Advanced Setting Overrides

Many AP properties are configured from the device group configuration Profile, where they apply to all APs in the device group. Override the following settings for a specific AP from the Advanced > Overrides tab.

Best Practice: For a consistent configuration, a best practice is to configure the APs through the configuration Profile. Overrides are available for unique configuration. However, variances from the configuration Profile can result in APs not receiving general policy changes. Consider configuration Overrides carefully. To determine which APs are configured with overrides, from the AP List, display the Overrides column. See Access Points List.

To access the Overrides dialog:

Go to Configure > Devices > Access Points.
Select an AP.
Select Advanced > Overrides.

Table 1. Advanced AP Setting Overrides
Field	Description
Management VLAN ID Override	Virtual Local Area Network Identifier. Enable VLAN tagging to insert a VLAN ID into a packet header identifying which VLAN the packet belongs to. You can configure this setting for all APs in a device group from the device group Profile Advanced Settings dialog. And, you can override the device group setting for an individual AP from here.
Static MTU	A static Maximum Transmission Unit (MTU). When this option is enabled, the MTU is fixed at the value you specify. Otherwise, the default value of 1500 is used.
GE2 Port Function	Specify the function of the second AP Ethernet port: Client. Indicates that the client port is enabled on the AP. The client option is used in the following scenarios: When an AP radio is configured as a Client Bridge. ExtremeCloud IQ Controller automatically sets the GE2 port to Client. To leverage the second port of the access point as a Client port, allowing pass-through access to attached clients. Client access is subject to policy. This capability is also utilized in support of work group meshing. A GE2 Client port is supported on the following access points: Wi-Fi 6 AP models AP3965 When the GE2 Port is set to Client, the WLAN assignment dialog displays an option to specify the GE2 assignment, and the Wired Ports tab is available from the AP Profile. When the GE2 Port is set to Bridge, the port provides a transparent bridge that transports tagged and untagged traffic between two sides of a wireless connection, while preserving VLAN mappings over the wireless link. Packet tagging and policy is configured through services outside the wireless network configuration. A GE2 Bridge port is supported on the following access points that have more than one Ethernet port: Wi-Fi 6 AP models. Note: The ETH1/GE2 Bridge port is not supported on access points with a single Ethernet port. For more information, see Transparent Bridge. AP Ethernet port traffic backup (failover) between GE1 and GE2 LAG (Link Aggregation Group) Link aggregation combines network connections to increase throughput and to provide redundancy in case of link failure. Requires that both ports negotiate to the same speed (1 Gbps). Note: LAG is supported on ExtremeWireless AP39xx and 11ax APs. LAG is not supported on AP305C, AP410C, and AP460C.
Enable SSH	Determines if the Secure Shell (SSH) protocol is enabled. When enabling SSH, configure a password. To configure an SSH password, go to Admin > System > Maintenance. By default, this setting is disabled. You can configure this setting for all APs in a device group from the device group Profile Advanced Settings dialog. And, you can override the device group setting for an individual AP from here.
AP Event Level	Enable this setting to override the AP Event Level for a specific AP. Valid log level values are: Critical, Major, Minor, and Info. You can also override the AP Event Level for a specific AP from Monitor > AP Device > Events. You can override the AP Event Level for multiple APs from the AP Actions menu on the Device List.
Force Normal Power Operation	Instructs the AP to draw normal power from the POE switch port for full-capacity operation regardless of the IEEE 802.3 ft/at/bt and or LLDP-MED power switch port negotiation. The defined power level for full-capacity power operation is unique for each AP model. Refer to the hardware documentation for each AP model. Note: Use this setting with caution. Improper use can result in an AP power source overload, resulting in an unstable AP operation.
Poll Timeout	Specifies the amount of time, in seconds, to wait for a response from the appliance before rebooting. The value range is from 3 to 600 unless the controller is in an availability pair without fast failover enabled. The default value is 3. You can configure this setting for all APs in a device group from the device group Profile Advanced Settings dialog. And, you can override the device group setting for an individual AP from here.
FA Auth Key	Configure custom Fabric Attach Authentication Keys up to 32 characters in length. Extreme Networks products offer a default FA AUTHENTICATION-KEY built-in. You can also configure a custom key here. When a custom key is not configured, the default key is used. The following special characters are not supported: {? <tab> \ “ `} Note: Supported on Wi-Fi 6 AP models. You can configure this setting for all APs in a device group from the device group Profile Advanced Settings dialog. And, you can override the device group setting for an individual AP from here.
LED Status	You can configure LED Status for all APs in a device group from the device group Profile Advanced settings. You can also override LED Status for an individual AP from here. Valid values are: Off LEDs do not light. Locate LEDs blink so you can locate the AP. Normal Default mode for all APs. Identifies the AP status during the following processes: registration power on boot Note: The value Solid has been deprecated in ExtremeCloud IQ Controller version 5.26.02. If Solid was previously configured, this value is mapped to Normal with the ExtremeCloud IQ Controller version 5.26.02 upgrade.
Adoption Preference	Indicates the preferred controller for device adoption. Use this setting to control the number of APs adopted by each controller in an availability pair. Define AP-Controller mappings for system efficiency and control over roaming domains. Valid values are: Use global availability settings. This option refers to the Auto AP Balancing configuration described in Availability Pair Settings. To configure Auto AP Balancing, go to Administration > System > Availability. Primary Appliance Backup Appliance
WLAN	You can override the radio WLAN assignments for a specific AP. The result is that the AP has a unique radio WLAN assignment, plus port and IOT assignments, and policy definitions that are defined in the configuration Profile. The AP must be part of a device group, but you can override the WLAN per AP in order to enable or disable a selected network. This can be useful for testing and troubleshooting purposes. See WLAN Override.
PEAP User Name and Password	Ability to configure the PEAP (Protected Extensible Authentication Protocol) user name and password for all devices in a device group or for a specific device override. Used to pre-provision devices for authorization to connect to the network. Credential and Certificate installation procedures are supported for AP39xx, SA201 Adapter, and Wi-Fi 6 AP models.
Enforce Manufacturing Certificate	Enforce usage of Extreme PKI (Public Key Infrastructure) when establishing an IKE (Internet Key Exchange) tunnel. Both APs and controllers have Extreme CA certificates installed. When this setting is enabled, the controller accepts only APs that provide Extreme PKI. Note: Supported on the Defender Adapter SA201 and on the ExtremeWireless access point models: AP39xx, Wi-Fi 6 AP models. This setting is not supported on the AP305C, AP410C, and AP460C access point models. There must be successful mutual authentication between the AP and the controller. If either side of the authentication fails, the tunnel is rejected. When this setting is enabled, APs that are not PKI capable (self-signed certificates) are not able to connect to the controller. The default is to clear this option. When this setting is cleared, the controller accepts the AP with a self-signed certificate. With either type of certificate, the certificate type must match in both directions before the authenticated tunnel is established. Authentication failure messages are logged in the ExtremeCloud IQ Controller Events Log. You can configure this setting for all APs in a device group from the device group Profile Advanced Settings dialog. And, you can override the device group setting for an individual AP from here.
Client Bridge	Client Bridge Override — Select to enable override settings. Roaming RSS Threshold — Determines when the client bridge AP scans to find a better infrastructure AP. Valid range: from -128 to -40. Default value is -70. A scan is triggered when one or more of the following criteria is met: When the infrastructure AP RSS value is less than the configured RSS Threshold. When the poll of the infrastructure AP is lost for one second. Note: When a WLAN is configured on the client bridge AP, a scan is triggered whenever the poll of the infrastructure AP is lost, regardless of the RSS Threshold. You can configure this setting for all APs in a device group from the device group Profile Advanced Settings dialog. And, you can override the device group setting for an individual AP from here.
IOT Settings	IoT is supported on the following access point models: AP391x, Wi-Fi 6 AP models. The following AP models do not support IoT: AP3935, AP3965, AP305C-1, AP310i/e-1, AP410i-1, AP410C-1, AP510i-1, and AP4000-1 You can configure beacon settings for all APs in a device group from the device group Profile IoT tab. And you can override some beacon application settings for an individual AP from here. The following applications support AP overrides: iBeacon application. Overrides are supported for the following settings: IoT iBeacon Major IoT iBeacon Minor Measured RSSI Eddystone-url Beacon application. Overrides are supported for the following settings: Eddystone URL Measured RSSI Note: If a beacon application is not configured in the device group Profile, the IOT pane is empty.
Mesh Points	The mesh point settings on an AP radio can be overwritten here. Mesh point configuration is handled from the device group configuration Profile. If you want to modify configuration for a mesh point, check the mesh point check box to display the edit button (). Select to display the Edit Mesh Device Settings dialog. To override a setting, select the check box and provide an override value. Note: Mesh Device Setting overrides are available when the AP is part of a Mesh Network. Important: It is not a best practice to override the Root setting for a specific AP. Configure the Root setting from the device group.
Smart Poll	Smart Poll configuration is handled from the device group configuration Profile. The Smart Poll settings for an AP can be overwritten here. To modify configuration for an individual AP, select Smart Poll Override and configure the Smart Poll parameters.
Radio Setting Overrides	You can configure radio settings for all APs in a device group from the device group Profile Radio tab and Advanced Radio dialog. And you can override radio settings for an individual AP from here.