Aruba Networks Version 3.3 manual SSIDs, VLANs and Role Derivation, AP Groups, Profile Planning

Page 39

AP Groups

An AP Group is a unique combination of Configuration Profiles. In general, all profiles are available to be assigned to an AP Group to create a complete configuration. This flexibility in configuration allows you to do arbitrary groupings of APs such as ‘All Lobby APs’ or ‘All APs in California’ with different configurations on each. Each AP Group must include a minimum number of profiles, in particular, a Virtual AP Profile.

 

It is important to note that each Access Point or Air Monitor can be a member of only a single AP

 

Group. You can not assign multiple AP Groups to the same AP. This restriction prevents the

N O T E

assignment of incompatible or conflicting Profiles.

Profile Planning

To effectively use the profile system takes some planning. Unlike most planning decisions in network designs, profile planning is not based on performance and scalability; it is based on creating a functional and flexible network design that can be logically understood. Ideally, this planning is part of the network planning.

While it is possible to simply place all of your equipment in default profiles and change the parameters to suit your needs, you will miss out on the power and flexibility of the system. To take full advantage of the system you must take into account the physical layout of your equipment, the technical management requirements, and the business practices and regulatory requirements specific to your organization.

Aruba recommends changing the following defaults:

zDefault AP-Group

zDefault Virtual-AP

zDefault SSID.

When an AP first boots, it is automatically made a member of the default AP-Group, which has open authentication by default. Aruba recommends changing the default to Air Monitor mode for new Access Points. This allows anyone who plugs an unauthorized Aruba AP into your network to simply add to your monitoring capabilities instead of creating a backdoor.

SSIDs, VLANs and Role Derivation

Each Aruba Access Point has the ability to appear to wireless users as multiple physical APs. Each of these ‘virtual APs’ has their own Basic Service Set Identifier (BSSID) that identifies the AP and the network name, or Service Set Identifier (SSID).

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Mobility Controller Configuration 39

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Introduction Aruba Reference ArchitecturesReference Documents Contacting Aruba NetworksTelephone Support Aruba’s User-Centric Network Architecture Understanding Centralized Wireless LAN NetworksCentralized Wlan Model Introducing Aruba’s User-Centric NetworkArubaOS ArubaOS and Mobility ControllerMobility Controller Multi-function Thin Access Points Access PointAir Monitor Aruba’s Secure Enterprise Mesh Network Mesh Portal or Mesh PointRemote AP Mobility Management SystemMobility Management System Proof-of-Concept Network PoC Network Physical DesignVlan PoC Network Logical and RF DesignProof-of-Concept Network Proof-of-Concept Network Campus Wlan Validated Reference Design Aruba Campus Wlan Physical ArchitectureAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Understanding Master and Local Operation Mobility Controller Access Point DeploymentMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Use Special VLANs Do Not Make Aruba the Default RouterVlan Vlan PoolsVLANs 10, 20, 30 User Mobility and Mobility DomainsMD1 ArubaOS Mobility DomainMaster Controller Placement Mobility Controller Physical Placement and ConnectivityAP Placement, Power, and Connectivity Local Controller PlacementMobility Controller and Thin AP Communication AP Power and Connectivity AP Location and Density ConsiderationsOffice Deployment Active Rfid Tag Deployment Voice DeploymentRequired Licenses Configuration Profiles and AP GroupsMobility Controller Configuration Configuration ProfilesAP group Profile TypesSSIDs, VLANs and Role Derivation AP GroupsProfile Planning VLANs SSIDsRole Derivation Secure Authentication MethodsAuthenticating with Corporate Authentication Methods for Legacy Devices Authenticating with Captive PortalEmployee Role Configuring Roles for Employee, Guest and Application UsersGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Intrusion Detection System Role Variation by Authentication MethodWireless Attacks Rogue APs Page Mobility Controller Configuration RF Planning and Operation RF Plan ToolAdaptive Radio Management Page Minimum Scan Time Sec Voice over Wi-Fi Quality of ServiceWMM and QoS Voice-Aware RF Management Voice Functionality and FeaturesTraffic Prioritization Network Wide QoSComprehensive Voice Management Voice over Wi-Fi LAN / WAN Controller Clusters Mobility Management SystemMultiple Master/Local Clusters Page Multiple Master/Local Clusters Licenses Appendix aLicenses Wlan Extension with Remote AP Appendix BWlan Extension with Remote AP Alternative Deployment Architectures Small Network DeploymentMobility Controller located in the network data center Medium Network DeploymentBranch Office Deployment Corporate data center DMZ Pure Remote Access Deployment
Top Page Image Contents