SSIDs
SSIDs appear as the name of the network displayed in the ‘Available Wireless Networks’ screen on a wireless client. While many APs in the same network will share the same SSID, each will have a unique BSSID. This feature is often used to let users know which SSID they should attempt to associate to, and to provide different levels of security to each of the SSIDs, such as WPA, WPA2, and Captive Portal. Clients typically make roaming decisions based on the received signal strength of the audible BSSIDs they can hear.
Employee | Guest | |
SSID | ||
SSID | ||
| ||
| Application SSID |
arun_055
The diagram above shows the most common SSID design for enterprise organizations that includes three different SSIDs. A strong authentication and encryption suite is used for employee users, in this case WPA2 - Enterprise. The network administrator might choose a name something like ‘Acme Corp Employee’ for this SSID.
The second SSID is used for specific devices which are not capable of modern high authentication and encryption levels. As of this writing, common examples includes the following devices:
zPortable barcode scanners
zActive RFID tags
zAll but the latest WiFi phones
zIP video cameras
In this case, the Mobility Controller uses an SSID such as ‘Acme
The final SSID is used to provide guest access to the network. This SSID will not run any encryption and will require guests to authenticate using the Captive Portal capability that is built into the Aruba Mobility Controller. The guest users can authenticate against a centralized authentication server or the
VLANs
At the controller, users who successfully authenticates via an Aruba AP into any of these three SSIDs are treated very differently in the Role Derivation process according to the Configuration Profiles in the AP Group assigned to that AP. The Employee user is most likely placed on a VLAN with access to internal network resources, although this can be further refined with sophisticated ACLs applied on a
40 Mobility Controller Configuration | Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide |