Creating a WLAN Configuration

Complete the following steps to create a WLAN configuration.

  1. In the Wireless LANs page, from the System tree hierarchy, select the Zone where you want to create a WLAN.
    Figure 106  Wireless LANs

  2. Click Create and the Create WLAN Configuration page is displayed.
    Figure 107  Create WLAN Configuration

  3. Set the required configurations as explained in the following table.
    Table 24 WLAN Configurations
    Field Description Your Action
    General Options
    Name Indicates the user-friendly administrative name for the WLAN. Enter a name.
    SSID Indicates the SSID for the WLAN. Enter the SSID.
    Description Indicates a user-friendly description of the WLAN settings or function. Enter a short description.
    Zone Indicates the zone to which the WLAN belongs. Select the zone to which the WLAN settings apply.
    WLAN Group Indicates the WLAN groups to which the WLAN applies. Select the WLAN groups.
    Authentication Options
    Authentication Type Defines the type of authentication flow for the WLAN.
    NOTE
    Authentication types such as WeChat, Web Authentication, and Guest Access are not supported by APs in IPv6 mode.
    Select the required option:
    • Standard Usage—This is a regular WLAN suitable for most wireless networks.
    • Hotspot (WISPr)—Click this option if want to use a hotspot service (use this type for external captive portal workflows) or WISPr.
      NOTE
      Hotspot (WISPr) applies to WLAN traffic that is tunneled and not tunneled.
    • Guest Access—Click this option if you want guest users to use this WLAN. After you complete creating this WLAN for guest access, you can start generating guest passes.

      For more information about Hotspot 2.0 online signup, see the Hotspot 2.0 Reference Guide for this release.

    • Web Authentication—Click this option if you want to require all WLAN users to complete a web-based logon to this network every time they attempt to connect.
    • Hotspot 2.0 Access—Click this option if you want a Hotspot 2.0 operator profile that you previously created to use this WLAN. See the Hotspot 2.0 Reference Guide for this release.
    • Hotspot 2.0 Onboarding—Click this option if you want to use this WLAN for Hotspot 2.0 onboarding. See the Hotspot 2.0 Reference Guide for this release for more information. Hotspot 2.0 onboarding allows for Open and 802.1x EAP authentication methods.
    • WeChat—Click this option if you want the WLAN usage through WeChat.
    Authentication Options
    Method Specifies the authentication mechanism. Select the following option:
    • Open (Default)—No authentication mechanism is applied to connections. If WPA or WPA2 encryption is used, this implies WPA-PSK authentication.

      If you clicked Web Authentication in Authentication Type, Open is the only available authentication option, even though PSK-based encryption can be supported.

    • 802.1X EAP—A very secure authentication/encryption method that requires a back-end authentication server, such as a RADIUS server. Your choice mostly depends on the types of authentication the client devices support and your local network authentication environment. If you select Enable RFC Location Delivery Support for Authentication & Accounting Server, enter the Operator Realm.

      Selecting the authentication method as Hotspot (WISPr), also allows you to select 802.1x EAP as an authentication option. This enables a two-step authentication method when shared and pre-authenticated devices are used, or when user equipment is shared among multiple users. The device access is successful when both authentication processes are completed successfully: 802.1x EAP authentication first, followed by Hotspot (WISPr) authentication.

    • MAC Address—Authenticates clients by MAC address.
      • MAC Authentication—Requires a RADIUS server and uses the MAC address as the user logon name and password.

        Select Use user defined text as authentication password (default is device MAC address) and enter the format.

      • MAC Address Format—Choose the MAC address format from the drop-down menu.
    • 802.1X EAP & MAC—Selecting this option indicates that the 802.1x EAP and MAC address authentication methods must both pass for a user to successfully authenticate. First, MAC address authentication is verified; if that passess, 802.1x EAP authentication is processed. After the two authentication methods succeed, the user equipment gains access to the WLAN. Authentication is handled by a back-end RADIUS server.

      When this authentication method is selected, the MAC Authentication and MAC Address Format fields will be shown within the Authentication Options section.

    Encryption Options
    Method Specifies the encryption method.

    WPA and WPA2 are both encryption methods certified by the Wi-Fi Alliance; WPA2 with AES is the recommended encryption method. The Wi-Fi Alliance will be mandating the removal of WEP due to its security vulnerabilities, and Ruckus recommends against using WEP if possible.

    Select the option:
    • WPA2—Enhanced WPA encryption using AES encryption algorithm.
      Choose the following:
      • AES:
        1. Enter PassPhrase.
        2. Select or clear Show.
        3. Select
          • the Enable 802.11 Fast BSS Transition check box and enter the Mobility Domain ID.
          • the required 802.11w MFP option.
      • AUTO:
        1. Enter PassPhrase.
        2. Select or clear Show.
    • WPA-Mixed—Allows mixed networks of WPA- and WPA2-compliant devices. Use this setting if your network has a mixture of older clients that only support WPA and TKIP, and newer client devices that support WPA2 and AES.
      1. Choose Algorithm: AES or AUTO
      2. Enter PassPhrase.
      3. Select or clear Show.
      4. Select Enable 802.11 Fast BSS Transition.
      5. Enter the Mobility Domain ID.
    • WEP-64 (40 bits)—Provides a lower level of encryption, and is less secure, using 40-bit WEP encryption.
      1. Choose the WEP Key.
      2. Enter HEX value.
    • WEP-128 (104 bits)—Provides a higher level of encryption than WEP-64, using a 104-bit key for WEP encryption. However, WEP is inherently less secure than WPA.
      1. Choose the WEP Key.
      2. Enter HEX value.
    • None
    Data Plane Options
    Access Network Defines the data plane tunneling behavior.

    Enable Tunnel WLAN traffic through Ruckus GRE.

    Configure the following options as appropriate:
    • GRE Tunnel Profile: Manages AP traffic. Select the profile from the list.
    • Split Tunnel Profile: Enables split tunneling to manage user traffic between corporate and local traffic. Enable the profile from the list. Click to create a new profile or click to edit a profile. By default, the option is disabled.
    NOTE
    RuckusGRE or SoftGRE must be enabled on the WLAN before mapping it to a Split Tunnel Profile.
    vSZ-D DHCP/NAT Enables tunneling option for DHCP/NAT. Select the required check boxes:
    • Enable Tunnel NAT
    • Enable Tunnel DHCP
    RADIUS based DHCP/NAT Enables RADIUS-based DHCP/NAT settings. DHCP server authorizes remote clients and allocates addresses based on replies from a RADIUS server. Select the required check boxes:
    • Enable RADIUS based NAT
    • Enable RADIUS based DHCP
    Authentication & Accounting Server (for WLAN Authentication Type: Standard )
    Authentication Server Specifies the server used for authentication on this network. By enabling Proxy, authentication requests will flow through the controller. In a non-proxy mode, the AP will communicate directly with the authentication server without going through the controller.
    1. Select the Use controller as proxy check box.
    2. Select the server from the drop-down menu.
    3. Select the Enable RFCLocationDeliverySupport.
    Accounting Server Specifies the server used for accounting messages. By enabling Proxy, accounting messages are sent by the controller. In a non-proxy mode, the AP will communicate accounting messages directly.
    1. Select the Use controller as proxy check box.
    2. Select the server from the drop-down menu.
    Hotspot Portal (for WLAN Authentication Type: Hotspot (WisPr))
    Hotspot (WISPr) Portal Defines hotspot behavior, such as redirects, session timers, and location information, among others. Select the hotspot portal profile that you want this WLAN to use.
    Bypass CNA Bypasses the Apple CNA feature on iOS and OS X devices that connect to this WLAN. Select the Enable check box.
    Authentication Server Indicates the authentication server that you want to use for this WLAN. Choose the option. Options include Local DB, Always Accept, and any AAA servers that you previously added. Additionally, if you want the controller to proxy authentication messages to the AAA server, select the Use Controller as Proxy check box.

    When the SSH tunnel between the AP and the controller is down, you can enable Backup Authentication Service to back up the AP's authentication services to a secondary device.

    NOTE
    For WISPr survivability, the customer portal must use the AP WISPr ZD-Style API/Backup AAA authentication to continue the WISPr service.
    Accounting Server Indicates the RADIUS Accounting server that you want to use for this WLAN. Choose the option. You must have added a RADIUS Accounting server previously. Additionally, if you want the controller to proxy accounting messages to the AAA server, select the Use the Controller as Proxy check box.

    When the SSH tunnel between the AP and the controller is down, you can enable Backup Accounting Service to back up the AP's accounting services to a secondary device.

    NOTE
    For WISPr survivability, the customer portal must use the AP WISPr ZD-Style API/Backup AAA authentication to continue the WISPr service.
    Guest Access Portal (for WLAN Authentication Type: Guest Access)
    Guest Portal Service Indicates the guest access portal to be used on this WLAN. Choose the guest portal service.
    Bypass CNA Bypasses the Apple CNA feature on iOS and OS X devices that connect to this WLAN. Select the Enable check box.
    Guest Authentication Manages guest authentication. Select:
    • Guest to require users to enter their guest pass credentials. Guest passes are managed directly on the controller.
    • Always Accept to allow users without guest credentials be authenticated.
    Guest Accounting Indicates the RADIUS Accounting server that you want to use for this WLAN. Choose the server. You must have added a RADIUS Accounting server previously. Additionally, if you want the controller to proxy accounting messages to the AAA server, select the Use the Controller as Proxy check box.
    Authentication & Accounting Server (for WLAN Authentication Type: Web Authentication)
    Web Authentication Portal Indicates the web authentication portal to use for this WLAN. Choose the web authentication portal from the drop-down menu.
    Bypass CNA Bypasses the Apple CNA feature on iOS and OS X devices that connect to this WLAN. Select the Enable check box.
    Authentication Server Indicates the authentication server that you want to use for this WLAN. Choose the option. Options include Local DB, Always Accept, and any AAA servers that you previously added. Additionally, if you want the controller to proxy authentication messages to the AAA server, select the Use the Controller as Proxy check box.
    Accounting Server Indicates the RADIUS Accounting server that you want to use for this WLAN. Choose the server. You must have added a RADIUS Accounting server previously. Additionally, if you want the controller to proxy accounting messages to the AAA server, select the Use the Controller as Proxy check box.
    Hotspot 2.0 Profile (for WLAN Authentication Type: Hotspot 2.0 Access)
    Hotspot 2.0 Profile Indicates the profile, which includes operator and identify provider profiles. Choose the profile.
    Authentication Server RFC 5580 Supports RFC 5580 location delivery on the WLAN, which carries location information in RADIUS exchanges. Select the check box.
    Accounting Server Updates Indicates the frequency to send interim updates.

    Configure the account update interval for accounting servers defined in the Hotspot 2.0 Identity Provider profile.

    Enter the duration in minutes. Range: 0 through 1440.
    We Chat Portal (for WLAN Authentication Type: We Chat)
    We Chat Portal Defines the We Chat authentication URL, DNAT destination, and other information. Select a We Chat portal service.
    Accounting Server Indicates the RADIUS Accounting server that you want to use for this WLAN. Choose the server. You must have added a RADIUS Accounting server previously. Additionally, if you want the controller to proxy accounting messages to the AAA server, select the Use the Controller as Proxy check box.
    Forwarding Profile (for WLAN Usage > Access Network)
    Forwarding Policy Defines special data packet handling to be taken by the data plane when the traffic is tunneled. Forwarding Profile is Factory Default. It is disabled.
    Options
    Wireless Client Isolation Prevents wireless clients from communicating with each other.

    Enable Isolate wireless client traffic from all hosts on the same VLAN/subnet.

    Enable the following required options as appropriate:
    • Isolate unicast packets: Isolates only unicast packets between a client isolation-enabled client and other clients of the AP. By default, the option is enabled.
    • Isolate multicast packets: Isolates only multicast packets between a client isolation-enabled client and other clients of the AP. By default, the option is disabled.
    • Automatic support for VRRP: Isolates packets in VRRP deployment. By default, the option is disabled indicating that the AP is not in a VRRP deployment.
    Isolation Whitelist Defines wired destinations on the local subnet that can be reached, even if client isolation is enabled. Select the option.
    Priority Determines high versus low transmit preference of one WLAN compared to another. Traffic for high priority WLANs is always sent before low priority WLANs in the same QoS category (background, best effort, video, voice). Choose the priority:
    • High
    • Low
    RADIUS Option
    NAS ID Defines the ID sent to the RADIUS server, which will identify the AP. Choose the option:
    • WLAN BSSID
    • AP MAC
    • User-defined
    NAS Request Timeout Indicates the duration after which an expected RADIUS response message is considered to have failed. Enter the timeout period (in seconds).
    NOTE
    It is recommended to configure the same values for NAS Request Timeout, NAS Max Number of Retries, and NAS Reconnect Primary.
    NAS Max Number of Retries Indicates the maximum number of failed connection attempts after which the controller will fail over to the backup RADIUS server. Enter the maximum number of failed connection attempts.
    NOTE
    It is recommended to configure the same values for NAS Request Timeout, NAS Max Number of Retries, and NAS Reconnect Primary.
    NAS Reconnect Primary

    Indicates the time interval after which the controller will recheck if the primary RADIUS server is available when the controller has failed over to the backup RADIUS server.

    Enter the duration in minutes. Range: 1 through 60 minutes. The default interval is 5 minutes.
    NOTE
    It is recommended to configure the same values for NAS Request Timeout, NAS Max Number of Retries, and NAS Reconnect Primary.
    Called Station ID Indicates the format for the called station ID, which is sent to the RADIUS server as an attribute, and can be used in policy decisions. Select a format:
    • WLAN BSSID
    • AP MAC
    • AP GROUP
    • NONE
    Single Session ID Accounting Enabling this feature allows the APs to maintain one accounting session for a client roaming between APs. If the client roams from one AP to another, the accounting session ID and statistics will be carried while roaming from one AP to the other. If the feature is not enabled, the accounting session ID is regenerated and statistics are also reset, essentially resetting the accounting. Select the Enable check box to use this feature.
    NAS IP Indicates the NAS IP address. Select the option:
    • Disabled
    • SZ Control IP
    • SZ Management IP
    • User-defined
    Vendor Specific Attribute Profile Indicates the VSA profile Select from the following options:
    • VSA profiles
      NOTE
      VSA profiles are configured at the zone level.
    • Disabled (default)
    NOTE
    Click to edit the VSA profile.
    Advanced Options
    User Traffic Profile Defines the traffic policy that will be applied to users on this WLAN. The default UTP allows all with no rate limits. UTPs can define rate limits as well as Layer 3 through 7 ACLs and policies. Select the required option. Click to add a new profile or click to edit a profile.
    L2 Access Control Enables the WLAN to blacklist or whitelist a specific set of MAC addresses based on a Layer 2 access control policy. Select the required option. Click to add a new policy or click to edit a policy.
    OS Policy Enables the WLAN to apply a unique policy to a device based on OS type. Use a precedence profile to determine whether a role-based, AAA-based, or OS-based policy will take precedence. Select the required option. Click to add a new policy or click to edit a policy.
    Application Recognition and Control Enables DPI-based Layer 7 application recognition, and if enabled, an application control policy. Recognition and control are performed on the AP. Select the Enable check box.
    URL Filtering Enables URL filtering on the WLAN controller to block or allow access to specific websites or web pages. Click the button and select the URL Filtering Profile. Select the required option. Click to add a new profile or click to edit a profile.
    Client Fingerprinting Enables the AP to attempt to utilize DHCP fingerprinting to identify client devices by their operating system, device type, and host name. Select the check box.
    Access VLAN Tags the WLAN traffic with a VLAN ID from 2 through 4094. By default, all client traffic will be assigned to the native (untagged) VLAN on the AP's Ethernet port, which is represented as VLAN ID 1. Select the check box and enter the VLAN ID.
    Hotspot 2.0 Onboarding Allows devices to connect to a Wi-Fi network automatically, wherein the service providers engage in roaming partnerships to provide seamless access to Wi-Fi networks. The devices are authenticated using credentials or certificates. Select the check box to allow Hotspot 2.0 Onboaring for the WISPr WLAN.
    Hide SSID Removes the SSID from Beacon frames. By removing the SSID, in most cases, clients will not show this SSID in their scan list unless the device is already configured to connect. This can simplify the network decision for an end user. Select the check box.
    Client Load Balancing Disables client load balancing on this WLAN if the option is selected. Select the check box to disable client load balancing on this WLAN.
    Proxy ARP Enables proxy ARP. When proxy ARP is enabled on a WLAN, the AP provides proxy service for stations when receiving neighbor discovery packets (for example, ARP request and ICMPv6 Neighbor Solicit messages), and acts on behalf of the station in delivering ARP replies. When the AP receives a broadcast ARP/Neighbor Solicit request for a known host, the AP replies on behalf of the host. If the AP receives a request for an unknown host, it forwards the request. Select the check box.
    MAX Clients Limits the number of clients that can associate with this WLAN per AP radio (default is 100). Every connection attempt after this maximum value will not be permitted to connect. Enter the number of clients allowed.
    802.11d Adds additional regulatory information to AP beacons and probe responses. This compliance information provides country-specific guidance such as permitted channels and transmit power, to ensure that the devices operate within the legal boundaries of the country. 11d is helpful for many devices that cannot independently determine their operating country. Select the check box to enable this option.
    802.11k Neighbor Report Enhances roaming by providing a list of neighbor APs to the client device. APs build a neighbor AP list via background scanning, and when the client plans to roam, it will request this list from the AP. This list is then used to perform efficient scanning to find a roaming candidate. Select the check box.
    Anti-spoofing Prevents attacks on genuine clients from rogue clients that could lead to service disruption, data loss, and so on. This is achieved by matching the MAC address or IP address (IPv4) of the client with the address in the Ruckus database. If the addresses do not match, the packet is dropped. These checks are also performed on ingress data packets to catch spoofed data packets early. Enable the option. By default, the following options are also enabled:
    • ARP request rate limit: Enter the packets to be reviewed for Address Resolution Protocol (ARP) attacks per minute. In ARP attacks, a rouge client sends messages to a genuine client to establish connection over the network.
    • DHCP request rate limit: Enter the packets to be reviewed for DHCP pool exhaustion per minute. When rouge clients send a DHCP request with a spoofed address, an IP address from the DHCP pool is assigned to it. If this happens repeatedly, the IP addresses in the DHCP pool are exhausted, and genuine clients may miss out on obtaining the IP addresses.
    NOTE
    When you enable anti-spoofing, an ARP request and DHCP request rate limiter are automatically enabled with default values (in packets per minute, or ppm) that are applied per client; implying that each client connected to an interface enabled with anti-spoofing is allowed to send a maximum of "X" ARP/DHCP request ppm. The value "X" is configured on the interface to which the client is connected.
    NOTE
    The Force-DHCP option will be enabled by default when anti-spoofing is enabled, and it cannot be changed after anti-spoofing is enabled.
    Force DHCP Requires the clients to obtain a valid IP address from DHCP within the specified number of seconds. This prevents clients configured with a static IP address from connecting to the WLAN. Additionally, if a client performs Layer 3 roaming between different subnets, in some cases the client sticks to the former IP address. This mechanism optimizes the roaming experience by forcing clients to request a new IP address. Select the check box.
    DHCP Option 82 Enables an AP to encapsulate additional information (such as VLAN ID, AP name, SSID, and MAC address) into the DHCP request packets before forwarding them to the DHCP server. The DHCP server can then use this information to allocate an IP address to the client from a particular DHCP pool based on these parameters. Select the option.
    DHCP Option 82 Format

    Enables an AP to encapsulate additional information (such as VLAN ID, AP name, SSID, MAC address, IF name, AP model, Location, Privacy type and Area name) into the DHCP request packets before forwarding them to the DHCP server. The DHCP server can then use this information to allocate an IP address to the client from a particular DHCP pool based on these parameters.

    Enable the required format:
    • Subopt-1 with format and select the option.
    • Subopt-2 with format and select the option.
    • Subopt-150 with VLAN-ID.
    • Subopt-151 with format and select the option.
    DTIM Interval

    Indicates the frequency at which the Delivery Traffic Indication Message (DTIM) will be included in Beacon frames.

    Enter the frequency number.

    Range: 1 through 255.

    Directed MC/BC Threshold Defines the per-radio-client count at which an AP stops converting group-addressed data traffic to unicast. However, the Directed Threshold logic is only one part of the APs' multicast handling logic, which means there may be other factors that determine whether a frame is transmitted as unicast or multicast. APs support a feature called Directed Multicast (configurable only on AP CLI, enabled by default), which adds additional logic to the multicast flow. If Directed Multicast is disabled, the AP uses the Directed Threshold as the only criteria to determine whether to transmit a multicast packet as unicast. However, when Directed Multicast is enabled, the flow is changed. Directed Multicast is a feature that checks to see if a multicast packet is well-known or not. For well-known multicast packets, for example, Bonjour, uPNP, most IPv6 link- and node-local, and Spectralink, the AP still applies the Directed Threshold logic to determine conversion to unicast. For non well-known types, the AP monitors and maintains a database of client subscriptions using IGMP and MLD. If associated clients are subscribed to the multicast stream, then the AP always converts these packets to unicast, regardless of the Directed Threshold configuration. If there are no clients subscribed to the multicast stream, the AP drops these packets. It is important to be aware of this behavior when validating multicast operation in a deployment. Enter the client count number.

    Range: 0 through 128.

    Client Tx/Rx Statistics Stops the controller from monitoring traffic statistics for unauthorized clients. Select the check box.
    Inactivity Timeout Indicates the duration after which idle clients will be disconnected. Enter the duration in seconds.
    OFDM Only Disconnects 802.11b devices to the WLAN and all devices are forced to use higher data rates for more efficient airtime usage. This setting only affects the 2.4-GHz radio. OFDM is used by 802.11a, g, n, ad ac, but is not supported by 802.11b. Select the check box.
    BSS Min Rate Forces client devices to both be closer to the AP and to use higher, more efficient rates when you increase the BSS minimum rate above the default (all rates) setting. The BSS minimum rate is the lowest data rate supported on the WLAN. When OFDM-only is enabled, it takes higher priority than BSS minimum rate settings. Select the option.
    Mgmt Tx Rate Sets the transmit rate for management frame types such as beacon and probes. Select the value.
    Service Schedule Controls when the WLAN service is active. The purpose of this setting is to automatically enable or disable a WLAN based on a predetermined schedule. By default, the service is Always On. Always Off can be checked in order to create a WLAN and apply it, but prevent it from advertising until ready. The Specific setting allows a configurable schedule based on time of day and days of the week.
    NOTE
    When a service schedule is created, it is saved by the SZ and AP using time zone of the browser. When it is enforced by the AP, the AP will enforce it according to the time zone of the browser when it was configured.
    Choose the option:
    • Always On
    • Always Off
    • Specific and select a schedule profile from the drop-down list.
    Band Balancing Disables band balancing only for this WLAN, if you select the check box. Select the Disable band balancing for this WLAN service check box.
    Qos Map Set

    Reprioritizes downlink packets based on the configured mappings. When an AP receives a downlink packet, it checks the existing DSCP (Layer 3 QoS) marking, compares it to this map set and then changes the user priority (Layer 2 QoS) values for transmission by the AP.

    To configure this feature, select the User Priority (UP) from the table (0-7) and configure the DSCP (0-64) range that will be mapped to this UP.

    Exceptions can also be added such that the original DSCP and UP tagging are preserved and honored by the AP.

    Select Enable QOS Map Set.
    SSID Rate Limiting Enforces an aggregate rate limit for all users of the WLAN. The purpose of this feature is to prevent the combined throughput from all users of an SSID from exceeding this threshold. This feature is different from per-user rate limiting, which enforces the same rate limit for each individual device. Select Uplink and Downlink check boxes and enter the limiting rates in mbps respectively. Range: 1 mbps through 200 mbps.
    DNS Server Profile Allows the AP to inspect DHCP messages and overwrite the DNS servers with the DNS server configured in this profile. This allows for policy-based DNS application in which unique users/roles should use a different DNS server than others. Select a profile from the drop-down menu. Select Disable from the drop-down menu if you want to disable the DNS Server profile for the WLAN service. Click to add a new profile or click to edit a profile.
    Precedence Profile Defines the relative policy assignment priority for some specific settings. For example, if a WLAN is configured to use VLAN 10, and an AAA/role policy is configured for VLAN 20, and a device OS policy is configured for VLAN 30, and a user/device connects to the WLAN matching all of these policies, which VLAN should be assigned? The precedence policy determines which setting takes priority. Select the required option. Click to add a new profile or click to edit a profile.
    Client Flow Data Logging Sends a log message with source MAC, destination MAC, source IP, destination IP, source port, destination port, L4 protocol, and AP MAC of each packet session to the external syslog server. This function is provided by the AP syslog client (not the SZ syslog client), which must be enabled at the zone level in order to support this client flow logging. Select the check box to log the client-flow data to the external syslog server. Then enable AP syslog functionality from the Zone settings.
    Airtime Decongestion Mitigates airtime congestion caused by management frames in high density deployments. Select the check box.
    Join RSSI threshold Indicates the signal threshold that could connect to the Wi-Fi. If Airtime Decongestion is enabled, Join RSSI threshold is automatically disabled. Enter the Client RSSI threshold to allow joining. Range: -60 through -90 dBm.
    Transient Client Management Discourages transient clients from joining the network. Select the Enable Transient Client Management check box and set the following parameters:
    • Join wait time—Enter the wait time before a client can be permitted to join. Range: 1 through 60 secs.
    • Join expire time—Enter the time during which a rejoin request is accepted without delay. Range: 1 through 300 secs.
    • Join wait threshold—Enter the number of join attempts after which a client is permitted to join even before the join wait time expires.
    Optimized Connectivity Experience (OCE) OCE enables probe response suppression and prevents devices with marginal connectivity from joining the network. Optimizes the connectivity experience for OCE-enabled APs and stations. Select Optimized Connectivity Experience (OCE) and set the following parameters:
    • Broadcast Probe Response Delay - Indicates the time delay to transmit probe response frames in milliseconds.
    • RSSI-based Association Rejection Threshold - Indicates the minimum threshold value to connect to the network (in dBm). If the value entered is less than the minimum threshold value, then any RSSI-based association is rejected.
  4. Click OK.
NOTE
You can also edit, clone, and delete WLANs by selecting the options Configure, Clone, and Delete respectively, from the Wireless LANs page.