The Create SSID screen is used to define an SSID configuration and associate an SSID with an Access Point (AP) Group. To access this screen, click on Create SSID on the SSIDs screen.

The Create SSID screen is divided into two sections:

1. SSID Settings

  • Basic Information - Configures identifying information for the SSID (for example, profile name, SSID broadcast name, network usage, Captive Portal authentication, and allowed bands).

  • Authentication Strategy - Selects an authentication server, authentication strategy, and access policy.

  • Default VLAN/Network - Configures an Access Role Profile and select VLANs or Tunnels for the profile.

  • Detailed SSID Settings - Configures detailed settings for SSID functionality (for example, hide SSID, advanced security, roaming controls, client controls, and data rates).

2. Network Assignments

SSID Settings - Basic Information

Complete the fields as described below to provide the basic information for the SSID:

  • Profile Name - A unique name to identify the management profile for the SSID.

  • SSID - A name that uniquely identifies the wireless network (up to 31 characters). This is the wireless network name that is advertised to wireless clients.

  • Usage - The SSID network usage. When you select a Usage, relevant related default configurations such as Access Policy, Authentication Strategy, Guest Access Strategy, and BYOD Access Strategy are automatically created and linked to the SSID using a name derived from the SSID. These configurations can then be customized for your network.

    • Guest Network (Open or Captive Portal) - Create a network for Guest Users. Suitable for setting up an Open Network with or without a Captive Portal. This is typically used for Guests

    • Employee BYOD Network - Create a network for employees connecting with their own devices. Suitable for setting up an Open Network for Employee BYOD devices. Access to the network is granted after BYOD portal authentication.

    • Enterprise Network for Employees (802.1X) - Create a network for employees connecting with known devices. Suitable for setting up an Enterprise Network for Employees accessing the network with Company Property or BYOD devices.

    • Protected Network (Pre-Shared Key & an Optional Captive Portal) - Create a Protected Network for Guest Users. Suitable for setting up a Personal network that requires a PSK/Passphrase, with or without a Captive Portal. This is typically used for Guests.

    • Protected Network for Employees (Pre-Shared Key & BYOD Registration Portal) - Create Protected Network for employees connecting with their own devices. Suitable for setting up a Personal Network that requires a PSK/Passphrase for employee BYOD devices. Access to the network is granted after BYOD portal authentication.

  • Captive Portal/BYOD - Depending on the SSID network Usage selected, you can enable/configure Captive Portal or BYOD authentication for the SSID.

    • Do you want users to go through a Captive Portal? - Enable/Disable Captive Portal Authentication for the SSID.

      • OV-UPAM Captive Portal - Authenticate through OmniVista Cirrus UPAM Captive Portal.

    • Enable BYOD Registration - Enable/Disable BYOD authentication for the SSID.

  • Allowed Band - The band(s) available on the network:

    • Both 2.4 GHz and 5 GHz.

    • Only 2.4 GHz

    • Only 5.0 GHz

SSID Settings - Authentication Strategy

Enable or disable MAC Authentication. When enabled, additional fields are displayed to select the RADIUS Server and the Access Policy to use for the Authentication Strategy. Complete the fields as described below:

  • RADIUS Server - Select the RADIUS Server to use from the drop-down menu. The following options are available for the selected server:

    • View details - Display details about the selected RADIUS Server.

    • Edit - Open the Edit RADIUS Server screen to modify server settings.

    • Manage Guest Devices - Configure user access to company devices owned by the Organization (for example, printers, IP phones, laptops, tablets). This field may not be available depending on the RADIUS Server selected.

Note that when you click on Edit or Manage Guest Devices, you are prompted to either discard current changes to open the related screen or open the related screen in a new browser tab.

  • Authentication Strategy → Access Policy - Select one of the following options to specify an Access Policy for the SSID Authentication Strategy:

    • Choose Existing Access Policy (Default) - Select an existing Access Policy from the drop-down menu. Optionally, click on Edit button to modify settings for the selected Access Policy.

    • Configure Access Policy - Create a new Access Policy. When you select this option, a default Access Policy is automatically created with the SSID name. You can then customize the default policy settings, as needed.

SSID Settings - Default VLAN/Network

In this section, you can select one of the following options to apply an Access Role Profile to clients joining this SSID, if a role cannot be assigned by other role assignment methods.

  • Choose Existing Access Role Profile (Default) - Select an existing Access Role Profile from the drop-down menu. The “VLAN” and “Use Tunnel” options are set according to the attributes defined in the selected Access Role Profile.

  • Configure Access Role Attributes - When you select this option, a default Access Role Profile is automatically created with the SSID name. You can then customize the default profile settings, as needed.

SSID Settings - Detailed SSID Settings

In this section, you can configure advanced SSID settings as described below:

  • Hide SSID - Enables/Disables SSID in beacon frames. Note that hiding the SSID does very little to increase security. (Default = Disabled)

  • UAPSD - Enables/Disables Unscheduled Automatic Power Save Delivery (UAPSD) on the SSID. UAPSD is a QoS facility defined in IEEE 802.11e that extends the battery life of mobile clients. In addition to extending battery life, this feature reduces the latency of traffic flow that is delivered over the wireless media. Because UAPSD does not require the client to poll each individual packet that is buffered at the access point, it allows delivery of multiple downlink packets by sending a single uplink trigger packet. (Default = Enabled)

  • Detailed SSID Settings → Security

    • Classification Status - Enables/Disables classification. If classification is enabled, traffic will be classified to a role based on the configured classification rules. Note that the precedence of role assignment methods is important. Classification Rules are only used if 802.1x/MAC authentication does not return a role, or the returned role is not matched with any configured roles in the device.

    • MAC Pass Alt - If MAC Authentication is enabled, select an Access Role Profile to assign to clients that pass MAC Authentication.

    • Client Isolation - Enables/Disables Client Isolation. If enabled, traffic between clients on the same AP in the SSID is blocked; client traffic can only go toward the router. (Default = Disabled)

  • Detailed SSID Settings → Hotspot 2.0

    • Hotspot 2.0 - Enables/Disables Hotspot 2.0. Hotspot 2.0 is a new standard for public-access Wi-Fi that enables seamless roaming among Wi-Fi networks and between Wi-Fi and cellular networks. Hotspot 2.0 was developed by the Wi-Fi Alliance and the Wireless Broadband Association to enable seamless hand-off of traffic without requiring additional user sign-on and authentication. Note that Hotspot 2.0 is only supported with Enterprise WPA2_AES or Enterprise WPA3_AES256 Encryption. You must first select one of these Encryption types before you can enable Hotspot 2.0.

    • Operator Name - The operator providing the Hotspot service (0 - 252 characters).

    • Venue Name - The venue where the Hotspot is hosted (0 - 252 characters).

    • Venue Type - The type of venue hosting the Hotspot.

    • Network Detail - The type of Hotspot network.

    • Domain List - The list of Hotspot Domains. You can have up to 16 Domain Names (1 - 255 characters each).

    • Roaming OIs - The Roaming Organization Identifier. You can have up to 16 OIs. Each OI field is 3 characters in length if the organizationally unique identifier is an OUI, or 5 octets in length if the organizationally unique identifier is an OUI-36.

  • Detailed SSID Settings → Roaming Controls

    • L3 Roaming - Enables/Disables Layer 3 roaming. Layer 3 roaming allows client to move between Access Points and connect to a new IP subnet and VLAN.

    • FBD Update on Association - Enables/Disables FDB update on Association. If enabled, when a client roams to a new AP, the AP will send ARP packets to the uplink switch to notify the switch to change the downstream forwarding port for the wireless client's traffic.

    • 802.11k Status - Enables/Disables 802.11k. The 802.11k protocol enables APs and clients to dynamically measure the available radio resources. When 802.11k is enabled, APs and clients send neighbor reports, beacon reports, and link measurement reports to each other.

    • 802.11v Status - Enables/Disables 802.11v. 802.11v standard defines mechanisms for wireless network management enhancements and BSS transition management. It allows client devices to exchange information about the network topology and RF environment. The BSS transition management mechanism enables an Instant AP to request a voice client to transition to a specific AP, or suggest a set of preferred APs to a client due to network load balancing or BSS termination. It also helps the client identify the best AP to transition to as they roam.

  • Detailed SSID Settings → Client Controls

    • Max Number of Clients Per Band - The maximum number of clients allowed in each band. (Range = 1 - 256, Default = 64)

    • 802.11b Support - Enables/Disables allowing 11b legacy clients connect to APs.

    • 802.11a/g Support - Enables/Disables allowing 11a/g legacy clients connect to APs.

  • Detailed SSID Settings → Minimum Client Date Rate Controls

    • 2.4GHz Minimum Client Data Rate Controller - Enables/Disables 2.4G band access control based on client data rate.

    • 2.4GHz Minimum Client Data Rate - 2.4G band client with lower data speed will not be given access, recommended value 12.

    • 5GHz Minimum Client Data Rate Controller - Enables/Disables 5G band access control based on client data rate.

    • 5GHz Minimum Client Data Rate - 5G band client with lower data speed will not be given access, recommended value 24.

  • Detailed SSID Settings → Minimum MGMT Rate Controls

    • 2.4GHz Minimum MGMT Rate Controller - Enables/Disables 2.4G band wireless management frame rate control.

    • 2.4GHz Minimum MGMT Rate - 2.4G band wireless management frame transmit rate. Higher value means less coverage; lower value means larger coverage.

    • 5GHz Minimum MGMT Rate Controller - Enables/Disables 5G band wireless management frame rate control.

    • 5GHz Minimum MGMT Rate - 5G band wireless management frame transmit rate. Higher value means less coverage; lower value means larger coverage.

  • Detailed SSID Settings → High-Throughput Control

    • A-MSDU - Enables/Disables Aggregate MAC Service Data Unit. A-MSDU is a structure containing multiple MSDUs, transported within a single (unfragmented) data MAC MPDU.

    • A-MPDU - Enables/Disables Aggregate MAC Protocol Data Unit. A-MPDU is a method of frame aggregation, where several MPDUs are combined into a single frame for transmission.

  • Detailed SSID Settings → Power Save Controls

    • DTIM Interval - The Delivery Traffic Indication Message (DTIM) period in beacons. The DTIM interval determines how often the AP should deliver the buffered broadcast and multicast frames to associated clients in the "power save" mode. The default value is 1, which means the client checks for buffered data on the OAW-IAP at every beacon. You can configure a higher DTIM value for power saving (Range = 1 - 255).

  • Detailed SSID Settings → Bandwidth Contract

    • Upstream Bandwidth - The maximum bandwidth for traffic from the switch to the client

    • Downstream Bandwidth - The maximum bandwidth for traffic from the client to the switch.

    • Upstream Burst - The maximum bucket size used for traffic from the switch to the client. The bucket size determines how much the traffic can burst over the maximum bandwidth rate

    • Downstream Burst -The maximum bucket size used for traffic from the client to the switch. The bucket size determines how much the traffic can burst over the maximum bandwidth rate.

  • Detailed SSID Settings → Broadcast/Multicast Optimization

    • Broadcast Key Rotation - Enables/Disables the broadcast key rotation function. If enabled, the broadcast key will be rotated after every interval time.

    • Broadcast Key Rotation Time Interval - The interval, in minutes, to rotate the broadcast key (Range = 1 - 1440, Default = 15).

    • Broadcast Filter All - Enables/Disables broadcast filtering. If enabled, all broadcast frames are dropped, except DHCP and Address Resolution Protocol (ARP) frames.

    • Broadcast Filter ARP - Enables/Disables broadcast filtering for ARP. If enabled, the AP will act as an "ARP Proxy". If the ARP-request packet requests a client's MAC address and the AP knows the client's MAC and IP address, the AP will respond to the ARP-request but not forward the ARP-request (broadcast) to all broadcast domains. This reduces ARP broadcast packet forwarding and significantly improves network performance. Note that APs do not act as ARP proxy for Gratuitous ARP packets. When the station gets an IP from DHCP or IP release/ renew, the station will send Gratuitous ARP packets. AP will not respond to such special ARP packets and broadcast them normally.

    • Multicast Optimization - Enable/Disables multicast traffic rate optimization.

    • Multicast Based Channel Utilization - Configures based channel utilization optimization percentage. (Range = 0 - 100, Default = 90)

    • Number of Clients - Configure the threshold for multicast optimization. This is the maximum number of high-throughput.

  • Detailed SSID Settings → 802.1p Mapping - Used to configure the uplink and downlink mapping mechanism between Wi-Fi Multimedia (WMM) Access Categories and 802.1p priority. Uplink traffic can only be mapped to a single value. Downlink traffic can be mapped to multiple values. Fields are populated with the default values. To modify a default uplink value, enter a new value in the field. To modify a default downlink value, enter a new value and click on the Add icon. To remove a value, click on the "x" next to the value.

    • Background - WMM Background will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 1)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 1, 2)

    • Best Effort - WMM Best Effort will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 0)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 0, 3)

    • Video - WMM Video will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 4)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 4, 5)

    • Voice - WMM Voice will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 6)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 6, 7)

  • Detailed SSID Settings → DSCP Mapping - Used to configure the uplink and downlink mapping mechanism between Wi-Fi Multimedia (WMM) Access Categories and DSCP priority. Uplink traffic can only be mapped to a single value. Downlink traffic can be mapped to multiple values. Fields are populated with the default values. To modify a default uplink value, enter a new value in the field. To modify a default downlink value, enter a new value and click on the Add icon. To remove a value, click on the "x" next to the value.

    • Trust Original DSCP - If enabled, the original DSCP mapping for uplink traffic is trusted (Default = Disabled).

    • Background - WMM Background will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 10)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 2, 10)

    • Best Effort - WMM Best Effort will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 0)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 0, 18)

    • Video - WMM Video will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 40)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 24, 36, 40)

    • Voice - WMM Voice will be mapped to the 802.1p value.

      • Uplink - Maps uplink traffic (from AP to network). (Range = 0 - 7, Default = 46)

      • Downlink - Maps downlink traffic (from network to AP). (Range = (Range = 0 - 7, Default = 46, 48, 56)

Network Assignments

An SSID configuration is applied to an AP Group; all APs belonging to the assigned group will use the same SSID configuration. The Network Assignments section of the Create SSID screen is where you can apply SSIDs to AP Groups, as shown here:

When you are done selecting the AP Groups to apply to the SSID, click on Create SSID. The SSID is then created and applied to the selected AP Groups.

If you are editing the AP Group assignment for an SSID, all of the AP Groups to which the SSID was applied are displayed as pre-selected in the “Select Access Point Groups” field. You can then remove and/or add AP Groups, as shown here: