(AOS83) [mynode] #show ap database
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP
---- ----- ------- ---------- ------ ----- --------- ----------
Flags: 1 = 802.1x authenticated AP use EAP-PEAP; 1+ = 802.1x use EST; 1- = 802.1x use factory cert; 2 = Using IKE version 2
(AOS83) [mynode] #show ap-group
default
NoAuthApGroup
rap
<profile-name> Profile name
| Output Modifiers
<cr>
(AOS83) [mynode] #show ap-group rap
AP group "rap"
--------------
Parameter Value
--------- -----
Virtual AP ArubaRAP
802.11a radio profile default
802.11g radio profile default
Ethernet interface 0 port configuration default
Ethernet interface 1 port configuration default
Ethernet interface 2 port configuration shutdown
Ethernet interface 3 port configuration shutdown
Ethernet interface 4 port configuration shutdown
AP system profile default
AP multizone profile default
802.11a Traffic Management profile N/A
802.11g Traffic Management profile N/A
Regulatory Domain profile default
RF Optimization profile default
RF Event Thresholds profile default
IDS profile default
Mesh Radio profile default
Mesh Cluster profile N/A
Provisioning profile N/A
AP authorization profile N/A
(AOS83) [mynode] #show wlan virtual-ap
ArubaRAP
default
<profile-name> Profile name
| Output Modifiers
<cr>
(AOS83) [mynode] #show wlan virtual-ap arubaRAP
Virtual AP profile "ArubaRAP"
-----------------------------
Parameter Value
--------- -----
AAA Profile ArubaRAP
802.11K Profile default
Hotspot 2.0 Profile N/A
Virtual AP enable Enabled
VLAN 1
Forward mode tunnel
SSID Profile ArubaRAP
Allowed band all
Band Steering Disabled
Cellular handoff assist Disabled
Openflow Enable Enabled
Steering Mode prefer-5ghz
Dynamic Multicast Optimization (DMO) Disabled
Dynamic Multicast Optimization (DMO) Threshold 6
Drop Broadcast and Multicast Disabled
Convert Broadcast ARP requests to unicast Enabled
Authentication Failure Blacklist Time 3600 sec
Blacklist Time 3600 sec
Deny inter user traffic Disabled
Deny time range N/A
DoS Prevention Disabled
HA Discovery on-association Enabled
Mobile IP Enabled
Preserve Client VLAN Disabled
Remote-AP Operation standard
Station Blacklisting Enabled
Strict Compliance Disabled
VLAN Mobility Disabled
WAN Operation mode always
FDB Update on Assoc Disabled
WMM Traffic Management Profile N/A
Anyspot profile N/A
(AOS83) [mynode] #show aaa profile
ArubaRAP
default
default-dot1x
default-dot1x-psk
default-iap-aaa-profile
default-mac-auth
default-open
default-tunneled-user
default-xml-api
NoAuthAAAProfile
<profile-name> Profile name
| Output Modifiers
<cr>
(AOS83) [mynode] #show aaa profile arubaRAP
AAA Profile "ArubaRAP"
----------------------
Parameter Value
--------- -----
Initial role authenticated
MAC Authentication Profile N/A
MAC Authentication Default Role guest
MAC Authentication Server Group default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from CPPM Disabled
Set username from dhcp option 12 Disabled
L2 Authentication Fail Through Disabled
Multiple Server Accounting Disabled
User idle timeout N/A
Max IPv4 for wireless user 2
RADIUS Accounting Server Group N/A
RADIUS Roaming Accounting Disabled
RADIUS Interim Accounting Disabled
RADIUS Acct-Session-Id In Access-Request Disabled
XML API server N/A
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Enabled
Reauthenticate wired user on VLAN change Disabled
Device Type Classification Enabled
Enforce DHCP Disabled
PAN Firewall Integration Disabled
Open SSID radius accounting Disabled
(AOS83) [mynode] #show wlan ssid-profile
ArubaRAP
default
<profile-name> Profile name
| Output Modifiers
<cr>
(AOS83) [mynode] #show wlan ssid-profile arubaRAP
SSID Profile "ArubaRAP"
-----------------------
Parameter Value
--------- -----
SSID enable Enabled
ESSID ArubaRAP
WPA Passphrase N/A
Encryption opensystem
Enable Management Frame Protection Disabled
Require Management Frame Protection Disabled
DTIM Interval 1 beacon periods
802.11a Basic Rates 6 12 24
802.11a Transmit Rates 6 9 12 18 24 36 48 54
802.11g Basic Rates 1 2
802.11g Transmit Rates 1 2 5 6 9 11 12 18 24 36 48 54
Station Ageout Time 1000 sec
Max Transmit Attempts 8
RTS Threshold 2333 bytes
Short Preamble Enabled
Max Associations 64
Wireless Multimedia (WMM) Disabled
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave Enabled
WMM TSPEC Min Inactivity Interval 0 msec
DSCP mapping for WMM voice AC (0-63) N/A
DSCP mapping for WMM video AC (0-63) N/A
DSCP mapping for WMM best-effort AC (0-63) N/A
DSCP mapping for WMM background AC (0-63) N/A
WMM Access Class of EAP traffic default
Multiple Tx Replay Counters Enabled
Hide SSID Disabled
Deny_Broadcast Probes Disabled
Local Probe Request Threshold (dB) 0
Auth Request Threshold (dB) 0
Disable Probe Retry Enabled
Battery Boost Disabled
WEP Key 1 N/A
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
WPA Hexkey N/A
Maximum Transmit Failures 0
EDCA Parameters Station profile N/A
EDCA Parameters AP profile N/A
BC/MC Rate Optimization Disabled
Rate Optimization for delivering EAPOL frames Enabled
Strict Spectralink Voice Protocol (SVP) Disabled
High-throughput SSID Profile default
802.11g Beacon Rate default
802.11a Beacon Rate default
Video Multicast Rate Optimization default
Advertise QBSS Load IE Disabled
Advertise Location Info Disabled
Advertise AP Name Disabled
Traffic steering from WLAN to cellular Disabled
802.11r Profile N/A
Enforce user vlan for open stations Disabled
Enable OKC Enabled
In Fact, we use the role logon frist, and change to authenticated, because we think if there are some limits for logon ?
(AOS83) [mynode] #show rights authenticated
Valid = 'Yes'
CleanedUp = 'No'
Derived Role = 'authenticated'
Up BW:No Limit Down BW:No Limit
L2TP Pool = rap_pool1
PPTP Pool = default-pptp-pool
Number of users referencing it = 0
Periodic reauthentication: Disabled
DPI Classification: Enabled
Youtube education: Disabled
Web Content Classification: Enabled
IP-Classification Enforcement: Enabled
ACL Number = 79/0
Openflow: Enabled
Max Sessions = 65535
Check CP Profile for Accounting = TRUE
Application Exception List
--------------------------
Name Type
---- ----
Application BW-Contract List
----------------------------
Name Type BW Contract Id Direction
---- ---- ----------- -- ---------
access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 global-sacl session
2 apprf-authenticated-sacl session
3 ra-guard session
4 allowall session
5 v6-allowall session
global-sacl
-----------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------ --------
apprf-authenticated-sacl
------------------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------ --------
ra-guard
--------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------ --------
1 user any icmpv6 rtr-adv deny Low 6
allowall
--------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------ --------
1 any any any permit Low 4
2 any any any-v6 permit Low 6
v6-allowall
-----------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------ --------