Aruba Networks Version 3.3 manual Mobility Management System, Remote AP

Page 13

Remote AP

Using the Remote AP license, the AP can be used as a remote access device across a WAN. Plugging in to any Internet capable Ethernet port, the AP will create a secure tunnel using IPSec (AES) to a designated Mobility Controller. Typically this is done at corporate headquarters, or in regional data centers around the world for global deployments. The same SSIDs, authentication, and security are then available anywhere in the world.

Corporate

SSID

Voice

Remote

AP

SSID

 

Home Office

VoIP

Data Center

DSL/cable

modem

Aruba

Mobility

Controller

Firewall

Internet

Corporate

SSID

Voice

SSID

Guest

SSID

Branch Office

 

Corporate

 

 

SSID

Aruba

 

 

Remote

IPsec

AP

AP

tunnel

 

 

Voice

Guest

 

SSID

SSID

Firewall

VoIP

Corporate HQ

This provides an on-demand corporate hotspot with the same security and access to resources that users will find at the corporate campus without having to install additional software or be subject to a software learning curve. Unlike a software VPN that provides only a limited set of services, using the Aruba Remote AP license extends the entire corporate WLAN experience with the same powerful User- Centric Security.

Mobility Management System

Wireless networking doesn’t make the IT administrator’s job easier; in fact, it can make the job considerably harder. There are no longer any wires to trace, and IP address information only tells you where that user started their day. The MMS consists of a new set of tools to help administrators understand and visualize the wireless network they are administering. It is designed to provide network administrators with the ability to effectively manage multiple Master/Local clusters in the network. The user-centric management model allows administrators to rapidly visualize all network objects related to the user in real-time; drastically reducing the mean-to-resolution (MTTR) while ensuring a high quality WLAN user experience.

The Mobility Management System™ consists of a built-in location API that enables external systems to query the location of any WLAN device. The Mobility Management System software can be deployed on any PC platform (Linux or Windows 2003) or as an option, can be purchased as an enterprise class, hardened appliance.

One controller in each Aruba deployment is designated as the Master Controller. The Master Controller can also manage “Local” controller pairs, or clusters, in a high-availability configuration. However, once

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Aruba’s User-Centric Network Architecture 13

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Reference Documents Aruba Reference ArchitecturesContacting Aruba Networks IntroductionTelephone Support Aruba’s User-Centric Network Architecture Understanding Centralized Wireless LAN NetworksCentralized Wlan Model Introducing Aruba’s User-Centric NetworkArubaOS ArubaOS and Mobility ControllerMobility Controller Access Point Multi-function Thin Access PointsAir Monitor Aruba’s Secure Enterprise Mesh Network Mesh Portal or Mesh PointRemote AP Mobility Management SystemMobility Management System Proof-of-Concept Network PoC Network Physical DesignVlan PoC Network Logical and RF DesignProof-of-Concept Network Proof-of-Concept Network Campus Wlan Validated Reference Design Aruba Campus Wlan Physical ArchitectureAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Understanding Master and Local Operation Mobility Controller Access Point DeploymentMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Use Special VLANs Do Not Make Aruba the Default RouterVlan Vlan PoolsVLANs 10, 20, 30 User Mobility and Mobility DomainsMD1 ArubaOS Mobility DomainMaster Controller Placement Mobility Controller Physical Placement and ConnectivityLocal Controller Placement AP Placement, Power, and ConnectivityMobility Controller and Thin AP Communication AP Location and Density Considerations AP Power and ConnectivityOffice Deployment Active Rfid Tag Deployment Voice DeploymentMobility Controller Configuration Configuration Profiles and AP GroupsConfiguration Profiles Required LicensesAP group Profile TypesAP Groups SSIDs, VLANs and Role DerivationProfile Planning VLANs SSIDsRole Derivation Secure Authentication MethodsAuthenticating with Corporate Authentication Methods for Legacy Devices Authenticating with Captive PortalEmployee Role Configuring Roles for Employee, Guest and Application UsersGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Role Variation by Authentication Method Wireless Intrusion Detection SystemWireless Attacks Rogue APs Page Mobility Controller Configuration RF Planning and Operation RF Plan ToolAdaptive Radio Management Page Minimum Scan Time Sec Quality of Service Voice over Wi-FiWMM and QoS Traffic Prioritization Voice Functionality and FeaturesNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi LAN / WAN Controller Clusters Mobility Management SystemMultiple Master/Local Clusters Page Multiple Master/Local Clusters Licenses Appendix aLicenses Wlan Extension with Remote AP Appendix BWlan Extension with Remote AP Alternative Deployment Architectures Small Network DeploymentMobility Controller located in the network data center Medium Network DeploymentBranch Office Deployment Corporate data center DMZ Pure Remote Access Deployment
Top Page Image Contents