Phase I: IAP (Instant AP) - a controllerless WLAN solution:
To configure additional Aruba Instant APs, simply connect and power them up. The first configured AP automatically becomes a primary Aruba Instant Virtual Controller and configures all the other APs.
Offering over-the-air provisioning, there’s no need to modify an IP address to configure Aruba Instant. Just power up and connect an Aruba Instant AP to the LAN, and open a PC browser to automatically access the Aruba Instant user interface login page.
* Fully distributed architecture:
In the event of a primary Virtual Controller failure, another Aruba Instant AP automatically takes on the role with no disruption. The primary Virtual Controller operates like any other Aruba Instant AP with full WLAN functionality
The Aruba Instant product family consists in this case IAP-135.
The IAP-135 maximize mobile device performance in the most extreme high-density Wi-Fi client environments.
Aruba Instant is the only wireless networking solution to combine high-end enterprise WLAN capabilities with affordability and unmatched configuration simplicity. It requires no ongoing service fees, no additional license fees, no management appliances and no external controller.
** Adaptive Radio Management:
Aruba’s signature Adaptive Radio Management (ARM) technology automatically manages the WLAN’s 2.4-GHz and 5-GHz radio bands to optimize Wi-Fi client performance and mitigate RF interference. It also ensures that each Aruba Instant AP uses the optimal channel- and transmit-power for its RF environment.
ARM™ additionally offers priority traffic handling, channel load-balancing, band steering, airtime fairness and other quality-of-service (QoS) controls to ensure that the available Wi-Fi bandwidth is fairly distributed to all mobile devices on the WLAN.
*** Virtual Controller Technology
The Aruba Instant Virtual Controller technology provides security, consistently high performance, scalability, and other enterprise-class network access services without requiring a dedicated controller.
Utilizing an adaptive, self-organizing wireless grouping, the Virtual Controller technology supports multiple Aruba Instant APs across wired LANs and over the air through the mesh, enabling the WLAN to scale effortlessly.
Aruba Virtual Controller technology centralizes the functionality needed to configure and manage the Aruba Instant network. Aruba Virtual Controller technology delivers a wide range of enterprise-class WLAN capabilities required by enterprises that have multiple remote locations:
a. Reliability
b. Mobility
c. Guest Access
d. Scalibility
e. Cloud-based firmware server
f. Built-in migration path
**** Instant Security:
1.Authentication & Encryption:
Aruba Instant supports over-the-air authentication using pre-shared keys or 802.1X, which uses WPA2 for strong security and an internal or external RADIUS server.
Each Aruba Instant AP has an instance of a free RADIUS server that maintains a distributed database of up to 256 users. When using internal RADIUS for 802.1X authentication, customers can load certificates and terminate EAP-PEAP, EAP-TTLS and LEAP.
2.Integrated Firewall:
The Aruba Instant integrated firewall inspects traffic from each user session and allows or denies that traffic before it traverses the wired and wireless network. The firewall monitors all data entering or leaving the network, blocks data that does not satisfy specified security policies, and prevents unauthorized users from accessing the enterprise network.
3.Traffic Separation:
Aruba Instant supports up to six SSIDs per Virtual Controller, which gives enterprise organizations the flexibility to separate WLAN traffic based on user role and traffic type. For example, school district employees can be assigned to one SSID, students to another, and guests to a third.
4.WIPS (Wireless Intrusion Prevention):
Aruba Instant includes a wireless intrusion protection system that safeguards the network from unauthorized or rogue APs and clients, and other devices that can potentially harm network operations.
The wireless intrusion protection capability also logs information about unauthorized APs and clients, and generates reports, making Aruba Instant fully PCI compliant. To prevent malicious APs from associating with network, administrators can turn on rogue AP prevention and disable the auto-join function, which ensures that only authorized Aruba Instant APs are allowed to connect.
5.Content filtering:
With an OpenDNS service subscription, Aruba Instant delivers integrated web filtering, malware and botnet protection to every device connected to the WLAN.
With content filtering, administrators can create Internet access policies that allow or deny user access to web sites based on categories and security ratings. Content filtering also prevents known malware hosts from accessing the WLAN, reduces bandwidth consumption and improves employee productivity by limiting access to certain web sites.
6.Operation System Fringerprinting:
The OS fingerprinting feature gathers information about each client connected to an Aruba Instant WLAN to determine what OS the client is running. This information enables IT to identify rogue clients, including clients running an OS not allowed on the company network, as well as clients with an outdated OS.
Phase II: - a controller managed WLAN solution:
Details will follow.
======================================================================
My Special Thanks for providing the Aruba WLAN kit go to:
Keerti Melkote
Chief Technology Officer of Aruba Networks
Paul van der Wilk
Country Manager Belgium Netherlands and Luxemburg at Aruba Networks
Herman Robers
Systems Engineer Benelux at Aruba Networks
Gert de Wever
Senior Systems Engineer at Aruba Networks
No comments:
Post a Comment