Aruba Networks Version 3.3 manual Create the block-internal-access policy

Page 48

Create aliases:

netdestination “Internal-Network” network 10.0.0.0 255.0.0.0 network 172.16.0.0 255.255.0.0 network 192.168.0.0 255.255.0.0

netdestination “Public-DNS” host 64.151.103.120 host 216.87.84.209

Create the guest-logon-access policy:

ip access-list session guest-logon-access user any udp 68 deny

user any svc-dhcp permit time-range working-hours

user alias “Public-DNS" svc-dns src-nat pool dynamic-srcnat time- range working hours

Create the auth-guest-access policy:

ip access-list session auth-guest-access user any udp 68 deny

user any svc-dhcp permit time-range working-hours

user alias “Public-DNS” svc-dns src-nat time-range working-hours user any svc-http src-nat pool dynamic-srcnat time-range working- hours

user any svc-https src-nat pool dynamic-srcnat time-range working-hours

Create the block-internal-access policy:

ip access-list session block-internal-access user alias “Internal-Network” any deny

Create the drop-and-log policy:

ip access-list session drop-and-log user any any deny log

Create the guest-logon role:

user-role guest-logon

session-acl captiveportal position 1 session-acl guest-logon-access position 2 session-acl block-internal-access position 3

48 Mobility Controller Configuration

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Image 48
Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Aruba Reference Architectures Reference DocumentsContacting Aruba Networks IntroductionTelephone Support Understanding Centralized Wireless LAN Networks Aruba’s User-Centric Network ArchitectureIntroducing Aruba’s User-Centric Network Centralized Wlan ModelArubaOS and Mobility Controller ArubaOSMobility Controller Multi-function Thin Access Points Access PointAir Monitor Mesh Portal or Mesh Point Aruba’s Secure Enterprise Mesh NetworkMobility Management System Remote APMobility Management System PoC Network Physical Design Proof-of-Concept NetworkPoC Network Logical and RF Design VlanProof-of-Concept Network Proof-of-Concept Network Aruba Campus Wlan Physical Architecture Campus Wlan Validated Reference DesignAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Mobility Controller Access Point Deployment Understanding Master and Local OperationMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Make Aruba the Default Router Do Not Use Special VLANsVlan Pools VlanUser Mobility and Mobility Domains VLANs 10, 20, 30ArubaOS Mobility Domain MD1Mobility Controller Physical Placement and Connectivity Master Controller PlacementAP Placement, Power, and Connectivity Local Controller PlacementMobility Controller and Thin AP Communication AP Power and Connectivity AP Location and Density ConsiderationsOffice Deployment Voice Deployment Active Rfid Tag DeploymentConfiguration Profiles and AP Groups Mobility Controller ConfigurationConfiguration Profiles Required LicensesProfile Types AP groupSSIDs, VLANs and Role Derivation AP GroupsProfile Planning SSIDs VLANsSecure Authentication Methods Role DerivationAuthenticating with Corporate Authenticating with Captive Portal Authentication Methods for Legacy DevicesConfiguring Roles for Employee, Guest and Application Users Employee RoleGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Intrusion Detection System Role Variation by Authentication MethodWireless Attacks Rogue APs Page Mobility Controller Configuration RF Plan Tool RF Planning and OperationAdaptive Radio Management Page Minimum Scan Time Sec Voice over Wi-Fi Quality of ServiceWMM and QoS Voice Functionality and Features Traffic PrioritizationNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi Controller Clusters Mobility Management System LAN / WANMultiple Master/Local Clusters Page Multiple Master/Local Clusters Appendix a LicensesLicenses Appendix B Wlan Extension with Remote APWlan Extension with Remote AP Small Network Deployment Alternative Deployment ArchitecturesMedium Network Deployment Mobility Controller located in the network data centerBranch Office Deployment Corporate data center Pure Remote Access Deployment DMZ