Product and Software: This article applies to all Aruba ECS appliances.
Isolation networks are special subnets that are created off of the ETH1 interface and used to isolate the station from accessing the production networks. ECS will be the DHCP and DNS server for station in the isolation networks.
The types isolation networks are:
- Registration: Used to force a station to register with ECS.
- Remediation: Used when a station failed the policy scanning.
- Authentication: If authentication is enabled on ECS, users will be forced to authenticate after a period of time. To authenticate, the users are forced into the Authentication VLAN, where they will be presented with an authentication prompt (Persistent agent) or a web page (Dissolvable /Run-Once agent), at which time the users will enter their credentials and when authenticated, be put back into production.
- Dead end: Station is places into the dead end VLAN when the administrator disables the client.
- Share media: Any shared media devices (hubs, non-switching APs) would live and breathe on this VLAN. Using dhcp scopes we would control their network access. It has two scopes: authenticated and non-authenticated. When we first see a client on this VLAN, we give them a non-authenticated IP address. When they get registered and pass scans, they get an authenticated address
- VPN: Like the shared media VLAN, but used for VPN-connected clients.