User's Manual
Parameter Description
processed by the AP, which then sends out responses as needed.
An AP in bridge mode does not support captive portal authentication. Both
remote and campus APs can be configured in bridge mode. Note that you must
enable the control plane security feature on the controller before you configure
campus APs in bridge mode.
l Split-Tunnel: 802.11 frames are either tunneled or bridged, depending on the
destination (corporate traffic goes to the controller, and Internet access
remains local).
A remote AP in split-tunnel forwarding mode handles all 802.11 association
requests and responses, encryption/decryption, and firewall enforcement. the
802.11e and 802.11k action frames are also processed by the remote AP, which
then sends out responses as needed.
l Decrypt-Tunnel: Both remote and campus APs can be configured in decrypt-
tunnel mode. When an AP uses decrypt-tunnel forwarding mode, that AP
decrypts and decapsulates all 802.11 frames from a client and sends the 802.3
frames through the GRE tunnel to the controller, which then applies firewall
policies to the user traffic.
When the controller sends traffic to a client, the controller sends 802.3 traffic
through the GRE tunnel to the AP, which then converts it to encrypted 802.11
and forwards to the client. This forwarding mode allows a network to utilize the
encryption/decryption capacity of the AP while reducing the demand for
processing resources on the controller.
APs in decrypt-tunnel forwarding mode also manage all 802.11 association
requests and responses, and process all 802.11e and 802.11k action frames.
APs using decrypt-tunnel mode do have some limitations that not present for
APs in regular tunnel forwarding mode.
You must enable the control plane security feature on the controller before you
configure campus APs in decrypt-tunnel forward mode.
NOTE: Virtual APs in bridge or split-tunnel mode using static WEP should use key
slots 2-4 on the controller. Key slot 1 should only be used with Virtual APs in tunnel
mode.
Allowed band The band(s) on which to use the virtual AP:
l a—802.11a band only (5 GHz).
l g—802.11b/g band only (2.4 GHz).
l all—both 802.11a and 802.11b/g bands (5 GHz and 2.4 GHz). This is the default
setting.
Band Steering ARM’s band steering feature encourages dual-band capable clients to stay on the
5GHz band on dual-band APs. This frees up resources on the 2.4GHz band for
single band clients like VoIP phones.
Band steering reduces co-channel interference and increases available bandwidth
for dual-band clients, because there are more channels on the 5GHz band than on
the 2.4GHz band. Dual-band 802.11n-capable clients may see even greater
bandwidth improvements, because the band steering feature will automatically
select between 40MHz or 20MHz channels in 802.11n networks. This feature is
disabled by default, and must be enabled in a Virtual AP profile.
The band steering feature supports both campus APs and remote APs that have a
virtual AP profile set to tunnel, split-tunnel or bridge forwarding mode. Note,
however, that if a campus or remote APs has virtual AP profiles configured in
bridge or split-tunnel forwarding mode but no virtual AP in tunnel mode, those APs
will gather information about 5G-capable clients independently and will not
exchange this information with other APs that also have bridge or split-tunnel
virtual APs only.
Steering Mode Band steering supports the following three different band steering modes.
l Force-5GHz: When the AP is configured in force-5GHz band steering mode, the
AP will try to force 5Ghz-capable APs to use that radio band.
l Prefer-5GHz (Default): If you configure the AP to use prefer-5GHz band
Dell Networking W-Series ArubaOS 6.4.x | User Guide Virtual APs | 397