Controllerless Networks

 View Only
last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Prevent client from joining an AP

This thread has been viewed 23 times

  • 1.  Prevent client from joining an AP

    Posted Aug 10, 2021 12:12 PM
    Hi,

    I am running an Aruba instant network with two AP-505 running on the 8.6 version. Everything is working great, except one client that constantly switches between the two APs. 

    The client is a Playstation 5 and AP 1 has an RSSI of -58 and AP 2 has an RSSI of -88. For some reason the client frequently sticks to AP 2 with the bad connection despite not being able to get internet on it.

    Is there anything I can do to force this client to connect only to AP 1? Perhaps create a separate SSID for it that is only applied to one AP.

    I have searched but cannot find any such settings.

    Thank you for your help and just in case you need it, here is my config:

    

    version 8.6.0.0-8.6.0
    

    virtual-controller-country GE
    

    virtual-controller-key XXXX
    

    name Home-VC
    

    virtual-controller-ip 192.168.2.2
    

    terminal-access
    

    ntp-server time.google.com
    

    clock timezone Tbilisi 04 00
    

    rf-band 5.0

    

    allow-new-aps

    

    allowed-ap XXX
    

    allowed-ap XXX



    

    arm
    

     wide-bands 5ghz
    

     80mhz-support
    

     min-tx-power 12
    

     max-tx-power 127
    

     band-steering-mode prefer-5ghz
    

     air-time-fairness-mode preferred-access
    

     channel-quality-aware-arm-disable
    

     client-aware
    

     scanning
    

     client-match

    

    rf dot11g-radio-profile
    

     max-distance 0
    

     max-tx-power 15
    

     min-tx-power 6
    

     disable-arm-wids-functions off
    

     free-channel-index 40

    

    rf dot11a-radio-profile
    

     max-distance 0
    

     max-tx-power 127
    

     min-tx-power 12
    

     disable-arm-wids-functions off


    

    syslog-level warn ap-debug 
    

    syslog-level warn network 
    

    syslog-level warn security 
    

    syslog-level warn system 
    

    syslog-level warn user 
    

    syslog-level warn user-debug 
    

    syslog-level warn wireless 



    

    deny-local-routing
    

    extended-ssid



    

    vlan-name vlan_iot
    

    vlan-name vlan_guest
    

    vlan vlan_iot 20
    

    vlan vlan_guest 30










    

    hash-mgmt-password
    

    hash-mgmt-user admin password hash XXXX



    

    wlan access-rule default_wired_port_profile
    

     index 0
    

     rule any any match any any any permit

    

    wlan access-rule wired-SetMeUp
    

     index 1
    

     rule masterip 0.0.0.0 match tcp 80 80 permit
    

     rule masterip 0.0.0.0 match tcp 4343 4343 permit
    

     rule any any match udp 67 68 permit
    

     rule any any match udp 53 53 permit

    

    wlan access-rule "MyNet IoT"
    

     index 2
    

     rule any any match any any any permit

    

    wlan access-rule MyNet
    

     index 3
    

     rule any any match any any any permit

    

    wlan access-rule "MyNet Guest"
    

     index 4
    

     rule any any match any any any permit

    

    wlan ssid-profile "MyNet IoT"
    

     enable
    

     index 0
    

     type employee
    

     essid "MyNet IoT"
    

     wpa-passphrase XXX
    

     opmode wpa2-psk-aes
    

     max-authentication-failures 0
    

     vlan 20
    

     rf-band all
    

     captive-portal disable
    

     dtim-period 1
    

     broadcast-filter none
    

     dmo-channel-utilization-threshold 90
    

     local-probe-req-thresh 0
    

     max-clients-threshold 64

    

    wlan ssid-profile MyNet
    

     enable
    

     index 1
    

     type employee
    

     essid MyNet
    

     wpa-passphrase XXX
    

     opmode wpa3-sae-aes
    

     max-authentication-failures 0
    

     rf-band all
    

     captive-portal disable
    

     dtim-period 1
    

     broadcast-filter none
    

     dmo-channel-utilization-threshold 90
    

     local-probe-req-thresh 0
    

     max-clients-threshold 64
    

     dot11k
    

     dot11v

    

    wlan ssid-profile "MyNet Guest"
    

     enable
    

     index 2
    

     type employee
    

     essid "MyNet Guest"
    

     wpa-passphrase XXX
    

     opmode wpa3-sae-aes
    

     max-authentication-failures 0
    

     vlan 30
    

     rf-band all
    

     captive-portal disable
    

     dtim-period 1
    

     broadcast-filter none
    

     dmo-channel-utilization-threshold 90
    

     local-probe-req-thresh 0
    

     max-clients-threshold 64
    

     dot11k
    

     dot11v

    

    auth-survivability cache-time-out 24



    

    dpi

    

    url-visibility

    

    wlan external-captive-portal
    

     server localhost
    

     port 80
    

     url "/"
    

     auth-text "Authenticated"
    

     auto-whitelist-disable
    

     https


    

    blacklist-time 3600
    

    auth-failure-blacklist-time 3600


    

    ids
    

     wireless-containment none


    

    wired-port-profile wired-SetMeUp
    

     switchport-mode access
    

     allowed-vlan all
    

     native-vlan guest
    

     no shutdown
    

     access-rule-name wired-SetMeUp
    

     speed auto
    

     duplex auto
    

     no poe
    

     type guest
    

     captive-portal disable
    

     no dot1x

    

    wired-port-profile default_wired_port_profile
    

     switchport-mode trunk
    

     allowed-vlan all
    

     native-vlan 1
    

     shutdown
    

     access-rule-name default_wired_port_profile
    

     speed auto
    

     duplex full
    

     no poe
    

     type employee
    

     captive-portal disable
    

     no dot1x


    

    enet0-port-profile default_wired_port_profile

    

    uplink
    

     preemption
    

     enforce none
    

     failover-internet-pkt-lost-cnt 10
    

     failover-internet-pkt-send-freq 30
    

     failover-vpn-timeout 180



    

    airgroup
    

     disable

    

    airgroupservice airplay
    

     enable
    

     description AirPlay

    

    airgroupservice airprint
    

     enable
    

     description AirPrint

    

    airgroupservice itunes
    

     enable

    

    airgroupservice remotemgmt
    

     enable

    

    airgroupservice sharing
    

     enable

    

    airgroupservice googlecast
    

     enable

    

    airgroupservice AmazonTV
    

     enable

    

    airgroupservice DIAL
    

     enable

    

    airgroupservice "DLNA Media"
    

     enable

    

    airgroupservice "DLNA Print"
    

     enable





    

    cluster-security
    

     allow-low-assurance-devices


    ------------------------------
    Kim Streich
    ------------------------------


  • 2.  RE: Prevent client from joining an AP

    EMPLOYEE
    Posted Aug 19, 2021 07:48 PM
    i suggest you set the min/max Tx power for 11g radio  to 6/9 and for 5g radio to 18/21 and check the result

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------

    Original Message


  • 3.  RE: Prevent client from joining an AP

    Posted Aug 20, 2021 04:20 AM
    Keep in mind that this value is entered in 0.5 dB increments:


    max-tx-power ARM Max Tx Power in 0.5 dB increments (0-51)
    min-tx-power ARM Min Tx Power in 0.5 dB increments (0-51)
    Original Message


  • 4.  RE: Prevent client from joining an AP

    Posted Aug 23, 2021 03:34 AM
    Thank you very much for your responses. I will try that.

    But does it mean that there is no way to create an SSID that only works on one AP or prevent a client from joining a specific AP?

    ------------------------------
    Kim Streich
    ------------------------------

    Original Message


  • 5.  RE: Prevent client from joining an AP

    EMPLOYEE
    Posted Aug 23, 2021 04:28 AM
    you can use zones and only advertise a specific SSID on a specific number of APs
    https://www.arubanetworks.com/techdocs/Instant_87_WebHelp/Content/instant-ug/custom-iap-param/conf-zone-sett.htm?Highlight=zone

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------

    Original Message


  • 6.  RE: Prevent client from joining an AP

    Posted Aug 23, 2021 06:38 AM
    Amazing, this is exactly what I have been looking for.

    Thank you all so much!

    ------------------------------
    Kim Streich
    ------------------------------

    Original Message