Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Give Device Priority Access

This thread has been viewed 0 times

  • 1.  Give Device Priority Access

    Posted Apr 21, 2015 03:35 PM

    So, I have a group of access points that need to have one particular device get priority over any other device that may be connected. The reason for this, is that this particular device will be live streaming events and I can't have things get flaky.

     

    Any suggestions for the best way to do this?

     

    Thanks.



  • 2.  RE: Give Device Priority Access

    EMPLOYEE
    Posted Apr 21, 2015 03:38 PM
    You'd want to prioritize the traffic using a firewall policy in the user role.


    Thanks,
    Tim


  • 3.  RE: Give Device Priority Access

    Posted Apr 21, 2015 04:01 PM

    Thanks for the answer.

     

    I don't suppose you have a link to some good information on how to prioritize that traffic?



  • 4.  RE: Give Device Priority Access

    EMPLOYEE
    Posted Apr 21, 2015 04:15 PM

    I'd start with the User Guide and the CLI Reference Guide.

     



  • 5.  RE: Give Device Priority Access

    Posted Apr 21, 2015 04:44 PM

    The user guide is not at all helpful in understanding what needs to be done in this situation.



  • 6.  RE: Give Device Priority Access

    EMPLOYEE
    Posted Apr 21, 2015 05:44 PM

    chrisbrizzell,

     

    What device and what application?  Does the device authenticate so that we can identify it and give it a better role?  Does the application use ports so that we can write a firewall policy and apply it?  Is there anything that you can give us about this device to give us an idea where we would start?

     



  • 7.  RE: Give Device Priority Access

    Posted Apr 22, 2015 02:03 PM

    Colin - thank you.

    These are two laptops. Whether they are streaming video live, or doing something else, I would like them to have priority over any other device on this particular set of APs.

     

    It's not as simple as just setting up generic QoS, because I don't want all video(or voice) traffic to have priority.

     

    Thanks.



  • 8.  RE: Give Device Priority Access

    EMPLOYEE
    Posted Apr 22, 2015 02:08 PM

    Can you define the specific video server that these laptops will be going to? As in, are there specific IP addresses for the video server(s). If so, you could add ACLs to a user role (use derivation rules so that these two laptops get that specific role) to prioritize traffic to those IP addresses.

     



  • 9.  RE: Give Device Priority Access

    Posted Apr 22, 2015 02:35 PM

    I suppose using derivation rules I could make sure those laptops get into specific roles, and also that anyone else connecting to these specific APs get put into a "lesser" role.

     

    So now the question becomes -what is the best way to force re-authentication when users connect to one of these access points?



  • 10.  RE: Give Device Priority Access

    EMPLOYEE
    Posted Apr 22, 2015 02:44 PM

    By default, the allowall ACL sets IPv4 and IPv6 traffic to Low Queue.

     

    According to the 6.4 User Guide, page 367:

     

    Queue (optional)
    The queue in which a packet matching this rule should be placed.
    Select High for higher priority data, such as voice, and Low for lower priority traffic.

     

    So, just set the laptops role with an ACL pointing to those video servers with the Queue set to High. Unless you want to throttle the other users in that area.

     



  • 11.  RE: Give Device Priority Access

    Posted Apr 22, 2015 02:54 PM

    I may also throttle the other users.

     

    Thanks.



  • 12.  RE: Give Device Priority Access

    EMPLOYEE
    Posted Apr 22, 2015 03:05 PM

    In that case you may have to put those APs in a different AP Group. Then use a different AAA profile so that they get limited roles by default.