01-04-2012 12:29 PM
I want to trial Amigopod for NAC functions. I have been told so far that I need to place it in between my Cisco WLCs and the DHCP server, requiring ALL of my traffic to traverse the Aruba controller. I hesitate to do this because my DHCP is also my DNS server, and I don't want to get in the way of DNS traffic.
Can the system be set up so that the DHCP helper address points to the Amigopod, which then proxies for the server, so that only DHCP traffic has to go through the Amigopod?
01-04-2012 02:53 PM
I think there are two different designs concerns being addressed here.
Amigopod is never inline and integrates with either a Cisco or an Aruba controller using RADIUS and th external Captive Portal (Web Authentication) configurations on the controllers.
The Aruba controllers provide the ability to peform inline device fingerprinting by inspecting the DHCP traffic sent from connecting clients to perform role derivation. This allows the network administrator to place each class of device into a different stateful firewall ruleset and provide differentiated access to network resources based on the type of device a user is connecting with.
If the later is the case then the Aruba controller will need to be inline either by terminating Aruba AP's or as a bump in the wire to an existing access network.