Open Enhanced setting on Aruba AP505/Instant OS 8.7.0.0
Aruba AP505/Instant OS 8.7.0.0 を用いた Open Enhanced 設定を紹介します。
- Basic 設定
従来の Open モードの場合は、Primary usage に Guest を選択するが、下記の User Guide を見る限り、デフォルトの Employee を選択するようです。
https://www.arubanetworks.com/techdocs/Instant_87_WebHelp/Content/instant-ug/authentication/enhanced-open.htm
- VLAN 設定
- Security 設定
Security Level に Open を選択し、Enhanced Open が有効になっていることを確認する。
- Access 設定
AP505# show running-config wlan access-rule bin4-enhanced-open-trans index 3 rule any any match any any any permit wlan ssid-profile bin4-enhanced-open-trans enable index 1 type employee essid bin4-enhanced-open-trans opmode enhanced-open max-authentication-failures 0 rf-band all captive-portal disable dtim-period 1 broadcast-filter arp dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64
また、Open Enhanced も opmode-transition コマンドがデフォルトで有効で、Open 用の SSID: bin4-enhanced-open-trans と Enhanced Open 用の SSID: _owetm_bin4-enhanced-1803478119 の2つの VAP が生成されます。そのため、VAP 数の制限が最大16個であれば、8個しか生成できないということになり、注意が必要です。
AP505# show ap bss-table Aruba AP BSS Table ------------------ bss ess port ip phy type ch/EIRP/max-EIRP cur-cl ap name in-t(s) tot-t flags --- --- ---- -- --- ---- ---------------- ------ ------- ------- ----- ----- b8:3a:5a:8b:36:d0 bin4-enhanced-open-trans ?/? 192.168.215.13 a-HE ap 140/18.0/29.7 0 AP505 0 2m:9s oT b8:3a:5a:8b:36:d1 _owetm_bin4-enhanced-1803478119 ?/? 192.168.215.13 a-HE ap 140/18.0/29.7 0 AP505 0 2m:8s WOT b8:3a:5a:8b:36:c0 bin4-enhanced-open-trans ?/? 192.168.215.13 g-HE ap 11/9.0/28.0 0 AP505 0 2m:9s oT b8:3a:5a:8b:36:c1 _owetm_bin4-enhanced-1803478119 ?/? 192.168.215.13 g-HE ap 11/9.0/28.0 0 AP505 0 2m:8s WOT Channel followed by "*" indicates channel selected due to unsupported configured channel. "Spectrum" followed by "^" indicates Local Spectrum Override in effect. Num APs:4 Num Associations:1 Flags: K = 802.11K Enabled; W = 802.11W Enabled; r = 802.11r Enabled; 3 = WPA3 BSS; O = Enhanced-open BSS with transition mode; o = Enhanced-open transition mode open BSS; M = WPA3-SAE mixed mode BSS; E = Enhanced-open BSS without transition mode; m = Agile Multiband (MBO) BSS; c = MBO Cellular Data Capable BSS; I = Imminent VAP Down; T = Individual TWT Enabled; t = Broadcast TWT Enabled; d = Deferred Delete Pending; a = Airslice policy; A = Airslice app monitoring; D = VLAN Discovered; AP505#
[English Version]
I introduce Open Enhanced configuration using Aruba AP505/Instant OS 8.7.0.0.
- Basic configuration
We usually select Guest as Primary usage, but for enhanced open, we need to select Employee with reference to User Guide.
https://www.arubanetworks.com/techdocs/Instant_87_WebHelp/Content/instant-ug/authentication/enhanced-open.htm
- VLAN configuration
- Security configuration
Select Open as Security Level and confirm Enhanced Open is enabled.
- Access configuration
AP505# show running-config wlan access-rule bin4-enhanced-open-trans index 3 rule any any match any any any permit wlan ssid-profile bin4-enhanced-open-trans enable index 1 type employee essid bin4-enhanced-open-trans opmode enhanced-open max-authentication-failures 0 rf-band all captive-portal disable dtim-period 1 broadcast-filter arp dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64
opmode-transition is enabled by default. 2 VAPs are generated. SSID: bin4-enhanced-open-trans is for Open. SSID: _owetm_bin4-enhanced-1803478119 is for Enhanced open. Please note Enhanced open with opmode-transition consumes 2 VAPs, so if AP supports up to 16 VAPs, then we can create 8 Enhanced open ssids.
AP505# show ap bss-table Aruba AP BSS Table ------------------ bss ess port ip phy type ch/EIRP/max-EIRP cur-cl ap name in-t(s) tot-t flags --- --- ---- -- --- ---- ---------------- ------ ------- ------- ----- ----- b8:3a:5a:8b:36:d0 bin4-enhanced-open-trans ?/? 192.168.215.13 a-HE ap 140/18.0/29.7 0 AP505 0 2m:9s oT b8:3a:5a:8b:36:d1 _owetm_bin4-enhanced-1803478119 ?/? 192.168.215.13 a-HE ap 140/18.0/29.7 0 AP505 0 2m:8s WOT b8:3a:5a:8b:36:c0 bin4-enhanced-open-trans ?/? 192.168.215.13 g-HE ap 11/9.0/28.0 0 AP505 0 2m:9s oT b8:3a:5a:8b:36:c1 _owetm_bin4-enhanced-1803478119 ?/? 192.168.215.13 g-HE ap 11/9.0/28.0 0 AP505 0 2m:8s WOT Channel followed by "*" indicates channel selected due to unsupported configured channel. "Spectrum" followed by "^" indicates Local Spectrum Override in effect. Num APs:4 Num Associations:1 Flags: K = 802.11K Enabled; W = 802.11W Enabled; r = 802.11r Enabled; 3 = WPA3 BSS; O = Enhanced-open BSS with transition mode; o = Enhanced-open transition mode open BSS; M = WPA3-SAE mixed mode BSS; E = Enhanced-open BSS without transition mode; m = Agile Multiband (MBO) BSS; c = MBO Cellular Data Capable BSS; I = Imminent VAP Down; T = Individual TWT Enabled; t = Broadcast TWT Enabled; d = Deferred Delete Pending; a = Airslice policy; A = Airslice app monitoring; D = VLAN Discovered; AP505#