Aruba Networks Version 3.3 manual Create a bandwidth contract and apply it to an AP group

Page 47

Good guest policy as implemented by the stateful firewall should only allow the guest to access the local resources that are required for IP connectivity. These include DHCP and possibly DNS if an outside DNS server is not available. All other internal resources should be off limits for the guest. This is usually achieved by denying any internal address space to the guest user.

	No access
Access controlled	after hours
Access controlled

Additional policies should be put in place to limit the use of the network for guests. The first policy is a time-of-day restriction. The user should be limited to accessing the network during normal working hours as they should only be using the network while conducting official business. Accounts should be set to expire when their Local work is completed, typically at the end of each business day.

Mobility

controller

Data	Controlled
	data

A rate limit can be put on each guest user to keep the user from using up the limited wireless bandwidth. Employee users should always have first priority to the wireless medium for conducting company business. Remember to leave enough bandwidth to keep the system usable by guests. Aruba recommends a minimum of 10%. Guests can always burst when the medium is idle.

Create a time range:

time-range working-hours periodic weekday 07:30 to 17:00

Create a bandwidth contract and apply it to an AP group:

wlan traffic-management-profile "employee-guest-app" bw-alloc virtual-ap “corp-employee” share 45 bw-alloc virtual-ap "corp-app" share 45 bw-alloc virtual-ap "guest-net" share 10

ap-group "corp-aps" dot11a-traffic-mgmt-profile " employee-guest-app"

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Mobility Controller Configuration 47

Image 47

Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Introduction Aruba Reference ArchitecturesReference Documents Contacting Aruba NetworksTelephone Support Aruba’s User-Centric Network Architecture Understanding Centralized Wireless LAN NetworksCentralized Wlan Model Introducing Aruba’s User-Centric NetworkArubaOS ArubaOS and Mobility ControllerMobility Controller Air Monitor Multi-function Thin Access PointsAccess Point Aruba’s Secure Enterprise Mesh Network Mesh Portal or Mesh PointRemote AP Mobility Management SystemMobility Management System Proof-of-Concept Network PoC Network Physical DesignVlan PoC Network Logical and RF DesignProof-of-Concept Network Proof-of-Concept Network Campus Wlan Validated Reference Design Aruba Campus Wlan Physical ArchitectureAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Understanding Master and Local Operation Mobility Controller Access Point DeploymentMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Use Special VLANs Do Not Make Aruba the Default RouterVlan Vlan PoolsVLANs 10, 20, 30 User Mobility and Mobility DomainsMD1 ArubaOS Mobility DomainMaster Controller Placement Mobility Controller Physical Placement and ConnectivityMobility Controller and Thin AP Communication AP Placement, Power, and ConnectivityLocal Controller Placement Office Deployment AP Power and ConnectivityAP Location and Density Considerations Active Rfid Tag Deployment Voice DeploymentRequired Licenses Configuration Profiles and AP GroupsMobility Controller Configuration Configuration ProfilesAP group Profile TypesProfile Planning SSIDs, VLANs and Role DerivationAP Groups VLANs SSIDsRole Derivation Secure Authentication MethodsAuthenticating with Corporate Authentication Methods for Legacy Devices Authenticating with Captive PortalEmployee Role Configuring Roles for Employee, Guest and Application UsersGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Attacks Wireless Intrusion Detection SystemRole Variation by Authentication Method Rogue APs Page Mobility Controller Configuration RF Planning and Operation RF Plan ToolAdaptive Radio Management Page Minimum Scan Time Sec WMM and QoS Voice over Wi-FiQuality of Service Voice-Aware RF Management Voice Functionality and FeaturesTraffic Prioritization Network Wide QoSComprehensive Voice Management Voice over Wi-Fi LAN / WAN Controller Clusters Mobility Management SystemMultiple Master/Local Clusters Page Multiple Master/Local Clusters Licenses Appendix aLicenses Wlan Extension with Remote AP Appendix BWlan Extension with Remote AP Alternative Deployment Architectures Small Network DeploymentMobility Controller located in the network data center Medium Network DeploymentBranch Office Deployment Corporate data center DMZ Pure Remote Access Deployment