<<Still missing Rajeev ’s info for final sub-bullet>> This webinar addresses the Fixed Telecommuter. Road Warrior and Day Extender scenarios will be the focus of future webinars.
<<I have additional graphics if needed for Field-Based and Financial traders>>
In this application, an Aruba wired or wireless Access Point (AP) with a Remote AP (RAP) license is deployed at the remote site and plugged directly into the LAN side of a router connected to a Digital Subscriber Line (DSL) or cable modem. 3G wireless USB sticks are also supported for wide-area backhaul on certain Aruba AP models. Wireless devices are offered the same SSIDs with the same security features available at the organization ’s offices. Any wired client devices at the home can be connected directly to the secure jack of the AP or to a layer-2 hub which is uplinked to the secure jack. The AP sends all traffic back to an Aruba controller appliance in the DMZ using encrypted GRE tunnels, where roles are derived and separate security policies applied to each connected device. Unauthorized devices can be blacklisted entirely.
As depicted in the diagram, users will associate to the Access Point and authenticate with the RADIUS server that already exists in the network. Employee users will use the Employee SSID, while guests will use the Guest SSID and have their traffic sent directly to the Internet via split tunnel. Voice and data devices will associate to the Voice SSID, and will be given a role based on the network services they are capable of accessing. Each user and device has a specific role and associated policy enforced by the stateful firewall in the Mobility Controller. The Employee user now has full access to all resources within the network and the internet. Guest users are only permitted to access the Internet using specific protocols such as HTTP and HTTPS. Application devices are only able to access related application servers; for example, a phone running SIP can only access the SIP server to make calls. Users are only able to access those resources they have permissions for, and only after they have successfully authenticated to the network.
To build this Aruba Validated Reference Design as depicted on page __, the following licenses are required on each of the Local Controllers, assuming that there are a total of 512 Aruba Remote APs being managed, with an MMC-6000 Multiservice Mobility Controller acting as a backup to a second MMC-6000: LIC-512-AP Access Point License (512 Access Point License) LIC-WIP-512 Wireless Intrusion Protection Module License (512 AP Support) LIC-PEF-512 Policy Enforcement Firewall Module License (512 Users) LIC-512-RAP Remote Access Point License (512 Remote Access Points)
Remote Access for Fixed Telecommuters Validated Reference Design 3.3