Filter
Top Products
332 | VirtualAPs DellPowerConnectW-SeriesArubaOS6.2 | User Guide
In the CLI
(host)(config) #wlan ssid-profile guest
opmode opensystem
(host)(config) #wlan virtual-ap guest
vap-enable
vlan 2
d>eny-time-range workhours
ssid-profile guest
aaa-profile default-open
(host)(config) #ap-name building3-lobby
virtual-ap guest
Enabling bSec SSID Support
The bSec protocol is a pre-standard protocol that has been proposed to the IEEE 802.11 committee as an
alternative to 802.11i. The main difference between bSec and standard 802.11i is that bSec implements Suite B
algorithms wherever possible. Notably, AES-CCM is replaced by AES-GCM, and the Key Derivation Function
(KDF) of 802.11i is upgraded to support SHA-256 and SHA-384. In order to provide interoperability with standard
Wi-Fi software drivers, bSec is implemented as a shim layer between standard 802.11 Wi-Fi and a Layer 3 protocol
such as IP. A controller configured to advertise a bSec SSID will advertise an open network, however only bSec
frames will be permitted on the network.
The bSec protocol requires that you use VIA 2.1.1 or greater on the client device. Consult VIA documentation for
more information on configuring and installing VIA.
The bSec protocol is available in 128-bit mode and 256-bit mode. The number of bits specifies the length of the
AES-GCM encryption key. Using United States Department of Defense classification terminology,
bSec-128 is suitable for protection of information up to the SECRET level, while bSec-256 is suitable for protection
of information up to the TOP SECRET level.
In the CLI
To enable a bSec SSID using bSec-128, configure the opmode parameter in the SSID profile:
(host) (config) #wlan ssid-profile <profilename>
(host) (SSID Profile "<profilename>") #opmode bSec-128
To enable a bSec SSID using bSec-256, configure the opmode parameter in the SSID profile:
(host) (config) #wlan ssid-profile <profilename>
(host) (SSID Profile "<profilename>") #opmode bSec-256
In the WebUI
To enable bSec SSID using bSec-128 or bSec-256:
1. Navigate to Configuration >AP Group>Wireless LAN>Virtual AP>SSID Profile.
2. Select the Advanced Tab.
3. Next to Encryption, select bSec-128 and/or bSec-256.
4. Click Apply.
Sample Configuration
The example below follows the suggested order of steps to configure a virtual AP using the command-line interface.
(host)(config) #vlan 60
!
(host)(config) #ip access-list session THR-POLICY-NAME-WPA2
user any any permit
!