Aruba IAP-335 User Manual

Specifies the target audience for this guide, which is administrators who configure and use IAPs.

Lists other relevant Aruba Instant product documentation, such as installation and reference guides.

Explains typographical conventions used throughout the manual for emphasis and clarity.

Provides contact information and resources for technical support, including website, forums, and telephone numbers.

Describes Aruba Instant's virtualization of controller capabilities on access points for enterprise-grade WLANs.

Lists IAP platforms that support Instant software and their minimum required software versions.

Details the prerequisites and initial steps for setting up an Instant network, including power sources and connections.

Explains how to connect an IAP to the power source using PoE switch, midspan, or AC adapter.

Describes how IAPs obtain IP addresses via DHCP or static configuration for network connectivity.

Covers different zero-touch provisioning methods for IAPs, including Aruba Activate and AirWave.

Explains how IAPs can retrieve configuration files from a server using FTP or FTPS for automatic updates.

Lists the necessary checks before configuring managed mode command parameters, such as software version and AirWave management.

Describes the Instant login page tasks: viewing connectivity, selecting language, and logging into the UI.

Details the connectivity status displayed on the login page, including Internet, uplink, and AirWave configuration.

Provides instructions on how to log in to the Instant UI using default administrative credentials.

Describes the elements of the Instant UI Main Window: Banner, Search Text Box, Tabs, and Links.

Details how to configure essential system parameters for an IAP, including name, location, and IP settings.

Explains how to update the administrative user password for an IAP using the Instant UI or the CLI.

Describes how to change the host name of an IAP through the Instant UI or the CLI.

Explains how to configure zone settings for an IAP to assign SSIDs to specific access points.

Details how to configure a static IP address or allow the IAP to obtain an IP address from a DHCP server.

Explains how to configure transmit power for IAPs with external antenna connectors for regulatory compliance.

Describes VLAN pooling to partition networks into subnets and assign VLANs from a pool for clients.

Explains how to monitor and detect VLAN configuration mismatches on upstream devices that affect client connectivity.

Explains the IPv6 address representation, including valid and abbreviated formats, and netmask notation.

Details the features and IP modes supported for IPv6 address configuration in IAPs.

Describes the transactions between a client and an IAP during startup, including authentication and connection.

Categorizes Instant wireless networks into Employee, Voice, and Guest network types.

Provides steps to configure WLAN settings for an SSID profile using the Instant UI or CLI.

Details how to configure VLAN settings for an SSID profile using the Instant UI or CLI.

Explains how to configure wired settings for a wired profile using the Instant UI or CLI.

Describes how to configure VLAN settings for a wired profile using the Instant UI or CLI.

Details how to configure security parameters for a wired employee network.

Explains how to configure access rules for wired profiles using the Instant UI or CLI.

Explains captive portal authentication, its components, and how administrators can create guest networks.

Provides steps to create an SSID for guest access using the Instant UI or CLI.

Details how to configure wired settings for a wired profile using the Instant UI or CLI.

Describes how to configure internal captive portal authentication for guest networks.

Explains how to configure external captive portal profiles and associate them to user roles or SSIDs.

Describes how to configure a guest network to use a customized Facebook page for authentication.

Explains how to create user roles and access rules for guest users in captive portal configurations.

Details how to configure captive portal roles for SSIDs that use 802.1X authentication.

Explains how to control access to web content and services using a walled garden for external captive portals.

Classifies IAP users into Administrator, Guest administrator, Employee, and Guest users and their privileges.

Describes how to configure users by specifying login credentials in the Instant UI.

Explains how to configure RADIUS or TACACS servers for authenticating management users.

Lists the supported authentication methods in Instant, including 802.1X, MAC, and Captive Portal.

Describes the 802.1X standard for WLAN authentication using EAP and RADIUS protocols.

Explains MAC authentication based on physical MAC addresses against a manually defined list.

Details features like MAC authentication preceding 802.1X and role-based access rules.

Explains captive portal authentication used for authenticating guest users.

Describes how to enforce MAC authentication for captive portal clients.

Explains how to configure different captive portal settings for clients on the same SSID.

Describes WISPr authentication for smart clients to authenticate on networks with multiple ISPs.

Lists the supported EAP authentication frameworks for Instant networks, including TLS, TTLS, and PEAP.

Explains how IAPs support EAP termination for enterprise WLAN SSIDs to reduce exchange packets.

Describes procedures for configuring internal or external authentication servers for client authentication.

Explains the local RADIUS server operating on each IAP for 802.1X authentication.

Details how to configure an external RADIUS server, including dynamic forwarding of requests.

Describes how to configure two authentication servers for primary, backup, and load balancing.

Provides steps to configure RADIUS, TACACS, LDAP, and ClearPass Policy Manager servers.

Explains how to enable secure communication between RADIUS server and IAP clients using TLS.

Details how to configure RadSec Protocol using the Instant UI or the CLI for secure communication.

Describes how to associate authentication server profiles with network profiles using UI or CLI.

Explains how to configure DRP parameters for the authentication server using Instant UI or CLI.

Describes how to enable RADIUS server support using Instant UI or CLI.

Explains data encryption process and supported types like WEP, TKIP, and AES.

Summarizes the differences between WPA and WPA-2 certifications and features.

Provides recommendations for authentication and encryption combinations for Wi-Fi networks.

Explains how to enable survivable authentication framework against remote link failures.

Details procedures for configuring 802.1X authentication for wireless and wired profiles.

Provides steps to enable 802.1X authentication for a wireless network profile using Instant UI or CLI.

Details how to enable 802.1X authentication for a wired profile using Instant UI or CLI.

Explains how to configure IAPs to function as 802.1X clients or supplicants for network access.

Details how to enable 802.1X supplicant support by configuring authentication parameters on IAPs.

Explains how to configure MAC authentication for wireless and wired profiles.

Provides steps to enable MAC authentication for a wireless network using Instant UI or CLI.

Details how to enable MAC authentication for a wired profile using Instant UI or CLI.

Explains how to configure MAC and 802.1X authentications for wireless and wired profiles.

Describes how to configure MAC authentication with captive portal authentication for network profiles.

Explains WISPr authentication for smart clients to authenticate on networks with multiple ISPs.

Details how client blacklisting denies connection to blacklisted clients and forces disconnection.

Explains how to manually add MAC addresses to the blacklist for permanent exclusion.

Describes dynamic blacklisting when clients exceed authentication failure thresholds or when a rule is triggered.

Provides information on loading certificates for authentication, captive portal, and RadSec.

Explains identity-based controls for application-layer security, prioritization, and traffic forwarding.

Describes how to use ACL rules to permit or deny data packets and limit bandwidth for user roles.

Details procedures for configuring ACLs to control access to network services.

Explains NAT process and how to configure source-NAT access rules.

Describes how to configure policy-based corporate access to override routing profiles.

Explains how to configure destination-NAT rules to redirect traffic to specified IP addresses and ports.

Details how to enable or disable protocols for Application Layer Gateway (ALG) using Instant UI or CLI.

Explains how to configure firewall settings to protect the network against ARP attacks.

Describes how to disable auto topology rules by configuring firewall settings in the IAP.

Explains enhanced inbound firewall for configuring rules, management subnets, and restricting corporate access.

Details how to configure subnets to ensure IAP management is carried out only from these subnets.

Explains how to configure restricted corporate access to block unauthorized users from accessing the corporate network.

Describes how to route DNS requests to OpenDNS and create content filtering policies.

Provides steps to enable content filtering for a wireless SSID using the Instant UI or CLI.

Details how to enable content filtering for a wired profile using the Instant UI or CLI.

Explains how to configure enterprise domain names for routing client DNS requests.

Describes how to configure URL filtering policies to block websites by defining ACL rules.

Explains how to create a list of URLs to redirect users when accessing blocked websites.

Details how to configure ACL rules to redirect blocked HTTP websites to a custom error page URL.

Describes how to configure ACL rules to redirect blocked HTTPS websites to a custom error page.

Explains how to configure user roles to determine network privileges, reauthentication, and bandwidth.

Provides steps to create a user role using the Instant UI or the CLI.

Details how to manage bandwidth by assigning contracts or rates to user roles.

Explains how to assign different rights to clients based on device support for machine authentication.

Allows configuration of role and VLAN derivation rules to assign roles or VLANs to clients.

Explains how roles are assigned to clients connecting to SSIDs or wired profiles.

Describes how to configure rules to determine the role assigned for each authenticated client.

Explains how VLANs can be assigned to clients based on configuration conditions.

Details how VLAN derivation rules allow assigning VLANs based on RADIUS server attributes.

Explains how to use regular expressions for complex policies of role and VLAN derivation.

Describes different modes of DHCP address assignment and associated client traffic forwarding modes.

Explains how to customize DHCP pool subnet and address range for client IP assignment.

Details how to configure Local, Local L2, and Local L3 DHCP scopes using Instant UI or CLI.

Explains how to configure distributed DHCP scopes for branches connected via VPN.

Describes points to note when configuring centralized DHCP scopes.

Explains how to enable or disable SSIDs for users at specific times using time range profiles.

Provides steps to create time range profiles using the Instant UI or the CLI.

Details how to apply a time range profile to a WLAN SSID using the Instant UI.

Explains how to view time range profiles created on an IAP and verify their status.

Describes how IAPs support dynamic DNS for updating DNS records of IAPs and clients.

Explains how to enable DDNS updates for clients when creating or editing a DHCP scope.

Provides commands to view DDNS status on an IAP and the list of DDNS clients.

Explains IAP VPN features, requirements, and recommended setups for corporate connectivity.

Lists supported VPN protocols for remote access, including Aruba IPsec, GRE, and L2TPv3.

Describes procedures for configuring VPN host settings to enable communication with a controller.

Details how to configure an IPsec tunnel to ensure encrypted data flow and secure corporate data.

Explains procedures for configuring GRE tunnels between IAP and controller.

Describes Aruba GRE feature for sending control information for GRE tunnel setup.

Provides information on configuring L2TPv3 tunnels and session profiles through Instant UI or CLI.

Explains how routing profiles determine whether traffic is tunneled through IPsec or bridged locally.

Describes the two components of IAP-VPN architecture: IAPs at branch sites and Controller at datacenter.

Details controller scalability in IAP-VPN architecture based on IPsec tunnel, Branch ID, and datapath limits.

Determines DHCP server and default gateway for clients; supports Local, L2 Switching, and L3 routing modes.

Outlines the necessary configurations for IAP-VPN operations, including VPN host settings and routing profiles.

Explains how to define VPN host settings through More > VPN > Controller in the UI.

Describes how routing profiles determine whether traffic is tunneled through IPsec or bridged locally.

Explains how to create DHCP profiles to determine IAP-VPN mode of operation.

Details how to configure SSID or wired port profiles for IAP-VPN operations.

Explains how to enable dynamic RADIUS proxy to route RADIUS traffic to the required server.

Describes how to configure enterprise domains to determine client DNS request routing.

Explains the key functions of BID allocation process for DHCP services in branches.

Describes how to view branch information connected to the controller using the 'show iap table' command.

Explains Adaptive Radio Management (ARM) for optimizing WLAN performance through channel and power settings.

Details procedures for configuring ARM features, including Band Steering and Airtime Fairness.

Describes how to configure 2.4 GHz and 5 GHz radio settings for an IAP using Instant UI or CLI.

Explains how to trigger ARM to perform frequent scanning and selection of a valid channel using CLI.

Describes AppRF as a Layer 7 firewall capability for creating firewall policies based on application types.

Explains how to enable AppRF visibility to view statistics for IAPs and associated clients.

Details the AppRF dashboard with graphs on client traffic and content filters by App Category, Web Category, and Reputation.

Describes how to enable URL visibility to extract and log HTTP/HTTPS session information.

Provides procedures for configuring access rules based on application and application categories using DPI engine.

Explains how to configure WPE service to block websites based on organization specifications via ACL rules.

Explains Wi-Fi Multimedia (WMM) QoS standard and its support for Voice, Video, Best effort, and Background ACs.

Describes media classification types like Classify Media Flag and STUN Based Media Classification.

Details how Aruba Instant supports tracking VoIP calls by sending location details to a third-party server.

Provides information on configuring AirGroup services for enterprise-class capability and zero configuration networking.

Explains how Instant supports real-time tracking of devices integrated with AMP or third-party RTLS servers.

Details how ALE gathers client information for business purposes by analyzing Internet behavior.

Explains how to configure parameters for managing BLE beacons and secure communication with BMC.

Describes how to configure OpenDNS credentials for accessing OpenDNS for enterprise-level content filtering.

Explains how Palo Alto Networks firewall offers contextual security for users based on user ID.

Provides options to create and execute user management operations using XML API interface.

Explains how Instant supports CALEA integration for lawful interception and electronic surveillance.

Describes AirWave as a platform for managing Aruba wireless, wired, and remote access networks.

Explains how AirWave manages firmware updates for WLAN devices by defining acceptable firmware versions.

Details how an IAP device can be reset to factory default settings through AirWave.

Explains how AirWave allows finding IAPs or clients and viewing real-time monitoring data.

Describes how AirWave automatically creates configuration templates based on existing IAPs.

Explains how AirWave saves actionable information for analyzing network usage and performance trends.

Describes AirWave's advanced, rules-based rogue classification for detecting unauthorized IAPs and clients.

Details WIDS classification integration with Rogue Access Point Detection Software (RAPIDS).

Explains how AirWave supports RF visualization for Instant, providing real-time radio environment pictures.

Describes supported DHCP server formats for AirWave authentication using PSK or certificates.

Explains how to create organization strings for accurately representing IAP deployment in AirWave.

Provides steps to configure AirWave information using Instant UI or CLI.

Describes how IAPs can automatically discover the AMP server via DHCP option 43 and Activate.

Explains how to use standard DHCP options 60 and 43 for IAPs and APs on Windows Server 2008.

Describes Aruba Central's web-based interface for configuring and monitoring Aruba Instant networks.

Explains how to subscribe, register, and manage IAPs through the Central dashboard.

Details how Aruba Central maintains a subscription list to identify authorized and unauthorized IAPs.

Ensures IAPs can download software images from Aruba Cloud-Based Image Service and configure HTTP proxy.

Describes Instant network support for Ethernet, 3G/4G USB modems, and Wi-Fi uplinks.

Explains that the Eth0 port is enabled as an uplink port by default.

Provides steps to configure PPPoE settings for uplink connections using Instant UI or CLI.

Details how Instant supports 3G/4G USB modems for Internet backhaul and extending connectivity.

Explains SIM PIN management functions like locking and unlocking for 3G/4G modems via IAP CLI.

Describes how to configure 3G or 4G uplinks using the Instant UI or CLI.

Explains Wi-Fi uplink support on IAP models, except 802.11ac, with master IAP using the uplink.

Details configuration conditions for Wi-Fi uplink, including binding, disabling, and controller requirements.

Describes procedures for enforcing uplinks, setting priorities, enabling preemption, and switching based on VPN/Internet.

Explains uplink enforcement conditions, using specified uplink as primary, regardless of status.

Details how to set uplink priority using Instant UI or CLI.

Explains uplink preemption conditions, which can be enabled only when no uplink is enforced.

Describes how to switch uplinks based on VPN status and Internet availability.

Provides CLI commands to view uplink status and configuration.

Explains how to detect rogue IAPs, which are unauthorized IAPs plugged into the wired network.

Gathers client OS information to identify rogue or outdated operating systems for patching.

Describes WIP options for detecting and protecting against wireless attacks on APs and clients.

Explains wired and wireless containment mechanisms to prevent unauthorized stations from connecting.

Details how to create the IDS policy for IAPs using the CLI.

Explains the Instant secure enterprise mesh solution for expanding network coverage without wires.

Describes requirements for mesh IAPs, including valid uplink connections and roles (portal/point).

Defines a mesh portal as a gateway between wireless mesh and enterprise wired LAN.

Provides steps to provision IAPs as mesh IAPs, noting that mesh functionality is disabled by default.

Explains how to configure wired bridging on the Enet0 port of an IAP for mesh point function.

Explains how clients roam without losing IP addresses and sessions across networks with same WLAN parameters.

Details how to configure a mobility domain by specifying Instant networks and VC IPs.

Explains Home Agent Load Balancing for large networks to distribute load using a round robin policy.

Explains how spectrum monitor software examines RF environment to identify interference and classify sources.

Consists of a device summary table and channel information for active non-Wi-Fi devices seen by spectrum monitor.

Describes types of non-Wi-Fi interferers detected by the Spectrum Monitor feature.

Shows channel details, summary, and aggregate data for RF environment analysis.

Displays channel quality, availability, and utilization metrics for 2.4 GHz and 5 GHz radio channels.

Reports alerts to VC when a new non-Wi-Fi device is found, including device ID, type, and IP address.

Explains how to provision IAPs as spectrum monitors or hybrid IAPs using background spectrum monitoring.

Details how to convert IAPs to hybrid mode by enabling background spectrum monitoring.

Describes how to configure IAPs to function as stand-alone spectrum monitors.

Explains how to upgrade IAPs using the image check feature for new software images from cloud server.

Details how AirWave manages firmware updates for multiclass IAP networks.

Explains how to perform image upgrades using the Cloud Based Image Check feature.

Provides steps to configure HTTP proxy on IAPs for downloading images from the cloud server.

Details how to upgrade an image using HTTP, TFTP, or FTP URL via CLI.

Explains how to back up IAP configuration data and restore it when required.

Describes how to view the current configuration on the IAP using UI or CLI.

Provides steps to back up IAP configuration data using the Instant UI or CLI.

Details how to restore IAP configuration data by browsing and selecting a configuration file.

Provides information on regulatory domain restrictions for IAP to RAP or CAP conversion.

Explains how to convert an IAP to a Remote AP using the Instant UI or CLI.

Details how to convert an IAP to a Campus AP.

Explains how to deploy an IAP as a stand-alone or autonomous IAP.

Provides CLI commands to convert an IAP to a remote AP or campus AP.

Describes how to reset an IAP to factory default settings using the reset knob.

Explains how to reboot all IAPs or a selected IAP using the Instant UI.

Provides information on configuring SNMPv1, SNMPv2, and SNMPv3 community strings.

Lists the parameters that can be configured for an IAP for SNMP reporting.

Details how to create community strings for SNMPv1 and SNMPv2 using the Instant UI.

Explains how to create community strings for SNMPv3 users using the Instant UI.

Provides CLI commands to configure SNMP engine ID, host, community strings, and users.

Details how to configure external trap receivers for IAP cluster traps using Instant UI or CLI.

Explains how to specify a syslog server for sending syslog messages to external servers.

Provides steps to configure a TFTP server for storing core dump files using Instant UI or CLI.

Describes how to run debugging commands from the UI and lists available support commands.

Explains how IAPs use Iperf3 to measure uplink bandwidth and publish results to ALE.

Describes the Aruba Mobility Access Switch for secure, role-based network access for wired and wireless users.

Explains integration features like Rogue AP containment, PoE prioritization, and GVRP Integration.

Details how to enable Mobility Access Switch integration by enabling LLDP and MAS integration.

Describes a single VPN primary configuration using IPsec with split tunneling for DNS and client traffic.

Outlines a scenario with multiple controllers for redundancy, including VRRP, split tunneling, and distributed DHCP.

Details a multiple controller deployment with primary/backup VPNs, split tunneling, and OSPF.

Describes a single VPN primary configuration using GRE with centralized L2 mode DHCP.