Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎02-01-2017

Design Challenge!

Design Challenge!
The network setup has Cisco switches, Aruba Wireless Controller and ClearPass.
One of our University customers has apartments for employees/staff and their families.
Requirements:
1-Staff and their families require wireless connection in their apartments.
2-Staff should have same access privileges as if they are working in their offices.
3-Family members should have wireless access to access internet services only.
4-Smart devices (smart TV, Xbox …) should connect to the network through wireless or wired and accessible by both family members and staff.
Proposed solution:
• Create new 802.1x SSID with different roles for family members and staff.
• Uncheck deny inter-user traffic so they can access the smart devices on the same vlan.
• Connect the smart devices (mac-authentication) to different SSID but same vlan as the one used by the family and staff.
Challenges:
• Staff and their families will have access to all the smart devices inside the building not only their own devices unless different vlans are configured for each and every apartment(not recommended for management point of view)
• Enabling inter-user traffic may affect the overall performance of the connection since smart devices,staff and families are connected to the same network.

What would be a best practice design based on above?

Many thanks,

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Design Challenge!

You can leverage AirGroup with ClearPass so when the user’s register their headless devices, they permit discovery of the devices to either certain APs, ap groups, roles or individuals.

Another alternative would be to drop each family into their own VLAN.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎02-01-2017

Re: Design Challenge!

Thanks ... Will AirGroup work with non Apple devices such as Xbox, Smart TV ... Etc.

Kind regards,
Yazeed
Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Design Challenge!

Yes, it uses mDNS and SSDP (DLNA). It is not designed just for Apple.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 387
Registered: ‎09-05-2012

Re: Design Challenge!

Do any good documents describing AirGroup exist?


#AirheadsMobile
Super Contributor II
Posts: 387
Registered: ‎09-05-2012

Re: Design Challenge!

Do any good documents describing AirGroup exist?


#AirheadsMobile
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Design Challenge!

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/AirGroup/Introducing_Aruba_AirGroup.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Design Challenge!

There will be a TechNote on Device Registration later this year that will cover AirGroup.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎02-01-2017

Re: Design Challenge!

Thanks a lot
What about wired smart device how it will work ? Would hospitality models help ?

Kind regards,
Yazeed
Occasional Contributor II
Posts: 19
Registered: ‎04-09-2017

Re: Design Challenge!

[ Edited ]
 
Search Airheads
Showing results for 
Search instead for 
Did you mean: