allowing them to re-
associate. If you select this option, the switch will generate a Layer 2 update on
behalf of client to update forwarding tables in bridge devices.
Default: Disabled
Table 97: Virtual AP Profile Parameters
AOS-W 6.5.3.x | User Guide Virtual APs | 417
To Next Page
Loading...