Dynamic VLAN assignment with 802.

1x Radius
server and autonomous Wireless AP

Table of Contents
1 Summary..............................................................................1
2 Test network.........................................................................2
3 Test results...........................................................................4
3.1 Aruba.............................................................................................................. 4
3.2 Cisco............................................................................................................... 4

4 Recommendations.................................................................6
4.1
4.2
4.3
4.4

Aruba.............................................................................................................. 6
Cisco............................................................................................................... 6
Encryption types [1]......................................................................................... 6
Further design considerations.........................................................................7

5 Access switch configuration (HP)............................................8

6 Aruba Access Point configuration...........................................9
6.1 Employee Network configuration....................................................................9
6.2 Guest network configuration........................................................................15
6.3 Access Point configuration............................................................................ 20
6.4 Verification.................................................................................................... 24
6.4.1 Example test output1 (Student VLAN)...................................................24
6.4.2 Example test output2 (Staff VLAN).........................................................25
6.4.3 Example test output3 (guest VLAN)........................................................26

7 Cisco Access Point configuration...........................................27

7.1 Configuring Dynamic VLAN, 802.1x authentication and WPA-2 encryption on
the Cisco AP......................................................................................................... 27
7.2 Verification of the Dynamic VLAN using the Cisco AP...................................31
7.2.1 Example results (Staff VLAN)..................................................................31
7.2.2 Example result 2 (Student VLAN:............................................................32

8 References..........................................................................33

1 Summary
This report contains the details of the testing that was performed on two
wireless access points Aruba iAP-93 and Cisco AIR AP1131G.
Based on the test results, if the Aruba AP is used, it is recommended that
two separate SSIDs are set up, one for staff and students and the other for
guests with the following recommended authentication and encryption
combinations. If only one SSID is desired, then the guest will need to
access the network via 802.1x authentication as well. To do this, a guest
account for use by all guests will need to be set up on the Radius server.
There are two options available if the Cisco wireless access point is used.
One option is enable just one SSID for all users staff, students and
guests, and configure a guest account on the Radius server for guests to
use when connecting to the network. Alternatively, multiple SSIDs would
need to be configured, one per VLAN, as dynamic VLAN is not supported.

2 Test network
The diagram below shows the prototype network.

A Windows Server 2008 Network Access Protection feature was used as

the Radius Server to perform the 802.1x authentication for the wireless
users connected to the wireless access point.
The Radius server performs Active Directory authentication and the VLAN
was assigned based upon the AD usergroup that the user belonged to:
Two user groups were set up:
-

Student: VLAN 100 (172.23.4.129/26)

Staff : VLAN 200 (172.23.4.193/26)

The access switch were used for L2 switching.

The school core switch did L2 switching and was configured as the DHCP
server.
HP A5120-48G EI doing L2 switching (access switch)
HP A5500-24G-SFP EI doing L2 switching and being the DHCP server (core
switch)
Cisco1941/K9 router doing L3 routing
2

Two different wireless access points (Aruba and Cisco) and their
interoperability with two different access switches (HP and Maipu) were
tested.
The details of the hardware and software versions used on the test
network are detailed in the table below.
Network
equipment

Hardware

Software

Wireless access
point 1
(device under test)

Aruba iAP-93

Version 6.1.3.4-3.1.0.0

Wireless access
point 2
(device under test)

Cisco AP1131G

Cisco IOS Software, C1130 Software

(C1130-K9W7-M), Version
12.4(25d)JA1, RELEASE SOFTWARE
(fc1)
BOOTLDR: C1130 Boot Loader
(C1130-BOOT-M) Version 12.3(8)JEA,
RELEASE SOFTWARE (fc2)

School access
switch 1
(interoperability
test)

HP A5120-48G
EI

Comware Software, Version 5.20, Rel

2208
Hardware Version REV.B
Bootrom Version is 607

School access
switch 2
(interoperability
test)

Maipu SM330028T

SoftWare Version 6.2.138.80

BootRom Version 4.10.2
HardWare Version 3.0

School core switch

HP A5500-24GSFP EI

School router

Cisco 1941/K9
(revision 1.0)

Comware Software, Version 5.20, Rel

2208
Hardware Version is REV.C
Bootrom Version is 707
Cisco IOS Software, C1900 Software
(C1900-UNIVERSALK9-M), Version
15.0(1)M3, RELEASE SOFTWARE
(fc2)
ROM: System Bootstrap, Version
15.0(1r)M6, RELEASE SOFTWARE
(fc1)

R1

Cisco 1941/K9
(revision 1.0)

Cisco IOS Software, C1900 Software

(C1900-UNIVERSALK9-M), Version
15.0(1)M2, RELEASE SOFTWARE
(fc2)

ROM: System Bootstrap, Version

15.0(1r)M6, RELEASE SOFTWARE
(fc1)
Data centre router

Cisco 1941/K9
(revision 1.0)

Cisco IOS Software, C1900 Software

(C1900-UNIVERSALK9-M), Version
15.0(1)M3, RELEASE SOFTWARE
(fc2)
ROM: System Bootstrap, Version
15.0(1r)M6, RELEASE SOFTWARE
(fc1)

Data centre core

switch

HP A5500-24GSFP EI

Comware Software, Version 5.20, Rel

2208
Hardware Version is REV.C
Bootrom Version is 707

3 Test results
The following are the finding that were found during testing:

3.1 Aruba
-

Dynamic VLAN is supported (need to use the version 6.1.3.4

firmware)
802.1x authentication is supported
WPA2 (AES encryption), WPA (TKIP encryption) and WEP encryption
is supported.
Multiple SSIDs is supported
Not possible to configure a guest VLAN and Auth-Fail VLAN in the
same way that can be done for wired LANs
When the SSID is configured to use 802.1x with any of the
encryption types, it is not possible for the user to connect to the
network without providing any user credentials for authentication
Aruba has a feature to limit the bandwidth per user. However this
was difficult to prove during testing.

The following issues were seen while testing the Aruba access point.
-

Captive Portal does not display when connecting to the guest

network (Use WEP/WPA for guest network as workaround)
The display of the client is not correct when connecting to the guest
network
Cannot delete dynamic vlan assignment rule (reset the AP to factory
default and re-configured the AP)
Using the Mac, the aruba AP could not be reached via wifi to
configure the AP. To get around this, access via console or LAN port
is needed.

3.2 Cisco
-

Dynamic VLAN is supported if just one SSID is configured.

8802.1x authentication is supported.
WPA2, WPA and WEP encryption is supported. (However during
testing, it was found that the 802.1x with WEP only worked with the
Mac OS)
If multiple SSIDs are enabled, Radius-assigned VLANs are not
supported.
Not possible to configure a guest VLAN and Auth-Fail VLAN in the
same way that can be done for wired LANs
When the SSID is configured to use 802.1x with any of the
encryption types, it is not possible for the user to connect to the
network with providing any user credentials for authentication
Radius assigned VLAN feature is not supported for SSIDs using CCKM

It is not possible to configure the Windows Server to return a guest vlan

when the authentication fails.
Multiuser/Capacity testing was not been done.

Aruba AP test results

Test
1
2
3
4
5
6
7
8
9
10
11
12
13

Description
Interoperability with the HP access
switch
Interoperability with the Maipu access
switch
Dynamic VLAN Support
802.1x with WEP
802.1x with WPA1 (TKIP)
802.1x with WPA2 (AES)
802.1x with WPA2 and WPA1
Multiple SSID
Interoperability with Mac OS clients
Interoperability with Windows clients
Guest network captive portal
Assign user to Guest VLAN when user
connects to the 802.1x network but does
not enter authentication details
Assign user to Auth-Fail VLAN when user
enters incorrect authentication details

Result
Pass
Pass
Pass
Pass
Pass
Pass
Pass
Pass
Pass
Pass
Failed the user was
not redirected to the
captive portal
Not supported
Not supported

Cisco AP test results

Test
1

Description
Interoperability with the HP access
switch
Interoperability with the Maipu access
switch
Dynamic VLAN Support

802.1x with WEP

5
6
7

802.1x with WPA1 (TKIP)

802.1x with WPA2 (AES)
Multiple SSID

8
9
10

Interoperability with Mac OS clients

Interoperability with Windows clients
Assign user to Guest VLAN when user
connects to the 802.1x network but

Pass
Pass
Pass
Pass (Only if one SSID is
configured. Multiple SSID
and Dynamic VLAN is not
supported)
Worked with the Mac OS,
but failed with the
Windows PC
Pass
Pass
Pass (But Dynamic VLAN
will not be supported)
Pass
Pass
Not supported

11

does not enter authentication details

Assign user to Auth-Fail VLAN when
user enters incorrect authentication
details

Not supported

4 Recommendations
Based on the test findings, the following setup is recommended.

4.1 Aruba
It is recommended that two separate SSIDs are set up, one for staff and
students and the other for guests with the following recommended
authentication and encryption combinations.
Users
Staff and
students
Guests

Network
Type
Employee

Authentication

Encryption

802.1x

AES (WPA2)

Guest

Captive Portal*

None/WEP?

*During testing, the captive portal functionality was not working. At the
time of writing, there is an open query with Aruba on this. If a captive
portal is not used, then it is recommended that at least WEP is setup to
prevent two many users using the access point.
If only one SSID is desired, then the guest will need to access the network
via 802.1x authentication as well. To do this, a guest account for use by all
guests will need to be set up on the Radius server.

4.2 Cisco
When multiple SSID is enabled on the Cisco wireless access point, dynamic
VLAN is not supported. Therefore, there are two options available if the
Cisco wireless access point is used.
One option is enable just one SSID for all users staff, students and
guests, and configure a guest account on the Radius server for guests to
use when connecting to the network. a
Alternatively, multiple SSIDs would need to be configured, one per VLAN,
as dynamic VLAN is not supported. i.e.
Users
Staff
Students
Guests

Authentication
802.1x
802.1x
None

4.3 Encryption types

Encryption
AES (WPA2)
AES (WPA2)
None/WEP/WPA

[1]

Both The Cisco and Aruba wireless access points support the following
encryption types:

WEP
WEP is an authentication method where all users typically share the same
key. WEP is easily broken and is not secure.
TKIP
TKIP uses the same encryption algorithm as WEP, but TKIP is more secure
and has additional message integrity checks. Recently, vulnerabilities in
the TKIP encryption method has been exposed. It is recommended that
users migrate from TKIP to AES.
AES
The Advanced Encryption Standard (AES) encryption algorithm is now
widely supported and is the recommended encryption type for all
wireless networks that contain confidential data. AES leverages
802.1x to generate per station keys for all devices. AES provides a high
level of security.
WEP and TKIP are limited to WLAN connection speeds of 54 Mbps. For
802.11n connections, only AES encryption is supported.

4.4 Further design considerations

This study did not investigate other features offered by the wireless access
points such as:
-

Wireless monitoring features

Max associations per ssid
The bandwidth limit per user to set for the guest network
Firewalls
Walled gardens
SNMP, syslog, NTP configuration
The advanced configuration options available while configuring the
temployee/guest network on the Aruba AP.

5 Access switch configuration (HP)

The switch configuration is pretty simple and will not be covered in detail.
The switch is doing L3 routing. The interfaces connected to the wireless
access points were configured as trunks.
#
vlan 1
#
vlan 5
name Guest
#
vlan 100
name Student
#
vlan 200
name Staff
#
interface Vlan-interface1
ip address 172.23.4.34 255.255.255.224
#
#
interface GigabitEthernet1/0/25
description Conn_to_CiscoAP
port link-type trunk
port trunk permit vlan 1 5 100 200
dhcp-snooping trust
#
#
interface GigabitEthernet1/0/35
description Conn_to_ArubaAP
port link-type trunk
port trunk permit vlan 1 5 100 200
dhcp-snooping trust
#
#
ip route-static 0.0.0.0 0.0.0.0 172.23.4.33
#

10

6 Aruba Access Point configuration

This section describes the method for configuring the Aruba Access Point
to support dynamic VLAN and 802.1x authentication based on the first
recommendation mentioned in Section 4.1.
(For instructions on how to set up the access point initially and access the
GUI, please refer to [1].)

6.1 Employee Network configuration

Using the GUI, under the Network tab, select New.

11

When the New WLAN window appears, select Employee as the

primary usage.
Click Show advanced options if you wish to configure the
Broadcast/Multicast, Bandwidth Limits, Transmit Rates and Miscellaneous
settings.

12

Click Next to configure the VLAN settings.

Under Client IP assignment, select Network assigned.
Under Client VLAN assignment, select Dynamic.
Configure the following VLAN Assignment rules :
-

If Tunnel-Private-Group-Id equals 100 assign VLAN 100

If Tunnel-Private-Group-Id equals 200 assign VLAN 200

If Tunnel-Private-Group-Id equals 5 assign VLAN 5 (Note: Only

provision this if you plan to create a Guest account on the Radius
server for guests to use when logging into the network)

Default VLAN: 5

13

Click Next to configure the Security settings.

Select the key management type you wish to use. (Please refer to the
Section 4.3 Encryption types [1] for more information on the different
key management types). I
In the example below, WPA-2 Enterprise is chosen and is the
recommended option if installing the AP in a network where all the
wireless APs and devices support this.

14

Configure the external Radius server by clicking the Edit button on the
Authentication server 1 field.
Enter the details of the Radius server. The NAS IP address should be
configured to be the IP address of the Aruba wireless Virtual Controller.
(Note that the Radius server must be configured with the details of the
Aruba NAS IP as well).
Similarly, if necessary, configure the backup external Radius server by
clicking the Edit button on the Authentication server 2 field.

15

Click Next to continue.

Use the Access Rules page to specify the access rules for the network.
In the example below, Unrestricted sets no restrictions on access
based on destination or type of traffic.

Click Finish. The network is added and listed in the Networks tab.

16

6.2 Guest network configuration

Using the GUI, under the Network tab, select New.
Configure the WLAN settings.
Under Primary usage, select Guest.
Select Show advanced options. If desired, configure bandwidth limits
to each user.

17

Click Next to configure the VLAN assignment.

Under Client IP assignment, select Network assigned.
Under Client VLAN assignment, select Static.
Under VLAN ID, select 5.

18

Click Next to configure the Security settings for this SSID.

Under Splash page type, select Internal Authenticated. Using
this option the user has to accept and terms and conditions and enter a
username and password on the captive portal page.
Under Auth server 1 select InternalServer.
Under Internal server, click Users to populate the systems internal
authentication server with users.
Configure the Reauth interval, Blacklisting and Max auth
failuresas per the requirements for this network.
The Splash Page Visuals may be edited cy clicking on the thumbnail.
(Note: At time of writing, when this option was tested, the captive
portal was not displayed. As a workaround, it is recommended,
that instead of disabling encryption, WEP/WPA/WPA2 encryption
should be enabled for the network.)

19

Click Next to get to the Access Rules configuration screen.

Configure the Access Rules as per the requirements of this network.

20

Click Finish. The network is added and listed in the Networks tab

21

6.3 Access Point configuration

In the main GUI screen, under the Access Point tab, Edit the access
point.
Configure the access point IP as per the network requirements.
The screen shot below shows the configuration used in the test network.

22

After selecting OK, there will be a message box informing you to reboot
the access point for the changes to take effect. Before rebooting the
access point, configure the IP address of the Virtual Controller.

23

At the top right hand corner of the GUI, select Settings.

Configure the Virtual Controller IP of the Aruba access point. This IP
address must be the NAS IP address used to communicate with the
external radius server.

24

Reboot the access point.

25

6.4 Verification
6.4.1

Example test output1 (Student VLAN)

Connect to the aruba_private_test network, and authenticate using a

student account (username mandyv).
The user was assigned and IP address in the student VLAN as expected.

26

6.4.2

Example test output2 (Staff VLAN)

Connect to the aruba_private_test network, and authenticate using a

account account (username choowm12345).
The user was assigned and IP address in the staff VLAN as expected.

27

6.4.3

Example test output3 (guest VLAN)

Connect to the guest network. (Do not need to authenticate to the Radius
server).
The user is able to connect and is assigned an IP in the guest VLAN as expected.
However two problems were encountered:
1. The captive portal was not displayed
2. In the client list on the GUI, the Username of the client was incorrect (it
should have been blank), but the IP address listed is correct.

28

7 Cisco Access Point configuration

7.1 Configuring Dynamic VLAN, 802.1x authentication
and WPA-2 encryption on the Cisco AP
The following is for configuring the Cisco access point to support dynamic
VLAN, 802.1x authentication and WPA-2 (AES) encryption. Comments are
in-line.
ap#sh run
Current configuration : 3654 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$Itc.$89WAZQCXYHjFjtTEu6M/2.
!
! Enable AAA
aaa new-model
!
! Add the Windows 2008 NAP Radius Server into a radius group
aaa group server radius rad_eap
server 172.23.4.50 auth-port 1812 acct-port 1813
!
! Define the AAA method list.
! - login is for authentication
aaa authentication login eap_methods group rad_eap
!
aaa session-id common
!
dot11 syslog
! Define all the dynamic VLANs
dot11 vlan-name Guest_Vlan vlan 5
dot11 vlan-name Mgmt_Vlan vlan 1
dot11 vlan-name Staff_Vlan vlan 200
dot11 vlan-name Student_Vlan vlan 100
!
! Define the SSID
dot11 ssid cisco_test
! Assign the SSID to a VLAN on the network
vlan 5
! Configure the authentication type
authentication open eap eap_methods
! Configure the wpa2 key management
29

authentication key-management wpa version 2

! Specify that the supplicant uses EAP-FAST
dot1x eap profile dot1x_eap_profile
! Include the SSID in the APs beacon
guest-mode
!
! EAP method profile for the 802.1x supplicant
dot11 network-map
eap profile dot1x_eap_profile
method fast
!
username Cisco password 7 1531021F0725
username admin password 7 020700560208
!
bridge irb
!
! Dot11 interface
interface Dot11Radio0
no ip address
no ip route-cache
!
! Set the encryption mode for all dynamic VLAN used
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 100 mode ciphers aes-ccm
!
encryption vlan 200 mode ciphers aes-ccm
!
encryption vlan 5 mode ciphers aes-ccm
!
! Add the SSID to the Dot11 interface
ssid cisco_test
!
! Set the role of the AP
station-role root access-point
!
! Dott11 sub-interface for VLAN 1
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
! Dott11 sub-interface for VLAN 5
interface Dot11Radio0.5
encapsulation dot1Q 5
no ip route-cache
30

no cdp enable
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
!
! Dott11 sub-interface for VLAN 100
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
! Dott11 sub-interface for VLAN 200
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
no cdp enable
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
!
! FastEthernet interface
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
! FastEthernet sub-interface for VLAN 1
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
! FastEthernet sub-interface for VLAN 5
interface FastEthernet0.5
encapsulation dot1Q 5
no ip route-cache
31

bridge-group 5
no bridge-group 5 source-learning
bridge-group 5 spanning-disabled
!
! FastEthernet sub-interface for VLAN 100
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
! FastEthernet sub-interface for VLAN 200
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
! BVI interface to manage the AP and for radius communication
interface BVI1
ip address 172.23.4.38 255.255.255.224
no ip route-cache
!
! Default gateway to the access switch
ip default-gateway 172.23.4.33
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
! Define the Windows NAP Radius server
ip radius source-interface BVI1
radius-server host 172.23.4.50 auth-port 1812 acct-port 1813
key 7 1513090F
bridge 1 route ip
!
line con 0
line vty 0 4
!
end
ap#

32

7.2 Verification of the Dynamic VLAN using the Cisco AP

7.2.1

Example results (Staff VLAN)

This was using the Cisco access point, HP remote access switch, Dynamic
VLAN, WPAv2 authentication and MacOs.
When connecting to the network, a user with a staff account was used to
authenticate with the Radius server. The radius server specified that the
vlan 200 should be used. The output below shows, that the user was
correctly assigned an IP address in VLAN 200 and that the WPAv2
authentication was used.
ap# sh dot11 associations all-client
Address
: 001f.5bc7.8576
IP Address
: 172.23.4.195
0
Device
: unknown
CCX Version
: NONE
State
:
SSID
:
VLAN
:
Hops to Infra
:
Clients Associated:
Tunnel Address
:
Key Mgmt type
:
Current Rate
:
ShortHdr ShortSlot
Supported Rates
:
48.0 54.0
Voice Rates
:
Signal Strength
:
Signal to Noise
:
Power-save
:
ago
Apsd DE AC(s)
:

EAP-Assoc
cisco_test
200
1
0
0.0.0.0
WPAv2
54.0

Packets Input
:
Bytes Input
:
Duplicates Rcvd
:
Decrypt Failed
:
MIC Failed
:
Packets Redirected:
Session timeout
:
Reauthenticate in :

164
19082
0
0
0
0
0 seconds
never

Name
Interface

: NONE
: Dot11Radio

Software Version : NONE

Client MFP
: Off
Parent

: self

Association Id
: 1
Repeaters associated: 0
Encryption
Capability

: AES-CCMP
: WMM

1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0
disabled
-36 dBm
57 dB
Off

Bandwidth
: 20 MHz
Connected for
: 49 seconds
Activity Timeout : 56 seconds
Last Activity
: 4 seconds

NONE
Packets Output
:
Bytes Output
:
Data Retries
:
RTS Retries
:
MIC Missing
:
Redirect Filtered:

20
2644
1
0
0
0

ap#

33

7.2.2

Example result 2 (Student VLAN:

This was using the Cisco access point, Maipu remote access switch,
Dynamic VLAN, WPAv2 authentication and Windows OS.
When connecting to the network, a user with a student account was used
to authenticate. The user was correctly assigned an IP address in VLAN
100.
ap# sh dot11 associations all-client
Address
: 001f.3cdb.d59c
IP Address
: 172.23.4.131
0
Device
: ccx-client
CCX Version
: 4
State
:
SSID
:
VLAN
:
Hops to Infra
:
Clients Associated:
Tunnel Address
:
Key Mgmt type
:
Current Rate
:
ShortHdr ShortSlot
Supported Rates
:
48.0 54.0
Voice Rates
:
Signal Strength
:
Signal to Noise
:
Power-save
:
ago
Apsd DE AC(s)
:

EAP-Assoc
cisco_test
100
1
0
0.0.0.0
WPAv2
48.0

Packets Input
:
Bytes Input
:
Duplicates Rcvd
:
Decrypt Failed
:
MIC Failed
:
Packets Redirected:
Session timeout
:
Reauthenticate in :

113
12667
0
0
0
0
0 seconds
never

Name
Interface

: ap
: Dot11Radio

Software Version : NONE

Client MFP
: Off
Parent

: self

Association Id
: 1
Repeaters associated: 0
Encryption
Capability

: AES-CCMP
: WMM

1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0
disabled
-36 dBm
58 dB
Off

Bandwidth
: 20 MHz
Connected for
: 15 seconds
Activity Timeout : 60 seconds
Last Activity
: 0 seconds

NONE
Packets Output
:
Bytes Output
:
Data Retries
:
RTS Retries
:
MIC Missing
:
Redirect Filtered:

22
2570
3
0
0
0

ap#

34

8 References
[1] Aruba Instant User Guide 6.1.3.4-3.1.0.0
[2] Cisco IOS Software Configuration Guide for Cisco Aironet Access Points,
12.4 (3g)JA & 12.3(8)JEB
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_3g_JA/configu
ration/guide/ios1243gjaconfigguide.html

35