Aruba Networks Version 3.3 manual Aruba Campus Wlan Logical Architecture

Page 20

zAir Monitors – AMs are deployed at a ratio of one AM for every four APs deployed. These handle many of the IDS related duties for the network, and will assist in drawing accurate heat maps displaying graphical RF data. Aruba considers dedicated Air Monitors to be a security best practice because they provide full time surveillance of the air.

	Data center
Master	File
Master	Web
active	Master
	Master
	standby
	PBX
	RADIUS

Internet

Local

Local

Air monitor

Aruba Campus WLAN Logical Architecture

From a logical perspective, the VRD overlay introduces three new terms into the familiar “core/ distribution/access” framework. They are “Management,” “Aggregation” and "Wireless Access.”

zManagement

The Management layer provides a distributed control plane for the Aruba User-Centric Network that spans the physical geography of the wired network. Critical functions provided by the Management Layer Mobility Controllers include L3 client mobility across Aggregation layer controllers, and failover redundancy. Typically, larger networks, such as campus systems also off load ARM and IDS processing from the Aggregation Layer to the Management Layer.

zAggregation

The Aggregation layer is the interconnect point where wireless traffic is aggregated and enters or exits the wired network. Secure encrypted GRE tunnels from APs at the Wireless Access layer terminate on controllers at the Aggregation layer. This provides a logical point for enforcement of roles and policies, and is where the ArubaOS creates the User-Centric Network Experience.

20 Campus WLAN Validated Reference Design

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Image 20

Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Aruba Reference Architectures Reference DocumentsContacting Aruba Networks IntroductionTelephone Support Understanding Centralized Wireless LAN Networks Aruba’s User-Centric Network ArchitectureIntroducing Aruba’s User-Centric Network Centralized Wlan ModelArubaOS and Mobility Controller ArubaOSMobility Controller Air Monitor Multi-function Thin Access PointsAccess Point Mesh Portal or Mesh Point Aruba’s Secure Enterprise Mesh NetworkMobility Management System Remote APMobility Management System PoC Network Physical Design Proof-of-Concept NetworkPoC Network Logical and RF Design VlanProof-of-Concept Network Proof-of-Concept Network Aruba Campus Wlan Physical Architecture Campus Wlan Validated Reference DesignAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Mobility Controller Access Point Deployment Understanding Master and Local OperationMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Make Aruba the Default Router Do Not Use Special VLANsVlan Pools VlanUser Mobility and Mobility Domains VLANs 10, 20, 30ArubaOS Mobility Domain MD1Mobility Controller Physical Placement and Connectivity Master Controller PlacementMobility Controller and Thin AP Communication AP Placement, Power, and ConnectivityLocal Controller Placement Office Deployment AP Power and ConnectivityAP Location and Density Considerations Voice Deployment Active Rfid Tag DeploymentConfiguration Profiles and AP Groups Mobility Controller ConfigurationConfiguration Profiles Required LicensesProfile Types AP groupProfile Planning SSIDs, VLANs and Role DerivationAP Groups SSIDs VLANsSecure Authentication Methods Role DerivationAuthenticating with Corporate Authenticating with Captive Portal Authentication Methods for Legacy DevicesConfiguring Roles for Employee, Guest and Application Users Employee RoleGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Attacks Wireless Intrusion Detection SystemRole Variation by Authentication Method Rogue APs Page Mobility Controller Configuration RF Plan Tool RF Planning and OperationAdaptive Radio Management Page Minimum Scan Time Sec WMM and QoS Voice over Wi-FiQuality of Service Voice Functionality and Features Traffic PrioritizationNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi Controller Clusters Mobility Management System LAN / WANMultiple Master/Local Clusters Page Multiple Master/Local Clusters Appendix a LicensesLicenses Appendix B Wlan Extension with Remote APWlan Extension with Remote AP Small Network Deployment Alternative Deployment ArchitecturesMedium Network Deployment Mobility Controller located in the network data centerBranch Office Deployment Corporate data center Pure Remote Access Deployment DMZ