What services does SKYLINE provide?

We provide specialized divisions including: Data Centre Design & Build (Tier III/IV), Cybersecurity SOC/NOC Operations, SCADA & Automation, Fire Safety, Construction, HVAC, AI Solutions, Server Infrastructure with HPE & Dell, and Software Development.

Does SKYLINE design and build data centres?

Yes, we specialize in Tier III and Tier IV data centre design and construction including electrical infrastructure, precision cooling, raised flooring, fire suppression, and Schneider Electric UPS systems. All our projects are SACS-002 compliant and trusted by major clients like Saudi Aramco and SABIC.

Where is SKYLINE located?

Our headquarters is in Dammam, Eastern Province, Saudi Arabia. We serve all regions of Saudi Arabia and GCC countries including Riyadh, Jeddah, Khobar, Dhahran, and Jubail.

What compliance certifications does SKYLINE hold?

We comply with NCA-ECC (Essential Cybersecurity Controls), SACS-002 (Saudi Communications Standards for Data Centres), ISO 27001 (Information Security Management), and SAMA Cybersecurity Framework.

What experience does SKYLINE have in the Saudi market?

SKYLINE was founded in 2019 with 6+ years of experience, has completed 15+ mega projects including the FIFA Club World Cup, and serves 200+ clients including Saudi Aramco, SABIC, Maaden, and STC.

Configure an Aruba Instant AP and WLAN/SSID via CLI

A hands-on, command-by-command walkthrough for configuring an Aruba Instant access point and a secure WLAN SSID profile from the CLI, including WPA3-Personal, WPA2-Enterprise with RADIUS, VLAN mapping, committing changes, and verification.

SKYLINE Engineering @skyline

Published: May 31, 2026
Last updated: May 31, 2026
Reading time: 4 min

This guide shows how to configure an Aruba Instant access point and create a secure WLAN/SSID profile entirely from the command line. It applies to Aruba Instant (IAP) clusters running the Instant / AOS-8 Instant operating system, where one AP acts as the virtual controller (conductor). If your APs are AOS-10 managed by Aruba Central, day-to-day SSID configuration is done in the cloud UI and zero-touch provisioning — but the CLI shown here is still valuable for bring-up and troubleshooting.

Every command below uses verified Aruba Instant syntax. Where a value is yours to choose (an SSID name, a passphrase, an IP), we show it in plain text — replace it with your own.

1. Connect and reach the CLI

You can reach the Instant CLI three ways: a console cable to the AP, SSH to the virtual controller IP, or SSH to an individual AP. Once connected and logged in, you land in privileged (enable) mode, shown by the # prompt:

AP315#

Enter global configuration mode:

AP315# configure terminal

The shorthand conf t works as well. The prompt changes to (config) #.

2. Name the access point / virtual controller

Give the device a meaningful name so it is identifiable in logs and in Aruba Central:

AP315 (config) # name RYD-HQ-FLOOR2

3. Create a WLAN SSID profile (WPA3-Personal example)

The core object is the wlan ssid-profile. Create one for an employee network secured with WPA3-Personal (SAE):

AP315 (config) # wlan ssid-profile CORP-WIFI
AP315 (SSID Profile "CORP-WIFI") # enable
AP315 (SSID Profile "CORP-WIFI") # type employee
AP315 (SSID Profile "CORP-WIFI") # essid CORP-WIFI
AP315 (SSID Profile "CORP-WIFI") # opmode wpa3-sae-aes
AP315 (SSID Profile "CORP-WIFI") # wpa-passphrase YourStrongPassphrase
AP315 (SSID Profile "CORP-WIFI") # vlan 20
AP315 (SSID Profile "CORP-WIFI") # rf-band all
AP315 (SSID Profile "CORP-WIFI") # exit

What each line does:

enable — turns the SSID on (a profile can exist but be disabled).
type employee — sets the network role; valid types include employee, guest and voice.
essid CORP-WIFI — the broadcast network name. It can differ from the profile name.
opmode wpa3-sae-aes — the security/encryption mode. Common values include opensystem (open), wpa2-psk-aes (WPA2-Personal), wpa2-aes (WPA2-Enterprise), and wpa3-sae-aes (WPA3-Personal). Confirm exact strings supported on your firmware with the tab-completion in the CLI.
wpa-passphrase — the pre-shared key (only for PSK/SAE modes, not Enterprise).
vlan 20 — places client traffic on VLAN 20. Make sure that VLAN is trunked to the AP uplink on your switch.
rf-band all — advertise the SSID on all radio bands (use 2.4 or 5.0 to restrict).

4. Create a guest SSID on its own VLAN

Keep guests away from production by giving them an open or PSK network on an isolated VLAN:

AP315 (config) # wlan ssid-profile GUEST-WIFI
AP315 (SSID Profile "GUEST-WIFI") # enable
AP315 (SSID Profile "GUEST-WIFI") # type guest
AP315 (SSID Profile "GUEST-WIFI") # essid Guest-WiFi
AP315 (SSID Profile "GUEST-WIFI") # opmode wpa2-psk-aes
AP315 (SSID Profile "GUEST-WIFI") # wpa-passphrase WelcomeGuest123
AP315 (SSID Profile "GUEST-WIFI") # vlan 90
AP315 (SSID Profile "GUEST-WIFI") # exit

5. WPA2/WPA3-Enterprise with a RADIUS server (802.1X)

For corporate authentication you bind the SSID to an external RADIUS server (ClearPass, Microsoft NPS, FreeRADIUS). First define the authentication server, then reference it from an Enterprise SSID:

AP315 (config) # wlan auth-server CORP-RADIUS
AP315 (Auth Server "CORP-RADIUS") # ip 10.10.10.5
AP315 (Auth Server "CORP-RADIUS") # port 1812
AP315 (Auth Server "CORP-RADIUS") # acctport 1813
AP315 (Auth Server "CORP-RADIUS") # key YourSharedSecret
AP315 (Auth Server "CORP-RADIUS") # exit

AP315 (config) # wlan ssid-profile CORP-8021X
AP315 (SSID Profile "CORP-8021X") # enable
AP315 (SSID Profile "CORP-8021X") # type employee
AP315 (SSID Profile "CORP-8021X") # essid CORP-8021X
AP315 (SSID Profile "CORP-8021X") # opmode wpa2-aes
AP315 (SSID Profile "CORP-8021X") # auth-server CORP-RADIUS
AP315 (SSID Profile "CORP-8021X") # vlan 20
AP315 (SSID Profile "CORP-8021X") # max-authentication-failures 5
AP315 (SSID Profile "CORP-8021X") # exit

Here opmode wpa2-aes selects WPA2-Enterprise (802.1X) — no passphrase is set because authentication comes from RADIUS. The auth-server line ties the SSID to the RADIUS profile you defined. On your RADIUS server, add the AP / virtual controller as a NAS client using the same shared secret.

6. Commit the configuration

Aruba Instant does not apply changes live as you type — you must commit them. From privileged mode:

AP315# commit apply

You will see output similar to committing configuration... followed by configuration committed. To also persist the configuration so it survives a reboot:

AP315# write memory

(The shorthand wr mem works too.) The commit pushes the new SSIDs to every AP in the cluster, not just the conductor.

7. Verify it worked

Confirm your profiles and that clients are associating:

AP315# show running-config
AP315# show wlan ssid-profile
AP315# show aps
AP315# show clients

show running-config — review the full active configuration, including your SSID and auth-server blocks.
show aps — list every AP in the cluster, its IP, role and uplink status.
show clients — see associated clients, the SSID they joined, signal and the VLAN they landed on.

8. Common pitfalls

SSID broadcasts but no internet — the client VLAN is not trunked to the AP uplink port, or there is no DHCP scope for that VLAN.
Enterprise clients can't authenticate — RADIUS shared secret mismatch, the AP isn't added as a NAS client, or a firewall is blocking UDP 1812/1813.
Changes "didn't take" — you edited the config but never ran commit apply.
Forgot to persist — committed but didn't write memory, so a reboot reverts changes.

Need this done at scale or under pressure?

This walkthrough covers a single cluster. For multi-site rollouts, RADIUS/ClearPass integration, RF surveys and ongoing support, SKYLINE installs, configures and troubleshoots Aruba networks across Saudi Arabia. See our Aruba WiFi installation and support service, compare platforms in our enterprise WiFi buyer's guide, browse the wireless networking category, or contact us at +966 50 993 9334.

SKYLINE Engineering

@skyline

The engineering team at SKYLINE Industrial Solutions. We publish field-tested guides drawn from real KSA and GCC deployments.

See author profile

SKYLINE engineering services

Need this implemented for you?

Reading is free — building it right takes a team. SKYLINE engineers ship Wireless Networking for Aramco vendors, banks, hospitals and government agencies across Saudi Arabia. Talk to us before you start.

Cybersecurity & Data Centre SACS-210, NCA ECC, SOC, 24/7 ops IT AMC Annual maintenance, 24/7 SLA, Bronze→Platinum

Talk to a SKYLINE engineer WhatsApp · +966 50 993 9334 Call +966 50 993 9334

Aramco Approved Contractor ISO 9001 · ISO 27001 SAMA CSF aligned NCA ECC ready 247+ KSA clients

Comments

0 total · 0 threads

Be the first to leave a comment.