wlan ssid-profile

Creates a WLAN SSID profile.

Allows you to define a set of modulation rates to use for the clients on the 5 GHz radio band.

Range: wmm-voice-share <share>

Default: 6, 12, 24

Configures the beacon rate for 802.11a (use for DAS only). Using this parameter in normal operation may cause connectivity problems.

Range: default, 6, 9, 12, 18,24,36,48,54 Mbps

Default: minimum valid rate

Configures the specify the maximum transmission rate for the 5 GHz band.

Range: 6,9,12,18,24,36,48,54 in Mbps

Default: 54

Configures the specify the minimum transmission rate for the 5 GHz band.

Range: 6,9,12,18,24,36,48,54 in Mbps

Default: 6

Allows you to configure specific transmission rate at which Instant AP can transmit data to the clients connected on 5 GHz band.

Range: 6,9,12,18,24,36,48,54 in Mbps

Default: All

This command configures a server for accounting purpose.

This command configures the 5GHz radio to which the SSID should be assigned.

The no allowed-5ghz-radio command removes the configuration.

Default: all

When enabled, the Instant AP broadcasts the AP Name information in the beacons frames and probe responses.

When enabled, the Instant AP broadcasts the AP Location Co-ordinate Information by unicast messages in FTM responder frames and by broadcast messages in beacons frames and probe responses.

FTM responder parameter, ftm-responder-enable, must be enabled before configuring advertise-location.

NOTE: Currently, APs do not have the capability to generate location information. However, the static location information can be configured for the AP statically using the CLI. Please contact Aruba Technical Support to configure the location information on your AP for LCI broadcast.

Configures an aggregate amount of airtime that all clients using this SSID can use for sending and receiving data.

Configures a delimiter and upper-case characters in a MAC Address string of authentication packet or the username and password of the client.

The delimiter and upper-case parameters in this command are available for all authentication methods. And without the mac-authentication-delimiter and mac-authentication-upper-case configuration, it works on the username and password for MAC Authentication.

Allows you to set a threshold for authentication requests for the SSID profile.

Configures an authentication server for the SSID users.

Enables the authentication survivability feature. The default value of the cache timeout period is 24 hours.

NOTE: The authentication survivability feature requires ClearPass Policy Manager 6.0.2 or later, and is applicable only when external servers such as RADIUS are configured for the SSID. When enabled, Instant authenticates the previously connected clients using EAP-PEAP authentication even when connectivity to ClearPass Policy Manager is temporarily lost. The Authentication survivability feature is not applicable when a RADIUS server is configured as an internal server.

Default: Disabled

Configures an aggregate amount of bandwidth that each radio is allowed to provide for the connected clients.

Range: 1–65535

Enables dynamic blacklisting / denylisting of clients.

Configures broadcast filtering parameters:

You can configure any of the following filtering parameters:

• All — When set to All, the Instant AP drops all broadcast and multicast frames except DHCP, ARP, igmp-group queries, and IPv6 neighbor discovery protocol.
• ARP — When set to ARP, the Instant AP drops all broadcast and multicast frames except ARP, DHCP, igmp-group queries, IPv6 neighbor discovery protocol, and additionally converts ARP frames to unicast.
• Unicast-ARP-Only — When set to Unicast-ARP-Only, the Instant AP allows all broadcast and multicast frames as it is, however the ARP requests are converted to unicast frames and sends them to the associated clients.
• Disabled — When set to Disabled, the Instant AP routes all the broadcast and multicast frames to the wireless interfaces.

Range: All, ARP, Unicast-ARP-Only, Disabled

Default: ARP

Configures the following called-station-id types:

• ap-group — The Virtual Controller name is used as the called-station-id.
• ap-name — The Instant AP hostname isused as the called-station-id.
• vlan-id — The VLAN ID of the client is used as the called-station-id.
• ipaddr — The IP address of the Instant AP is used as the called-station-id.
• macaddr — The MAC address of the Instant AP is used as the calling-station-id.
• include-ssid {delimiter <delimiter>} — The SSID is appeneded to the original called-station-id. You can optionally set a delimiter at the end.
  

Default: called-station-id {type <macaddr>}

Configures captive portal authentication for the SSID.

If the external captive profiles are created, you can specify the profile name by using the external and profile keywords and associated parameters.

You can also exclude an uplink type for the captive portal based SSID profiles. When an uplink type is selected for the exclude-uplink option, redirection to the captive portal based on the type of specified uplink is disabled.

Range: 3G, 4G, wifi, ethernet

Allows you to specify an IP address and port number that match the proxy configuration of your browser.

Advertizes the Cellular Data Capability (CDC) attribute of an MBO.

NOTE: CDC can only be enabled when MBO is enabled.

Routes all DNS requests for the non-corporate domains to the configured DNS on this network.

Default: Disabled

Deletes client entries from the PMK cache when the client is removed from the client list of an AP. Enabling this parameter deletes client entries in the PMK cache immediately after disconnection as opposed to 8 hours, the default ageout period of PMK cache entries.

Default: Disabled

Disables the bridging traffic between two clients connected to the same SSID on the same VLAN. When inter-user bridging is disabled, the clients can connect to the Internet, but cannot communicate with each other, and the bridging traffic between the clients is sent to the upstream device to make the forwarding decision.

Disables client-to-client communication in a network. When intra vlan traffic is disabled, the IAP only fowards client traffic to gateway and configured wired servers. All other traffic from the client is dropped.

Range: Disabled

Disables the local-routing optimization on the Instant AP. This setting is only applicable to clients who are not using the AP itself as their respective default gateway. When local routing is disabled, the AP will not attempt to directly forward traffic between two clients on the same AP but on different VLANs. Instead, the traffic between such clients will have to follow the normal routing path and will be first sent to their respective default gateways, which will make the final forwarding decision.

Disables the broadcast of the SSID in the 6 GHz band when mesh is configured on the 6 GHz band.

Instant APs support up to four 6 GHz networks at any time. When mesh is enabled on the 6 GHz band, one 6 GHz network is allocated for mesh functions and only three 6 GHz networks can be configured. Enable this parameter on the SSID in which you want to disable the 6 GHz band when mesh is configured on the 6 GHz band.

Disables the SSID. By default all SSIDs are enabled.

Sets a threshold for DMO channel utilization. Instant AP sends multicast traffic over the wireless link.

Range: 1–100 percentage value

Default: 90

Enables 802.11k roaming on the SSID profile.

The 802.11k protocol enables Instant APs and clients to dynamically measure the available radio resources.

When 802.11k is enabled, Instant APs and clients send neighbor reports, beacon reports, and link measurement reports to each other.

Configures a dot11k-profile to the WLAN SSID 

Enables 802.11r on the SSID profile.

802.11r or fast BSS FT is an IEEE standard that permits continuous connectivity across wireless devices during client mobility. Fast BSS Transition mechanism minimizes the delay in roaming when a client transitions from one BSS to another within the same cluster.

Fast BSS Transition is operational only if the wireless client supports 802.11r standard. If the client does support 802.11r standard, it falls back to normal WPA-2 authentication method.

Enables 802.11v based BSS transition.

Enables user role download from Policy Manager to the Instant AP

Sets timer options for 802.1X authentication at intervals, in seconds, between identity request retries.

Interval, in milliseconds, between each WPA key exchange.

Set the number of times WPA key messages are retried.

Configures the DTIM interval for the SSID profile.

The DTIM interval determines how often the Instant AP should deliver the buffered broadcast and multicast frames to associated clients in the powersaving mode.

When configured, the client checks for buffered data on the Instant AP at the specified number of beacons. You can also configure a higher value for DTIM interval for power saving.

Range: 1–10 beacons

Default: 1

Allows the Instant AP to convert multicast streams into unicast streams over the wireless link. Enabling DMO enhances the quality and reliability of streaming video, while preserving the bandwidth available to the non-video clients.

NOTE: When you enable DMO on multicast SSID profiles, ensure that the DMO feature is enabled on all SSIDs configured in the same VLAN.

Default: Disabled

Re-enables the deactivated SSIDs.

Default: Enabled

Blocks Instant AP traffic to the clients that do obtain IP address from DHCP.

Default: Disabled

Defines a variable for each Instant AP that identifies a WLAN network. The Instant AP takes this parameter from its per-AP-ssid specific configuration.

Configures an external RADIUS server for authentication.

Allows the Instant AP to send a deauthentication frame to the client and clear client entry.

Default: Disabled

Configures the base role assigned to Facebook Express Wi-Fi user connecting to the SSID. Configuring this parameter also enables Facebook Express Wi-Fi feature on the SSID.

NOTE: The Facebook Express Wi-Fi feature will no longer be supported after Instant Mode 8.10.0.0. For more information, read the official statement by Meta (formerly Facebook).

Enables the AP to send responses to Fine Time Measurement (FTM) queries sent from clients. This feature is supported on 500 Series and 600 Series access points.

Allows you to define a set of modulation rates to use for the clients on the 2.4 GHz radio band.

Range: 1,2,5,6,9,11,12,18,24,36,48,54 in Mbps

Default: 1, 2

Configures the beacon rate for 802.11g (use for DAS only). Using this parameter in normal operation may cause connectivity problems.

Range: default, 1,2,5, 6 9, 11, 12, 18, 24, 36, 48, 54 Mbps

Default: minimum valid rate.

Configures the specify the minimum transmission rate for the 2.4 GHz band.

Range: 1,2,5,6,9,11,12,18,24,36,48,54 in Mbps

Default: 1

Configures the specify the maximum transmission rate for the 2.4 GHz band.

Range: 1,2,5,6,9,11,12,18,24,36,48,54 in Mbps

Default: 54

Allows you to configure specific transmission rate at which the Instant AP can transmit data to the clients connected on 2.4 GHz band.

Range: 1,2,5,6,9,11,12,18,24,36,48,54 in Mbps

Default: All

Hides the SSID. When enabled, the SSID will not be visible for the users.

Default: Disabled

Enables the high effiency feature on 802.11ax devices

Default: Enabled

Disables the high effiency feature on 802.11ax devices

Enables the 802.11n high throughput functionality.

Default: Enabled

Disables the 802.11n high throughput functionality.

Enables the 802.11n high throughput functionality. This is an AirWave specific command.

Associates a hotspot profile with the WLAN SSID profile.

Configures a timeout value for the inactive client sessions.

When a client session is inactive for the specified duration, the session expires and the clients are required to log in again.

Range: 60–86400 seconds

Default: 1000

Assigns an index value for the SSID.

The r1 key timeout value in seconds for decrypt-tunnel or bridge mode.

Allows the clients to use 802.1X authentication when MAC authentication fails.

Default: Disabled

Allows the users to derive session keys for LEAP authentication.

Configure this command for old printers that use dynamic WEP and if you do not want use a session key from the RADIUS Server to derive pair wise unicast keys.

Default: Disabled

Configures a RSSI threshold value to limit the number of incoming probe requests.

When enabled, this command controls the system response to the broadcast probe requests sent by clients to search for the available SSIDs and ignores the probe request if required.

Range: 0–100 dB

Binds the MBSSID group profile to the SSID profile which name is specified by <profile name>.

Unbinds the MBSSID group profile to the SSID profile which name is specified by <profile name>.

Enables MAC authentication for clients that use this SSID profile.

Default: Disabled

Allows you to set a delimiter that can be used in the MAC address string for MAC authentication.

You can specify colon or dash for delimiter. If the delimiter is not specified, the MAC address in the xxxxxxxxxxxx format is used. If you specify colon for the delimiter, the MAC addresses in the xx:xx:xx:xx:xx:x

Range: colon or dash format are used.

Enables the Instant AP to use uppercase letters in MAC address string for MAC authentication.

Configures the maximum number of authentication failures to dynamically blacklist / denylist the users.

The users who exceed the number of authentication failures configured through this command are dynamically blacklisted.

Specifies the maximum number of clients that can be configured for each BSSID on a WLAN.

Range: 0-1023

Default: 1023

NOTE: Specify 1023 to set the threshold to maximum number of clients. When this parameter is configured the value is applicable to every Instant AP in a cluster.

Denotes the maximum number of retries the Instant AP attempts when the client is not responding to the 802.11 frames.

Range: 1–128

Default: 8

Configures the maximum number of wired IPv4 users that can connect to the wireless client bridge.

Range: 1-32

Default: 1

Enables the Agile Multiband Operations (MBO). Enables the mfp-capable, 802.11k and 802.11u-interworking implicitly on the AP.

Denotes the mobility domain identifier. An Instant AP uses this parameter to announce that it is a part of the Instant AP group that constitutes a mobility domain.

Range: 1–65535

Default: Disabled

When enabled, the SSID supports Management Frame Protection capable clients and non-MFP clients.

Default: Disabled

When enabled, the SSID supports only the clients that exhibt the MFP functionality.

Default: Disabled

Increases the video transmission rate of the Instant AP. The Instant APs can select the rate for video multicast frames. Ensure that you tag the multicast traffic with video priority. You can configure MCS rates as well. MCS is an important setting because it provides a greater throughput. The following information displays the MCS rate of the Instant AP:

MCS Streams 20 MHz 20 MHz SGI--- ------- ------ ----------

0 1 6.5 7.21 1 13.0 14.42 1 19.5 21.73 1 26.0 28.94 1 39.0 43.35 1 52.0 57.86 1 58.5 65.07 1 65.0 72.28 2 13.0 14.49 2 26.0 28.9

10 2 39.0 43.311 2 52.0 57.812 2 78.0 86.713 2 104.0 115.614 2 117.0 130.015 2 130.0 144.4

The MCS rates for video multicast are supported in all the 802.11n-capable Instant APs, and in the 200 Series access points which are 802.11ac-capable.

NOTE: This parameter is not supported on 300 Series access points.

Range: default, 6, 9, 12, 18, 24, 36, 48, 54 Mbps, mcs0-mcs15

Default: default

Allows the Instant AP to select the optimal rate for sending broadcast and multicast frames based on the lowest of unicast rates across all associated clients.

When enabled, the multicast traffic can be sent at the rate of 1-24 Mbps. The default rate for sending frames for 2.4 GHz is 1 Mbps and 5 GHz is 6 Mbps.

Default: Disabled

Disables MPDU aggregation.

Removes the parameters configured under the wlan ssid-profile command.

Enables OKC.

In the OKC based roaming, the Instant AP stores one PMK per client, which is derived from last 802.1X authentication completed by the client in the network. The cached PMK is used when a client roams to a new Instant AP to allow faster roaming of clients.

NOTE: If the wireless client (the 802.1X supplicant) does not support this feature, a complete 802.1X authentication is required whenever it roams to a new Instant AP. OKC is supported on WPA-2-AES Enterprise network only. Starting from Instant Mode 8.11.0.0, OKC is supported on WPA3-Enterprise networks.

Default: Disabled

Configures OpenFlow to an Instant AP.

Configures the layer-2 authentication encryption for the SSID. Define the encryption method to secure access and ensure the privacy of the data transmitted to and from the network.

You can configure any of the following types of encryption:

• opensystem—No authentication and encryption.
• wpa2-aes—WPA-2 with AES encryption and dynamic keys using 802.1X.
• wpa2-psk-aes—WPA-2 with AES encryption using a preshared key.
• wpa-tkip—WPA with TKIP encryption and dynamic keys using 802.1X.
• wpa-psk-tkip—WPA with TKIP encryption using a PSK.
• wpa-tkip, wpa2-aes—WPA with TKIP and WPA-2 with AES encryption.
• wpa-psk-tkip,wpa2-psk-aes - WPS with TKIP and WPA-2 with AES encryption using a PSK.
• static-wep—WEP with static keys.
• dynamic-wep—WEP with dynamic keys.
• mpsk-aes—Multiple PSK for SSID with AES encryption.
• enhanced-open—Improved data encryption in open Wi-Fi networks and protects data from sniffing. Enhanced open replaces open system as the default opmode.
• wpa3-sae-aes—WPA3 with AES encryption using Simultaneous Authentication of Equals.
• wpa3-aes-ccm-128—WPA3 with AES CCM-128 encryption and dynamic keys using 802.1X.
• wpa3-cnsa—WPA3 with AES GCM-256 encryption using CNSA (192 bit).
• wpa3-aes-gcm-256—WPA3 with AES GCM-256 encryption.

NOTE: Wi-Fi 6E networks only support enhanced-open, wpa3-sae-aes, wpa3-aes-ccm-128, wpa3-cnsa, and wpa3-aes-gcm-256 encryption types.

Range: opensystem|wpa2-aes|wpa2-psk-aes|wpa-tkip|wpa-psk-tkip|wpa-tkip,wpa2-aes|wpa-psk-tkip,wpa2-psk-aes|static-wep|dynamic-wep|mpsk-aes|enhanced-open|wpa3-sae-aes|wpa3-aes-ccm-128|wpa3-cnsa|wpa3-aes-gcm-256

Default: opensystem

Enables backward compatibility for enhanced-open and wpa3-sae-aes opmodes

Default: Enabled

Disables opmode transition for enhanced-open or wpa3-sae-aes opmodes

Enables or disables the SSID based on any of the out of service states of the Instant AP:

• VPN down
• Uplink down
• Internet down
• Primary uplink down

The network will be out of service when selected event occurs and the SSID is enabled or disabled as per the configuration settings applied. For example, if you select the VPN down option from the dropdown and set the status to enabled, the SSID is enabled when the VPN connection is down and is disabled when the VPN connection is restored.

Range: For out-of-service states,any of the following values are allowed: vpn-down, uplink-down, internet-down, primary-uplink-down

For SSID status, select enable or disable.

Configures a bandwidth limit in Kbps for the SSID users.

NOTE: The bandwidth contracts can also be applied per SSID user.

Range: 1–65535 Kbps

Authenticates clients using the local cache maintained for authentication survivability before sending out an authentication request to the RADIUS server. This feature is only supported for clients authenticated using MAC and 802.1X authentication.

NOTE: This feature is available only when authentication survivability feature is enabled.

Range: Disabled

Enables QBSS load IE.

Enables accounting for the RADIUS server authentication.

When enabled, the Instant APs post accounting information to the Radius server at the specified accounting interval.

Configures an accounting mode for the captive portal users.

You can configure any of the following modes for accounting:

• user-authentication—when configured, the accounting starts only after client authentication is successful and stops when the client logs out of the network.
• user-association—When configured, the accounting starts when the client associates to the network successfully and stops when the client is disconnected.

Default: user-authentication

Configures an interval for posting accounting information as RADIUS INTERIM accounting records to the RADIUS server. The <seconds> definition is optional.

When configured, the Instant AP sends interim-update messages with current user statistics to the RADIUS server at regular intervals.

Range: 0–60

Allows you to configure an interval after which the Instant APs can redo the RADIUS transaction to reauthenticate clients.

If the reauthentication interval is configured:

• On an SSID performing L2 authentication (MAC or 802.1X authentication): When reauthentication fails, the clients are disconnected. If the SSID is performing only MAC authentication and has a pre-authentication role assigned to the client, the client will get a post-authentication role only after a successful reauthentication. If reauthentication fails, the client retains the pre-authentication role.
• On an SSID performing both L2 and L3 authentication (MAC with captive portal authentication): When reauthentication succeeds, the client retains the role that is already assigned. If reauthentication fails, a pre-authentication role is assigned to the client.
• On an SSID performing only L3 authentication (captive portal authentication): When reauthentication succeeds, a pre-authentication role is assigned to the client that is in a post-authentication role. Due to this, the clients are required to go through captive portal to regain access.

Range: Any integer value in minutes

Configures the radio frequency band on which this SSID will be broadcast. You can select one of the following options:

• none — disables the SSID in both 2.4 GHz and 5 GHz bands.
• 2.4 GHz — the SSID is broadcast in the 2.4 GHz band.
• 5 GHz — the SSID is broadcast in the 5 GHz band.
• all — the SSID is broadcast in both the 5 GHz and 2.4 GHz bands.

Range: 2.4 GHz, 5 GHz, all, none

Broadcasts the SSID in the 6 GHz radio band. This option is disabled by default. You must enable this to start broadcasting the network in the 6 GHz radio band. The corresponding no command stops the broadcast of the network in the 6 GHz band. This option is only available in Wi-Fi 6E capable APs.

To configure an SSID to operate only in the 6 GHz band, enable rf-band-6ghz and set the rf-band parameter to none.

Configures a radio resource management IE profile to define the information elements advertised by an Instant AP.

Configures a threshold to trigger the RTS or CTS handshake.

The RTS or CTS mechanism allows devices to reserve the RF medium and minimizes frame collisions introduced by the hidden stations. When RTS is enabled, a higher number of retransmissions occurring on the WLAN trigger the RTS or CTS handshake and the transmitter station sends an RTS frame to the receiver station. The receiver station responds with a CTS frame. Typically, the RTS or CTS frames are not sent, unless the packet size exceeds the RTS threshold. By default, the RTS threshold is set to 2333 octets. When the size of the packets sent by the transmitter exceeds the configured threshold, RTS frames are sent.

Range: 0–2347

Default: 2333

When this parameter is disabled, Instant APs reject A-MPDU based aggregations in the Add Block Acknowledgement response frames.

This parameter can be configured on 300 Series Instant APs.

Default: Enabled

Enables load balancing across two RADIUS servers if two authentication servers are configured for the SSID.

Range: Enabled

Assigns a user role to the clients. The first rule that matches the configured condition is applied.

You can set any of the following conditions:

• contains—The rule is applied only if the attribute value contains the specified string.
• ends-with—The rule is applied only if the attribute value ends with the specified string.
• equals—The rule is applied only if the attribute value is equal to the specified string.
• not-equals—The rule is applied only if the attribute value is not equal to the specified string.
• starts-with—The rule is applied only if the attribute value begins with the specified string.
• value-of - This rule sets the user role to the value of the attribute returned. To set a user role, the value of the attribute must already be configured on the Instant AP.
• matches-regular-expression—The rule is applied only if the attribute value matches the regular expression pattern specified in Operand. This operator is available only if the mac-address-and-dhcp-options attribute is selected in the Attribute drop-down.

Configures a user role based on the type of SSID configured.

Configures a MAC authentication based user role.

Configures a machine authentication rule.

You can assign different rights to clients based on whether their hardware device supports machine authentication.

Machine authentication is only supported on Windows devices, so this can be used to distinguish between Windows devices and other devices such as iPads.

Configures a pre-authentication role to allow some access to the guest users before the client authentication.

Configures unrestricted access control.

Assigns a VLAN to the clients. The first rule that matches the configured condition is applied.

You can specify any of the following conditions:

• contains—The rule is applied only if the attribute value contains the specified string.
• ends-with—The rule is applied only if the attribute value ends with the specified string.
• equals—The rule is applied only if the attribute value is equal to the specified string.
• not-equals—The rule is applied only if the attribute value is not equal to the specified string.
• starts-with—The rule is applied only if the attribute value begins with the specified string.
• value-of - This rule sets the VLAN to the value of the attribute returned. To set a user role, the value of the attribute must already be configured on the Instant AP.
• matches-regular-expression—The rule is applied only if the attribute value matches the regular expression pattern specified in Operand. This operator is available only if the mac-address-and-dhcp-options attribute is selected in the Attribute drop-down.

Disables the transmission and reception of short preamble frames for the clients connected to an SSID.

By default, short preamble is enabled.

Enables Strict SVP and prioritizes voice traffic for SVP handsets.

Allows you to define a set of MCS rates for HT channels.

Range: 0–23

Shows if the temporal diversity feature has been enabled or disabled. When this feature is enabled and the client is not responding to 802.11 packets, the Instant AP attempts two hardware retries. If the hardware retries are not successful, it attempts software retries. When this feature is disabled, the Instant AP attempts only hardware retries.

Range: enable, disable

Default: disable

Allows the Instant APs to prioritize time-sensitive traffic such as voice traffic initiated by the client.

Reserves the configured bandwidth for prioritizing voice traffic when TSPEC is enabled.

Range: 200–600000 Kbps

Default: 2000 Kbps

Configures the EAP portion of 802.1X authentication on the Instant AP, instead of the RADIUS server.

When enabled, this command reduces network traffic to the external RADIUS server by terminating the authorization protocol on the Instant AP. By default, for 802.1X authorization, the client conducts an EAP exchange with the RADIUS server, and the Instant AP acts as a relay for this exchange. The Instant AP by itself acts as an authentication server and terminates the outer layers of the EAP protocol, only relaying the innermost layer to the external RADIUS server.

Range: Disabled

Specify the time range profile name to apply.

• When a time range profile is enabled on SSID, the SSID is made available to the users for the configured time range. For example, if the specified time range is 12:00 to 13:00, the SSID becomes available only between 12 PM to 1 PM on a given day.
• If a time range is disabled, the SSID becomes unavailable for the configured time range. For example, if configured time-range is 14:00 to 17:00, the SSID is made unavailable from 2 PM to 5 PM on a given day.

Configures the type of network such as employee, voice, guest network.

The IP address of the client will be used as the calling-station-id.

Encodes the SSID. When enabled, the SSID name is displayed in the UTF-8 format.

SSIDs are not encoded by default.

Configures a VLAN name or VLAN ID in the SSID profile.

Disables VHT for clients connecting the WLAN SSID profile.

Disables MU-MIMO. The MU-MIMO feature allows the 802.11ac Wave 2 Instant APs to send multiple frames to multiple clients simultaneously over the same frequency spectrum. With MU-MIMO, APs can support simultaneous directional RF links and up to four simultaneous full-rate Wi-Fi connections (For example, smart phone, tablet, laptop, multimedia player or other client device). The MU-MIMO feature is enabled by default on WLAN SSIDs.

Allows you to define a combination of VHT MCS and spatial streams as a VHT MCS rate set.

Range: -, 7, 8, 9

Default: 9 for each spatial stream

Disables VHT TX beamforming on the 200 Series Series access points.

This feature is available only on the 200 Series access points.

Allows you to assign a unique VLAN ID or a VLAN name to a specified SSID user. The Instant AP takes this parameter from its per AP vlan specific configuration.

Default: 1–4095

Static WEP key associated with the key index. The WEP key values can be 10 or 26 hexadecimal characters in length.

Enables WISPr authentication for the SSID profile.

Allows you to specify the DSCP mapping value for the background traffic.

Range: 0–63

Allocates bandwidth for background traffic such as file downloads or print jobs.

Allows you to specify the DSCP mapping value for the best effort traffic.

Range: 0–63

Allocates bandwidth or best effort traffic such as traffic from legacy devices or traffic from applications or devices that do not support QoS.

Disables UAPSD on all WMM ACs.

By default, UAPSD or WMM power save is enabled.

Allows you to specify the DSCP mapping value for the video traffic.

Range: 0–63

Allocates bandwidth for video traffic generated from video streaming.

Allows you to specify the DSCP mapping value for the voice traffic.

Range: 0–63

Allocates bandwidth for voice traffic generated from the incoming and outgoing voice communication.

Allows the SSID to be used without an uplink connection.

NOTE: In Instant 6.4.4.4-4.2.3.0 release, the work-without-uplink is not operational. To configure SSID availability based on the uplink connection status, use the out-of-service parameter.

Defines a WPA passphrase with which you can generate a PSK.

Specify the zone names for the SSID profile. When the zone is defined in SSID profile and if the same zone is defined on anInstant AP, the SSID is created on that Instant AP. Enter multiple zone name as comma-separated values.