Prueba

Multi-band scan

Spectrum load balancing

Rogue AP detection

Band steering

dwg

jpg

TIFF

gif

After each license is installed

Before any other configuration can take place

Only if the Policy Enforcement Firewall license is installed

A reboot is not required until you have completed the configuration wizard

Role

MAC Address

Output power of client radio

Method of authentication

WEP encryption

Direct access to the internet with no captive portal

Captive portal with authentication via credentials

Captive portal with email registration

The root account can be used to monitor access points connected to the controller

The guest-provisioning account can see the controller’s configuration but cannot change it

The read-only account cannot delete internal database entries

The guest-provisioning account can make changes to the internal database

Add a new employee to the internal database

Change the “look” and “feel” of the guest provisioning page

Change the available data fields on the guest provisioning page

Add a guest user to the internal database

In an overlay deployment APs are connected directly to the Controller while in a direct deployment, APs are connected to other Layer 2 or Layer 3 devices.

The Controller supplies PoE to APs in an Overlay Deployment while APs draw power from other PoE switches in a Direct deployment

In a direct deployment, APs are directly connected to the controller while in an overlay deployment APs are connected to other Layer 2 or Layer 3 devices.

In an overlay deployment, the APs cannot terminate their GRE tunnels at the controller, while in a direct deployment they can.

Set the horizontal plane on each floor

Give the option to resize a floor

Sets the North/South orientation of the building

Sets the proper vertical floor plan alignment

As many as necessary

the same number as firewall policies

one less than the number of firewall policies

the same number as SSIDs

Prior to granting access to L2 media

After the user has an IP address

After the user sees the captive portal page

Prior to the user associating with the AP

Least specific to most specific

Most specific to least specific

Most important resources first

Order is not important

Pre-authentication role

Post-authentication role

AAA role

AAA-CP role

Licenses

WLANs

VLANs and IP addressing

Controller country code

AP Type

PHY Type

Distance to Controller

Environment

Client sets up an IPSEC tunnel with the controller

The AP converts the 802.11 frame to an Ethernet frame and sends this in a GRE tunnel to the controller

The AP decrypts the 802.11 frame and bridges it on the wire

The AP decrypts the 802.11 frame, encrypts it as an Ethernet frame and sends it to the controller

Send a message telling the client it has been blacklisted

De-authenticate the client from the network but allow it to keep transmitting data

Only block the client if it hasn’t yet associated with an AP

Stop the client from associating with any SSID on the controller

L2TP over IPSec is used to carry user traffic and control traffic

PPTP is used to tunnel user traffic

The AP does not encrypt user traffic. The user's link layer encryption is used.

Remote AP traffic is unencrypted

When a user transmits data through the controller, the validuser ACL is used to check if the user is in the layer 3 user-table

Before a client is added to the controller’s user table, the validuser ACL is checked to make sure the client has a valid IP address

The validuser ACL is used during 802.1X authentication to check that the client is in the layer 3 user-table

When an AP needs to transmit data to a user, it checks the validuser ACL to make sure the user has a valid IP address

Pool name

Default router

Option 43

Domain name

Basic controller configuration

License installation

VPN configuration

WLAN configuration

Which firewall hits were detected that refer to the role

Which profiles refer to the role

What policies are inside the role

What users are currently assigned that role

RF Plan

Administrator and enable passwords

Native VLANs on a per port basis

WPA-PSK encryption

Server rules are used to send information to the configured servers

A server group can have more than 1 server

If the internal database is used in the server group, then no external servers can be added

If multiple servers are assigned to the server group, all except the 1st will be ignored

AES

TKIP

WEP

MSCHAPv2

Guest user

Internal user

Barcode scanner

Admin user

SSID

VLAN

Radio Type

Anntena Type

SRC-NAT

DST-NAT

allow all

allow CP

Role

Firewall Policy

Firewall Rule

Profile

DNS query, ADP Broadcast, ADP Multicast, DHCP option 43

DHCP option 43, ADP Multicast, ADP Broadcast, DNS query

DHCP option 43, DNS query, ADP Multicast, ADP Broadcast

ADP Multicast, ADP Broadcast, DHCP option 43, DNS query

NAT-T

IPSec

PPTP

GRE

Airtime fairness

Coordinated access to a single channel

Co-channel interference mitigation

Client aware scanning

Set the S3500 IP address to the 172.16.0.0 range

Quick-Setup needs to be enabled on the LCD Panel

Connect the S3500 to the network for DHCP

Set the laptop IP address to the 192.168.0.0 range

The root account can be used to monitor access points connected to the controller

The guest-provisioning account can see the controller’s configuration but cannot change it

The read-only account cannot delete internal database entries

The guest-provisioning account can make changes to the internal database

Campus

Mesh

Roaming

Remote Mesh

3200

620

650

651

32

8

16

24

AP-105

AP-125

RAP2

All of the above

master controller since it performs the IDS analysis

the local controllers since the APs terminate there

all of the controllers

this isn't the correct license for this purpose

controller's MAC address and the feature description

controller's MAC address and the certificate number

controller's Serial Number and the feature description

controller's Serial Number and the certificate number

Number of APs

Limit One per controller

Number of users

Number of local controllers

AP license

PEF-NG license

PEF-V license

No license required

delete license

write erase

Licenses cannot be deleted once activated

write erase all

Applied to the master controller

Applied to all the controllers in the network

It is based on number of users

It is based on number of APs

Backup master only requires the AP license

License limits should be the same on primary master and backup Master

Licenses are pushed from the primary to the backup Master along with the configuration

Backup Master does not require licenses to support master redundancy

dst-nat

dual-nat

route dst-nat

redirect to tunnel

trusted-ap

guest

pre-guest

logon

when the controller is first booted

when an RF Proctect license is added to the controller

when created manually

when a PEF-NG license is added to the controller

the guest role

the stateful role

the initial role in the server group profile

the initial role in the AAA profile

improve performance

simplify the configuration process

tie IP addresses to ports

assign rules to policies

source the IP addresses of users to specific IP address

redirect HTTP sessions to Captive Portal

redirect Access Points to another Aruba controller

provide a telnet connection to the controller

provide a single source IP address for users in a role

redirect Captive Portal HTTP sessions

redirect Access Points to another Aruba controller

provide IP addresses to clients

redirect to ESI group

source NAT

destination NAT

redirect to tunnel

the user's traffic will be passed to the IP address because of the policy statement:
user any svc-http dst-nat 8080

the user's traffic will be passed to the IP address because of the policy statement:
user any svc-https dst-nat 8081

the user's traffic will be passed to the IP address because of the policy statement:
user any svc-http-proxy1 dst-nat 8088

the user will not reach the IP address because of the policy statement:
user any svc-http dst-nat 8080

the user will not reach the IP address because of the implicit deny any any at the end of the
policy.

The frame will be dropped because of the implicit deny all at the end of the netdestination definition

The frame will be dropped because of the implicit deny all at the end of the access list.

The frame will be forwarded because of the implicit permit all at the end of the access list.

The frame will be passed because there is no service specified in the access list.

The frame will be dropped because there is no service specified in the access list.

The frame is discarded because of the implicit deny all at the end of the policy.

The frame is discarded because of the statement: user host 10.1.1.1 host 10.2.2.2 deny.

The frame is accepted because of the statement: user any any permit.

The frame is accepted because of the statement: user network 10.1.1.0 255.255.255.0 any permit.

This is not a valid policy.

MAC address

OS version

SSID

Radius attribute

SSID

MAC

VLAN

IP Address

user login name

authentication server

location

controller Loopback address

greater than

less than

inverse of

contains

controller

client

authentication server

Internal user database

The controller recognizes the users Domain and sends the authentication request directly to RadiusMiami.

The request is initially sent to RadiusNY1 then RadiusNY1 redirects, the controller, to send the authentication request to RadiusMiami

RadiusNY1 receives the request and returns a deny. No other action is taken.

RadiusNY1 receives the request and returns a deny. The authentications request will then be sent to RadiusMiami.

The User will get the Emp Role

The user will get the 802.1x authentication default Role

The User will get the employee Role

The User will get the Employee Role

The User will get the initial Role

Virtual-ap
ap mesh-radio-profile
ap system profile

Wlan ssid-profile
ap-system-profile
virtual-ap profile

Virtual-ap profile
ap-system profile
aaa profile

802.1X authentication profile
wlan ssid-profile
virtual-ap profile

The Captive portal profile has not been assigned to the initial role

The Captive portal profile has not been assigned to the AAA profile

A server group has not been assigned to the captive portal profile

An initial role has not been assigned to the AAA profile

All traffic in vlan 55 will be dropped and all traffic in vlan 56 and 57 will be trunked with and
802.1Q tag

All traffic in vlan 55, 56 and 57 will be trunked with an 802.1Q tag

All traffic in vlan 55 will be sent with an 802.1Q tag while vlan 56 and 57 traffic will be trunked untagged

All traffic in vlan 56 and 57 will be sent with an 802.1Q tag while vlan 55 traffic will be trunked untagged

employee

guest

contractor

logon

you can't tell

employee

guest

contractor

Captive Portal

Logon

no role will be assigned

Controller name.

Syslog server and levels.

User firewall policy.

User derivation rules

The air-monitors group

The first configured AP group

The Default AP group

It is only added to the 'All Profiles' section

On startup through the CLI

Through the CLI, after the initial CLI wizard has been completed

In the Web UI under maintenance.

In the Web UI under configuration

rsh

Telnet

SSH

Telnet and SSH

Telnet, SSH and rsh

RSH

Telnet

SSH

Telnet and SSH

SSH and RSH

It's not possible to access the CLI from within the WebUI

Embedded Telnet client

Java based SSH client

Proprietary serial over Ethernet client

Security Logs

Management Logs

Wireless Logs

IDS Logs

Network > Controller

Wireless > AP Configuration

Wireless > AP Installation

Advanced Services > Wireless

Advanced Services > All Profiles