Aruba Networks Version 3.3 manual Required Licenses, Configuration Profiles and AP Groups

Page 37

Chapter 6

Mobility Controller

Configuration

Once the hardware has been deployed there are several design decisions required to build out a working production network. This includes VLAN and IP network design, as well as the loop back IP address selection and spanning tree usage. Many of the decisions will logically follow from where the network architect chooses to place the AP and controller in relation to one another.

Other items needing additional planning are:

zConfiguration Profiles and AP Groups

zService Set Identifier (SSID) selection

zAuthentication and encryption methods

This chapter will provide a brief introduction of these topics with additional detail provided later in the document.

Required Licenses

To build this Aruba Validated Reference Design for a large Campus as described in Chapter 4 on page 19, the following licenses are required on the Local Controllers, assuming an MMC-6000 Multiservice Mobility Controller is acting as a backup to a second MMC-6000:

zLIC-512-AP Access Point License (512 Access Point License)

zLIC-WIP-512 Wireless Intrusion Protection Module License (512 AP Support)

zLIC-PEF-8192 Policy Enforcement Firewall Module License (8192 Users)

zLIC-VOC-8192 Voice Services Module License (8192 Users)

The following licenses should be applied to the Master Controllers assuming a MMC-3600 controller with no APs terminating and not acting as a backup for any active controller:

zLIC-8-AP Access Point License (8 Access Point License)

zLIC-WIP-8 Wireless Intrusion Protection Module License (8 AP Support)

zLIC-PEF-128 Policy Enforcement Firewall Module License (128 Users)

zLIC-VOC-128 Voice Services Module License (128 Users)

Configuration Profiles and AP Groups

Configuration profiles and AP Groups work together to provide an abstraction layer between the physical settings of the system, and the conceptual goals of the network architect. This abstraction feature provides the Aruba administrator with the benefits of reusable groups of settings (called ‘profiles’) that can be applied in a mix-and-match fashion with extremely fine granularity.

Configuration Profiles

Configuration Profiles allow different aspects of the Aruba system to be grouped into different configuration ‘sets’. Each profile is essentially a container, and the container creates a particular configuration based on settings within the container. SSID Profiles, Radio Profiles and AAA Profiles are just some of the available choices; and each one includes a number of parameters that can be adjusted to meet the needs of the design. Multiple versions of the same profile can be created and given different

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Mobility Controller Configuration 37

Page 36 Page 38
Image 37
Page 36 Page 38
Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Reference Documents Aruba Reference ArchitecturesContacting Aruba Networks IntroductionTelephone Support Aruba’s User-Centric Network Architecture Understanding Centralized Wireless LAN NetworksCentralized Wlan Model Introducing Aruba’s User-Centric NetworkArubaOS ArubaOS and Mobility ControllerMobility Controller Access Point Multi-function Thin Access PointsAir Monitor Aruba’s Secure Enterprise Mesh Network Mesh Portal or Mesh PointRemote AP Mobility Management SystemMobility Management System Proof-of-Concept Network PoC Network Physical DesignVlan PoC Network Logical and RF DesignProof-of-Concept Network Proof-of-Concept Network Campus Wlan Validated Reference Design Aruba Campus Wlan Physical ArchitectureAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Understanding Master and Local Operation Mobility Controller Access Point DeploymentMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Use Special VLANs Do Not Make Aruba the Default RouterVlan Vlan PoolsVLANs 10, 20, 30 User Mobility and Mobility DomainsMD1 ArubaOS Mobility DomainMaster Controller Placement Mobility Controller Physical Placement and ConnectivityLocal Controller Placement AP Placement, Power, and ConnectivityMobility Controller and Thin AP Communication AP Location and Density Considerations AP Power and ConnectivityOffice Deployment Active Rfid Tag Deployment Voice DeploymentMobility Controller Configuration Configuration Profiles and AP GroupsConfiguration Profiles Required LicensesAP group Profile TypesAP Groups SSIDs, VLANs and Role DerivationProfile Planning VLANs SSIDsRole Derivation Secure Authentication MethodsAuthenticating with Corporate Authentication Methods for Legacy Devices Authenticating with Captive PortalEmployee Role Configuring Roles for Employee, Guest and Application UsersGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Role Variation by Authentication Method Wireless Intrusion Detection SystemWireless Attacks Rogue APs Page Mobility Controller Configuration RF Planning and Operation RF Plan ToolAdaptive Radio Management Page Minimum Scan Time Sec Quality of Service Voice over Wi-FiWMM and QoS Traffic Prioritization Voice Functionality and FeaturesNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi LAN / WAN Controller Clusters Mobility Management SystemMultiple Master/Local Clusters Page Multiple Master/Local Clusters Licenses Appendix aLicenses Wlan Extension with Remote AP Appendix BWlan Extension with Remote AP Alternative Deployment Architectures Small Network DeploymentMobility Controller located in the network data center Medium Network DeploymentBranch Office Deployment Corporate data center DMZ Pure Remote Access Deployment
Top Page Image Contents