changea set ting on one tab then click and display the other tab without saving your configuration, that setting will

revertt o its previous value.

Parameter Description
BasicConfiguration S ettings
Virtual AP enable Selectthe V irtual AP enable checkbox to enable or disable the virtual AP.
VLAN TheVLAN(s) into which users are placed in order to obtain an IP address. Click the drop-down
listto select a configured VLAN, the click the arrow button to associate thatV LANwi ththe
virtualAP profile.
Forwardm ode Thisparam etercontrols whether data is tunneled to the controller using generic routing
encapsulation(GRE), bridged i ntothe local EthernetLAN (for remote APs), or a combination
thereofdepending on the destination (corporate traffic goes tothe controller, andInternet
accessremains l ocal). All forwarding modes support band steering, TSPEC/TCLAS
enforcement,802.11k and station blacklisting.
Click the drop-down list to selectone of the followi ng forward modes:
lTunnel: The AP handles all 802.11 association requests and responses, but sendsal l 802.11
datapackets, action frames and EAPOL frames over a GRE tunnel tothe controller for
processing.The controllerrem ovesor addsthe GRE headers, decrypts or encrypts 802.11
framesand appli esfirew all rules to the usertraffic as usual. Both remote and campus APs
canbe configured i n tunnel mode.
lBridge: 802.11frames are bridged into the local Ethernet LAN. When a remote AP or
campusAP i si n bridge mode, the AP (and not thecontroll er)handl esal l 802.11association
requestsand responses, encryption/decryption processes,and firewal l enforcement. The
802.11eand 802.11kaction frames are also processed by the AP, which then sends out
responsesas needed.
AnAP in bri dge mode does notsupport captive portal authentication. Both remote and
campusAPs can be configured in bri dge mode. Note thatyou must enable the control plane
securityfeature on the controller before you configure campus APs in bridge mode.
lSplit-Tunnel: 802.11frames are either tunneled or bridged, dependi ng on thedestination
(corporatetraffic goes to the controller, and Internet accessremai nsl ocal).
Aremote AP in spli t-tunnelforwardi ng mode handles all 802.11association requests and
responses,encryption/decryption, and firewall enforcement. the 802.11e and 802.11kaction
framesare also processed by the remote AP, which then sends out responsesas needed.
lDecrypt-Tunnel:Both remote and campus APs can be configured in decrypt-tunnel mode.
Whenan APuses decrypt-tunnel forwarding m ode, that AP decryptsand decapsulatesall
802.11frames from a client and sends the 802.3frames through the GRE tunnel to the
controller, which then applies firewall polici esto the user traffic.
Whenthe controll er sendstraffic to a client, the controller sends 802.3 trafficthrough the
GREtunnel to the AP, which then converts it to encrypted 802.11and forwards to the client.
Thisforwardi ng mode allows a network to utilize the encryption/decryption capacityof the
APwhi le reducing the demand for processing resourceson the controller.
APsin decrypt-tunnel forwarding mode al som anage all 802.11association requests and
responses,and process all 802.11e and 802.11kaction frames. APs using decrypt-tunnel
mode do havesome l imitations thatnot present for APs in regular tunnel forwarding mode.
Youm ustenable the control plane security feature on the controller before you configure
campusAPs in decrypt-tunnel forward mode.
NOTE:Vi rtual APs in bridge or split-tunnel mode using static WEP should use key slots2-4 on
thecontroller. Keyslot 1 should only be used with Virtual APs in tunnel m ode.
Allowed band The band(s) on which to use the virtual AP:
la—802.11aband only (5 GHz).
lg—802.11b/gband only (2.4 GHz).
lall—both802.11a and 802.11b/gbands (5 GHz and 2.4 GHz). Thi s is the default setting.
Table88 :

VirtualAP Profile Parameters

DellPowerConnect W- Series ArubaOS 6.2 | UserGuide VirtualAPs |321