Employee Role | Aruba Networks Version 3.3 manual

Configuring Roles for Employee, Guest and Application Users

The Aruba system is unique; it combines user-based security as a part of the WLAN model. When a user is authenticated, using one of the methods discussed in the previous section, a role is applied to the user that is enforced via the firewall and the defined policies for that user.

Employee Role

Users who are company employees can be granted a role based on their specific job function, or simply be given a universal ‘employee role’. Additional granularity can be applied, such as permitting a user in engineering to access the engineering subnets but not the finance or accounting servers.

In smaller organizations, users will most likely be placed in a single user subnet that has access to all internal and external resources.

Data center

Master

Internet

File

Web

PBX RADIUS

Employee

VLAN

Employee		Guest
SSID	Application	SSID
	SSID

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Mobility Controller Configuration 45

Image 45

Aruba Networks Version 3.3 manual Configuring Roles for Employee, Guest and Application Users, Employee Role

Contents

Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Reference Documents Aruba Reference ArchitecturesContacting Aruba Networks Introduction Telephone Support Aruba’s User-Centric Network Architecture Understanding Centralized Wireless LAN Networks Centralized Wlan Model Introducing Aruba’s User-Centric Network ArubaOS ArubaOS and Mobility Controller Mobility Controller Multi-function Thin Access Points Access PointAir Monitor Aruba’s Secure Enterprise Mesh Network Mesh Portal or Mesh Point Remote AP Mobility Management System Mobility Management System Proof-of-Concept Network PoC Network Physical Design Vlan PoC Network Logical and RF Design Proof-of-Concept Network Proof-of-Concept Network Campus Wlan Validated Reference Design Aruba Campus Wlan Physical Architecture Aruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Understanding Master and Local Operation Mobility Controller Access Point Deployment Mobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Use Special VLANs Do Not Make Aruba the Default Router Vlan Vlan Pools VLANs 10, 20, 30 User Mobility and Mobility Domains MD1 ArubaOS Mobility Domain Master Controller Placement Mobility Controller Physical Placement and Connectivity AP Placement, Power, and Connectivity Local Controller PlacementMobility Controller and Thin AP Communication AP Power and Connectivity AP Location and Density ConsiderationsOffice Deployment Active Rfid Tag Deployment Voice Deployment Mobility Controller Configuration Configuration Profiles and AP GroupsConfiguration Profiles Required Licenses AP group Profile Types SSIDs, VLANs and Role Derivation AP GroupsProfile Planning VLANs SSIDs Role Derivation Secure Authentication Methods Authenticating with Corporate Authentication Methods for Legacy Devices Authenticating with Captive Portal Employee Role Configuring Roles for Employee, Guest and Application Users Guest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Intrusion Detection System Role Variation by Authentication MethodWireless Attacks Rogue APs Page Mobility Controller Configuration RF Planning and Operation RF Plan Tool Adaptive Radio Management Page Minimum Scan Time Sec Voice over Wi-Fi Quality of ServiceWMM and QoS Traffic Prioritization Voice Functionality and FeaturesNetwork Wide QoS Voice-Aware RF Management Comprehensive Voice Management Voice over Wi-Fi LAN / WAN Controller Clusters Mobility Management System Multiple Master/Local Clusters Page Multiple Master/Local Clusters Licenses Appendix a Licenses Wlan Extension with Remote AP Appendix B Wlan Extension with Remote AP Alternative Deployment Architectures Small Network Deployment Mobility Controller located in the network data center Medium Network Deployment Branch Office Deployment Corporate data center DMZ Pure Remote Access Deployment