Controllerless Networks

2.1.1 Change vendor-supplied defaults for wireless environments. A device fails if the passphrases, SSIDs or other security-related settings are on a list of forbidden values. This list includes common manufacturer defaults.

Could it be the name or if the SSID contains "GUEST"?

Did you change the admin password on the IAP?

Yes what is the CDE Subnets/SSIDs on the report? Maybe if I exclude Guest..

EDIT: Nope still failed

There isn't a list in the PCI-DSS of pre or pro-scribed settings, just this:

2.1.1
For wireless environments connected to the cardholder data
environment or transmitting cardholder data, change wireless
vendor defaults, including but not limited to default wireless encryption
keys, passwords, and SNMP community strings.

 I don't know what Aruba's tool checks for, so I can't really tell you what else to look at.

So better go back and check that you're on WPA2 and using a good key.

Also move to SNMP3 with good keys if you haven't already.

Can you provide more detail?

-What tool generated this audit?

-Does that tool offer a list of "forbidden values"?

-What version of InstantOS?

PCI Compliance Report from Aruba Central

Yes, using a pre-shared key on guest wireless/VLAN

probably but includes numbers/uppercase - should I change and run scan again?