Aruba Networks Version 3.3 manual Introducing Aruba’s User-Centric Network, Centralized Wlan Model

Page 8

Introducing Aruba’s User-Centric Network

In recent years, controller-based wireless switch architectures have been widely adopted to overcome the limitations of the autonomous AP. The Aruba centralized WLAN model shown below represents a structured model for WLAN deployment and ongoing management using a holistic approach to build enterprise WLANs that support user mobility without sacrificing security, manageability and scalability.

The Aruba User-Centric Network is an “overlay” network consisting of a centralized Mobility Controller and thin APs that work together over an existing high-speed network. Most enterprise networks have been engineered for high performance and high reliability, therefore, deploying the Aruba User-Centric Network as an overlay will not adversely affect the investment and reliability of the existing network.

With this approach, a centralized appliance controls hundreds or thousands of network-attached radios in a secure, reliable manner. This model represents a unified mobility solution integrating user mobility, identity based security, remote access, and enterprise fixed mobile convergence (eFMC) solutions.

Centralized WLAN Model

	Client
	termination		Mobility
	point	Thin AP	Mobility
	point	Thin AP	controller

Encryption

Tunnel

In this system, the intelligence that once resided in autonomous APs is now integrated into a centralized WLAN Mobility Controller designed for high-performance 802.11 packet processing, mobility and security management. These controllers are typically deployed in secured data center environment or distribution closets with redundant power and connectivity. APs are simplified and become network- attached radios that perform only transceiver and air monitoring functions. These access points are commonly referred to as “thin” APs. Connected to the Mobility Controller directly or over a layer 2/3 network by encrypted tunnels, they become extended access ports on the Mobility Controller directing user traffic to the controller for processing; while providing visibility and control of the RF environment to protect against intrusions (such as unauthorized users or rogue APs).

8 Aruba’s User-Centric Network Architecture

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Image 8

Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Aruba Reference Architectures Reference DocumentsContacting Aruba Networks IntroductionTelephone Support Understanding Centralized Wireless LAN Networks Aruba’s User-Centric Network ArchitectureIntroducing Aruba’s User-Centric Network Centralized Wlan ModelArubaOS and Mobility Controller ArubaOSMobility Controller Air Monitor Multi-function Thin Access PointsAccess Point Mesh Portal or Mesh Point Aruba’s Secure Enterprise Mesh NetworkMobility Management System Remote APMobility Management System PoC Network Physical Design Proof-of-Concept NetworkPoC Network Logical and RF Design VlanProof-of-Concept Network Proof-of-Concept Network Aruba Campus Wlan Physical Architecture Campus Wlan Validated Reference DesignAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Mobility Controller Access Point Deployment Understanding Master and Local OperationMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Make Aruba the Default Router Do Not Use Special VLANsVlan Pools VlanUser Mobility and Mobility Domains VLANs 10, 20, 30ArubaOS Mobility Domain MD1Mobility Controller Physical Placement and Connectivity Master Controller PlacementMobility Controller and Thin AP Communication AP Placement, Power, and ConnectivityLocal Controller Placement Office Deployment AP Power and ConnectivityAP Location and Density Considerations Voice Deployment Active Rfid Tag DeploymentConfiguration Profiles and AP Groups Mobility Controller ConfigurationConfiguration Profiles Required LicensesProfile Types AP groupProfile Planning SSIDs, VLANs and Role DerivationAP Groups SSIDs VLANsSecure Authentication Methods Role DerivationAuthenticating with Corporate Authenticating with Captive Portal Authentication Methods for Legacy DevicesConfiguring Roles for Employee, Guest and Application Users Employee RoleGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Attacks Wireless Intrusion Detection SystemRole Variation by Authentication Method Rogue APs Page Mobility Controller Configuration RF Plan Tool RF Planning and OperationAdaptive Radio Management Page Minimum Scan Time Sec WMM and QoS Voice over Wi-FiQuality of Service Voice Functionality and Features Traffic PrioritizationNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi Controller Clusters Mobility Management System LAN / WANMultiple Master/Local Clusters Page Multiple Master/Local Clusters Appendix a LicensesLicenses Appendix B Wlan Extension with Remote APWlan Extension with Remote AP Small Network Deployment Alternative Deployment ArchitecturesMedium Network Deployment Mobility Controller located in the network data centerBranch Office Deployment Corporate data center Pure Remote Access Deployment DMZ