Filter
Top Products
Parameter Description
the AP, and the controller is not able to convert that broadcast traffic.
Beginning with ArubaOS 6.1.3.2, this parameter is enabled by default. Behaviors associated with
these settings are enabled upon upgrade to ArubaOS 6.1.3.2. If your controller supports clients
behind a wireless bridge or virtual clients on VMware devices, you must disable this setting to
allow those clients to obtain an IP address. In previous releases of ArubaOS, the virtual AP
profile included two unique broadcast filter parameters; the drop broadcast and multicast
parameter, which filtered out all broadcast and multicast traffic in the air except DHCP
response frames (these were converted to unicast frames and sent to the corresponding client)
and the conert ARP requests to unicast parameter, which converted broadcast ARP requests to
unicast messages sent directly to the client.
Starting with ArubaOS 6.1.3.2, the Convert Broadcast ARP requests to unicast setting includes
the additional functionality of broadcast-filter all parameter, where DHCP response frames are
sent as unicast to the corresponding client. This can impact DHCP discover/requested packets
for clients behind a wireless bridge and virtual clients on VMware devices. Disable this option
to resolve this issue and allow clients behind a wireless bridge or VMware devices to receive
an IP address.
Default: Enabled
Advanced Configuration Settings
Dynamic Multicast Opti-
mization (DMO) Threshold
Maximum number of high-throughput stations in a multicast group beyond which dynamic
multicast optimization stops.
Range: 2-255 stations
Default: 6 stations.
Blacklist Time Number of seconds that a client is quarantined from the network after being blacklisted.
Default: 3600 seconds (1 hour)
Authentication Failure
Blacklist Time
Time, in seconds, a client is blocked if it fails repeated authentication. The default setting is
3600 seconds (1 hour). A value of 0 blocks the client indefinitely.
Deny inter user traffic Select this checkbox to deny traffic between the clients using this virtual AP profile.
The global firewall shown the Configuration>Advanced Services > Stateful Firewall > Global
window also includes an option to deny all inter-user traffic, regardless of the Virtual AP profile
used by those clients.
If the global setting to deny inter-user traffic is enabled, all inter-user traffic between clients
will be denied, regardless of the settings configured in the virtual AP profiles. If the setting to
deny inter-user traffic is disabled globally but enabled on an individual virtual ap, only the traffic
between un-trusted users and the clients on that particular virtual AP will be blocked.
Deny time range Click the drop-down list and select a configured time range for which the AP will deny access.
If you have not yet configured a time range, navigate to Configuration > Security > Access
Control > Time Ranges to define a time range before configuring this setting in the virtual AP
profile.
DoS Prevention If enabled, APs ignore deauthentication frames from clients. This prevents a successful
deauthorization attack from being carried out against the AP. This does not affect third-party
APs. Default: Disabled
HA Discovery
on-association
If enabled, home agent discovery is triggered on client association instead of home agent
discovery based on traffic from client. Mobility on association can speed up roaming and
improve connectivity for clients that do not send many uplink packets to trigger mobility (VoIP
clients). Best practices is to disable this parameter as it increases IP mobility control traffic
between Dell controllers in the same mobility domain. Enable this parameter only when voice
issues are observed in VoIP clients.
Default: Disabled
NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and configured
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualAPs | 323