User's Manual
Parameter Description
Blacklist Time Number of seconds that a client is quarantined from the network after being
blacklisted. Default: 3600 seconds (1 hour)
Authentication Failure
Blacklist Time
Time, in seconds, a client is blocked if it fails repeated authentication. The default
setting is 3600 seconds (1 hour). A value of 0 blocks the client indefinitely.
Deny inter user traffic Select this checkbox to deny traffic between the clients using this virtual AP profile.
The global firewall shown the Configuration>Advanced Services > Stateful
Firewall > Global window also includes an option to deny all inter-user traffic,
regardless of the Virtual AP profile used by those clients.
If the global setting to deny inter-user traffic is enabled, all inter-user traffic
between clients will be denied, regardless of the settings configured in the virtual
AP profiles. If the setting to deny inter-user traffic is disabled globally but enabled
on an individual virtual ap, only the traffic between un-trusted users and the clients
on that particular virtual AP will be blocked.
Deny time range Click the drop-down list and select a configured time range for which the AP will
deny access. If you have not yet configured a time range, navigate to
Configuration > Security > Access Control > Time Ranges to define a time
range before configuring this setting in the virtual AP profile.
DoS Prevention If enabled, APs ignore deauthentication frames from clients. This prevents a
successful deauthorization attack from being carried out against the AP. This does
not affect third-party APs. Default: Disabled
HA Discovery
on-association
If enabled, home agent discovery is triggered on client association instead of home
agent discovery based on traffic from client. Mobility on association can speed up
roaming and improve connectivity for clients that do not send many uplink packets
to trigger mobility (VoIP clients). Best practices is to disable this parameter as it
increases IP mobility control traffic between controllers in the same mobility
domain. Enable this parameter only when voice issues are observed in VoIP clients.
Default: Disabled
NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and
configured on the controller. For more information about this parameter, see HA
Discovery on Association on page 605
Mobile IP Enables or disables IP mobility for this virtual AP.
Default: Enabled
Preserve Client VLAN If you select this checkbox, clients retain their previous VLAN assignment if the cli-
ent disassociates from an AP and then immediately re-outassociates either with
same AP or another AP on the same controller.
Remote-AP Operation Configures when the virtual AP operates on a remote AP:
l always—Permanently enables the virtual AP (Bridge Mode only). No
authentication supported.
l backup—Enables the virtual AP if the remote AP cannot connect to the
controller (Bridge Mode only). No authentication supported.
l persistent—Permanently enables the virtual AP after the remote AP initially
connects to the controller (Bridge Mode only).
l standard—Enables the virtual AP when the remote AP connects to the
controller. Use standard option for tunneled, split-tunneled, and Bridge SSIDs.
NOTE: Only open/PSK security mode is allowed for always/backup RAP operation.
No authentication is supported for always/backup.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Virtual APs | 399