Open Enhanced setting on Aruba AP505/Instant OS 8.7.0.0

Aruba AP505/Instant OS 8.7.0.0 を用いた Open Enhanced 設定を紹介します。

  • Basic 設定

f:id:bin4:20200705184252j:plain

従来の Open モードの場合は、Primary usage に Guest を選択するが、下記の User Guide を見る限り、デフォルトの Employee を選択するようです。
https://www.arubanetworks.com/techdocs/Instant_87_WebHelp/Content/instant-ug/authentication/enhanced-open.htm

  • VLAN 設定

f:id:bin4:20200705184300j:plain

  • Security 設定

f:id:bin4:20200705184310j:plain

Security Level に Open を選択し、Enhanced Open が有効になっていることを確認する。

f:id:bin4:20200705184321j:plain


AP505# show running-config

wlan access-rule bin4-enhanced-open-trans
 index 3
 rule any any match any any any permit

wlan ssid-profile bin4-enhanced-open-trans
 enable
 index 1
 type employee
 essid bin4-enhanced-open-trans
 opmode enhanced-open
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter arp
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64


また、Open Enhanced も opmode-transition コマンドがデフォルトで有効で、Open 用の SSID: bin4-enhanced-open-trans と Enhanced Open 用の SSID: _owetm_bin4-enhanced-1803478119 の2つの VAP が生成されます。そのため、VAP 数の制限が最大16個であれば、8個しか生成できないということになり、注意が必要です。

AP505# show ap bss-table

Aruba AP BSS Table
------------------
bss                ess                              port  ip              phy   type  ch/EIRP/max-EIRP  cur-cl  ap name  in-t(s)  tot-t    flags
---                ---                              ----  --              ---   ----  ----------------  ------  -------  -------  -----    -----
b8:3a:5a:8b:36:d0  bin4-enhanced-open-trans         ?/?   192.168.215.13  a-HE  ap    140/18.0/29.7     0       AP505    0        2m:9s  oT
b8:3a:5a:8b:36:d1  _owetm_bin4-enhanced-1803478119  ?/?   192.168.215.13  a-HE  ap    140/18.0/29.7     0       AP505    0        2m:8s  WOT
b8:3a:5a:8b:36:c0  bin4-enhanced-open-trans         ?/?   192.168.215.13  g-HE  ap    11/9.0/28.0       0       AP505    0        2m:9s  oT
b8:3a:5a:8b:36:c1  _owetm_bin4-enhanced-1803478119  ?/?   192.168.215.13  g-HE  ap    11/9.0/28.0       0       AP505    0        2m:8s  WOT

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:4
Num Associations:1

Flags:       K = 802.11K Enabled; W = 802.11W Enabled; r = 802.11r Enabled; 3 = WPA3 BSS; O = Enhanced-open BSS with transition mode; o = Enhanced-open transition mode open BSS; M = WPA3-SAE mixed mode BSS; E = Enhanced-open BSS without transition mode; m = Agile Multiband (MBO) BSS; c = MBO Cellular Data Capable BSS; I = Imminent VAP Down; T = Individual TWT Enabled; t = Broadcast TWT Enabled; d = Deferred Delete Pending; a = Airslice policy; A = Airslice app monitoring; D = VLAN Discovered;
AP505#




[English Version]

I introduce Open Enhanced configuration using Aruba AP505/Instant OS 8.7.0.0.

  • Basic configuration

f:id:bin4:20200705184252j:plain

We usually select Guest as Primary usage, but for enhanced open, we need to select Employee with reference to User Guide.
https://www.arubanetworks.com/techdocs/Instant_87_WebHelp/Content/instant-ug/authentication/enhanced-open.htm

  • VLAN configuration

f:id:bin4:20200705184300j:plain

  • Security configuration

f:id:bin4:20200705184310j:plain

Select Open as Security Level and confirm Enhanced Open is enabled.

f:id:bin4:20200705184321j:plain


AP505# show running-config

wlan access-rule bin4-enhanced-open-trans
 index 3
 rule any any match any any any permit

wlan ssid-profile bin4-enhanced-open-trans
 enable
 index 1
 type employee
 essid bin4-enhanced-open-trans
 opmode enhanced-open
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter arp
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64


opmode-transition is enabled by default. 2 VAPs are generated. SSID: bin4-enhanced-open-trans is for Open. SSID: _owetm_bin4-enhanced-1803478119 is for Enhanced open. Please note Enhanced open with opmode-transition consumes 2 VAPs, so if AP supports up to 16 VAPs, then we can create 8 Enhanced open ssids.

AP505# show ap bss-table

Aruba AP BSS Table
------------------
bss                ess                              port  ip              phy   type  ch/EIRP/max-EIRP  cur-cl  ap name  in-t(s)  tot-t    flags
---                ---                              ----  --              ---   ----  ----------------  ------  -------  -------  -----    -----
b8:3a:5a:8b:36:d0  bin4-enhanced-open-trans         ?/?   192.168.215.13  a-HE  ap    140/18.0/29.7     0       AP505    0        2m:9s  oT
b8:3a:5a:8b:36:d1  _owetm_bin4-enhanced-1803478119  ?/?   192.168.215.13  a-HE  ap    140/18.0/29.7     0       AP505    0        2m:8s  WOT
b8:3a:5a:8b:36:c0  bin4-enhanced-open-trans         ?/?   192.168.215.13  g-HE  ap    11/9.0/28.0       0       AP505    0        2m:9s  oT
b8:3a:5a:8b:36:c1  _owetm_bin4-enhanced-1803478119  ?/?   192.168.215.13  g-HE  ap    11/9.0/28.0       0       AP505    0        2m:8s  WOT

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:4
Num Associations:1

Flags:       K = 802.11K Enabled; W = 802.11W Enabled; r = 802.11r Enabled; 3 = WPA3 BSS; O = Enhanced-open BSS with transition mode; o = Enhanced-open transition mode open BSS; M = WPA3-SAE mixed mode BSS; E = Enhanced-open BSS without transition mode; m = Agile Multiband (MBO) BSS; c = MBO Cellular Data Capable BSS; I = Imminent VAP Down; T = Individual TWT Enabled; t = Broadcast TWT Enabled; d = Deferred Delete Pending; a = Airslice policy; A = Airslice app monitoring; D = VLAN Discovered;
AP505#