In this presentation, we will discuss how branch controllers work and run through different deployments examples in 6.x and 8.x.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Manage-Devices-at-Branch/td-p/351983
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Aruba Central user may need a centralized web-server to host captive portal page for their distributed networks across the globe like coffee shops, restaurant or hotels. Aruba central 2.0 has a new feature called Cloud Guest or Guest Management that allows administrator to create a splash page for guest users using Web server and radius server running in the cloud.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Airheads-Tech-Talks-Cloud-Guest-SSID-on-Aruba-Central/td-p/524320
In this presentation, we will run through different API types and cases: configuration APIs (REST API), context APIs (NBAPIs), SDN APIs and explain how to make API calls via CLI. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Configuring-different-APIs-in/td-p/312011
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Security is always a top-of-mind issue for WLAN deployments, no matter what business you're in. But it’s an issue that's loaded with acronyms, confusing terminology, and some degree of black-art mystique. This session starts with basic principles of cryptography and gives you a thorough understanding of how Wi-Fi authentication and encryption work to keep your network safe. You’ll also learn about 802.1X authentication, tradeoffs of different EAP methods, why proper client configuration is so important, and why Aruba believes that role-based access control is critical in a modern mobile network.
During this webinar, we will discuss how starting from ArubaOS 8.2.0.0, selected APs can run in both controller-based mode and controller-less mode and the implications tied to that. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-AP-Discovery-amp-Deployment-Policy-ArubaOS-8-x/m-p/394540/
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, e will discuss AirWave 10, a new software build that lets us streamline code, add performance, clustering. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Network-Management/Technical-Webinar-Introduction-to-AirWave-10/td-p/454762
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
After your successful ClearPass deployment, how will you know if it's still performing properly? In this session, you'll leran how to use our built-in dashboard, logging and trending tools to identify problem areas, and reasonable threshold levels related to authentications, as well as overall appliance performance numbers. See how to turn on and use proactive notifications before problems occur that can keep users from connecting. Hear about best-practices for operationalizing ClearPass as the growth of devices, authentications, and collected data increases.
In this presentation, we will discuss how branch controllers work and run through different deployments examples in 6.x and 8.x.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Manage-Devices-at-Branch/td-p/351983
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Aruba Central user may need a centralized web-server to host captive portal page for their distributed networks across the globe like coffee shops, restaurant or hotels. Aruba central 2.0 has a new feature called Cloud Guest or Guest Management that allows administrator to create a splash page for guest users using Web server and radius server running in the cloud.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Airheads-Tech-Talks-Cloud-Guest-SSID-on-Aruba-Central/td-p/524320
In this presentation, we will run through different API types and cases: configuration APIs (REST API), context APIs (NBAPIs), SDN APIs and explain how to make API calls via CLI. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Configuring-different-APIs-in/td-p/312011
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Security is always a top-of-mind issue for WLAN deployments, no matter what business you're in. But it’s an issue that's loaded with acronyms, confusing terminology, and some degree of black-art mystique. This session starts with basic principles of cryptography and gives you a thorough understanding of how Wi-Fi authentication and encryption work to keep your network safe. You’ll also learn about 802.1X authentication, tradeoffs of different EAP methods, why proper client configuration is so important, and why Aruba believes that role-based access control is critical in a modern mobile network.
During this webinar, we will discuss how starting from ArubaOS 8.2.0.0, selected APs can run in both controller-based mode and controller-less mode and the implications tied to that. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-AP-Discovery-amp-Deployment-Policy-ArubaOS-8-x/m-p/394540/
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, e will discuss AirWave 10, a new software build that lets us streamline code, add performance, clustering. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Network-Management/Technical-Webinar-Introduction-to-AirWave-10/td-p/454762
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
After your successful ClearPass deployment, how will you know if it's still performing properly? In this session, you'll leran how to use our built-in dashboard, logging and trending tools to identify problem areas, and reasonable threshold levels related to authentications, as well as overall appliance performance numbers. See how to turn on and use proactive notifications before problems occur that can keep users from connecting. Hear about best-practices for operationalizing ClearPass as the growth of devices, authentications, and collected data increases.
HPE Distributed Cloud Networking (DCN) enables service providers and large organizations to manage a distributed, multi data center environment in a simple, open and agile way using software-defined networking and network virtualization. At this session, we'll explore HPE Distributed Cloud Networking (DCN), Layer 2 to Layer 4. You will learn how this network virtualization platform optimizes the network by removing inefficiencies.
This presentation will cover a brief insight into how Mixed model IAP deployments are done and what are the effects of APP RF feature within IAP deployments.
Check on the link below for the webinar recording where this presentation was used.
http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Airheads-Technical-Webinar-Recording-Slides-Instant-AP-APP-RF/td-p/273380
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
ClearPass Extensions allow ClearPass to integrate with multiple enterprise services to cover dynamic real-time requirements like automatic guest registration and MDM integration. Microsoft Intune, McAfee ePolicy Orchestrator are some examples of integrations achieved using ClearPass Extensions. Check out the webinar recording where this presentation was used: https://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Extensions-and-how/td-p/292221
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Clustering is a new feature introduced in AOS 8.0 that enables seamless roaming of clients between APs, hitless client failover and load balancing of users across Mobility Controllers in the cluster. This solution provides the configuration required to create a cluster of Mobility Controllers that are managed by the same Mobility Master.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Airheads-Tech-Talks-Advanced-Clustering-in-AOS-8-x/td-p/506441
During this webinar, we will cover AppRF - a suite of application visibility and control features that are part of Aruba's Policy Enforcement Firewall. AppRF is a PEF feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Aruba-AppRF-AOS-6-x-amp-8-x/td-p/490800
Is your wireless network more secure than your wired network? In this session, we'll discuss how to use industry standard techniques to provide secure wired access. This includes using policies and RADIUS/RADIUS CoA to ensure that ports used for Wi-Fi APs, IoT devices, printers and IP phones are protected against unwanted use by employees, guests, and contractors. The days of dedicated ports assigned to VLANs are over! By using a 'universal ports tied to policies’ model, network access is based on dynamic enforcement rules. These techniques work across popular wired infrastructure from HPE, Cisco, and others.
This session will provide a technical overview of campus switching, intended for wireless specialists who want to get to know the wired infrastructure components a bit better.
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This session will discuss WAN, branch and remote networking, including zero touch deployment, network security, simple and fast convergence for large scale IPSec deployments, seamless integration with cloud-based services, ADVPN, and others.
Join us at this session to hear about the challenges you might face as you try to support a large group of mobile users and devices for 802.1x authentication. While username & password authentication (eg. 802.1x PEAP) is easily deployed, requiring each device to authenticate with its own unique credential (eg. certificate-based 802.1x EAP-TLS) is a much secure implementation. Join us as we discuss ways to identify the most appropriate 802.1x authentication mechanisms for variety of environments and user profiles.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
After an overview presentation, we will demonstrate live how HPE's multi-vendor Intelligent Management Center (IMC) software can be used to manage day to day operations for the datacenter. Introduction to HPE IMC focused on management for data center switching. Topics include REST API, virtualization integration and data center fabric management.
HPE Distributed Cloud Networking (DCN) enables service providers and large organizations to manage a distributed, multi data center environment in a simple, open and agile way using software-defined networking and network virtualization. At this session, we'll explore HPE Distributed Cloud Networking (DCN), Layer 2 to Layer 4. You will learn how this network virtualization platform optimizes the network by removing inefficiencies.
This presentation will cover a brief insight into how Mixed model IAP deployments are done and what are the effects of APP RF feature within IAP deployments.
Check on the link below for the webinar recording where this presentation was used.
http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Airheads-Technical-Webinar-Recording-Slides-Instant-AP-APP-RF/td-p/273380
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
ClearPass Extensions allow ClearPass to integrate with multiple enterprise services to cover dynamic real-time requirements like automatic guest registration and MDM integration. Microsoft Intune, McAfee ePolicy Orchestrator are some examples of integrations achieved using ClearPass Extensions. Check out the webinar recording where this presentation was used: https://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Extensions-and-how/td-p/292221
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Clustering is a new feature introduced in AOS 8.0 that enables seamless roaming of clients between APs, hitless client failover and load balancing of users across Mobility Controllers in the cluster. This solution provides the configuration required to create a cluster of Mobility Controllers that are managed by the same Mobility Master.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Airheads-Tech-Talks-Advanced-Clustering-in-AOS-8-x/td-p/506441
During this webinar, we will cover AppRF - a suite of application visibility and control features that are part of Aruba's Policy Enforcement Firewall. AppRF is a PEF feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Aruba-AppRF-AOS-6-x-amp-8-x/td-p/490800
Is your wireless network more secure than your wired network? In this session, we'll discuss how to use industry standard techniques to provide secure wired access. This includes using policies and RADIUS/RADIUS CoA to ensure that ports used for Wi-Fi APs, IoT devices, printers and IP phones are protected against unwanted use by employees, guests, and contractors. The days of dedicated ports assigned to VLANs are over! By using a 'universal ports tied to policies’ model, network access is based on dynamic enforcement rules. These techniques work across popular wired infrastructure from HPE, Cisco, and others.
This session will provide a technical overview of campus switching, intended for wireless specialists who want to get to know the wired infrastructure components a bit better.
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This session will discuss WAN, branch and remote networking, including zero touch deployment, network security, simple and fast convergence for large scale IPSec deployments, seamless integration with cloud-based services, ADVPN, and others.
Join us at this session to hear about the challenges you might face as you try to support a large group of mobile users and devices for 802.1x authentication. While username & password authentication (eg. 802.1x PEAP) is easily deployed, requiring each device to authenticate with its own unique credential (eg. certificate-based 802.1x EAP-TLS) is a much secure implementation. Join us as we discuss ways to identify the most appropriate 802.1x authentication mechanisms for variety of environments and user profiles.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
After an overview presentation, we will demonstrate live how HPE's multi-vendor Intelligent Management Center (IMC) software can be used to manage day to day operations for the datacenter. Introduction to HPE IMC focused on management for data center switching. Topics include REST API, virtualization integration and data center fabric management.
The Handlink ISS-6000 Internet Access Controller is a complete access solution for medium to large Hotels and Resorts. It can serve up to 1024 simultaneous users and is an ideal solution for deployment within the Hospitality and Accommodation industries, Apartment buildings - MDU, Student Accommodations, Retirement Villages and Airports and offers instant high-speed Internet connections.
The ISS-6000 also acts as a Wireless Hotspot access controller and provides plug and play instant Internet access, advanced security & network management.
Handlink Hotel Broadband Solution
Embrace the BYOD wave and explore the untapped potential of your wireless controllers. In this session, you will learn how the features in controller code release 7.2 - 7.4, can help you scale up your wireless deployment and open the door to a world of new potential. Topics will include: Application Visibility and Control (AVC), Flex Connect, IPv6, Identity Services Engine integration and other configuration best practices.
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementNetgear Italia
In questo secondo appuntamento di webinar dedicati ad Insight, si introducono le funzionalita' di gestione e monitaraggio disponibili per tutte le tipologie di prodotti Insight based.
Webinar NETGEAR - ProSafe Wireless Controller WC7600 , funzionalità e demo co...Netgear Italia
Algoritmo UFast™ per semplificare la gestione del firmware e per velocizzare il rilevamento degli Access Point
Supporto fino a 50 Access Point con un singolo dispositivo
Supporto fino a 150 AP con uno stack di tre Controller
Roaming L2 e L3 con distribuzione completa per garantire prestazioni ottimali
We will discuss the following: Classical Security Methods, AAA, Authentication, Authorization, Accounting, AAA Characteristic, Local Based AAA, Server Based AAA, TACACS+ and RADIUS.
Webinar NETGEAR - Le nuove funzionalità dei Wireless controller ProsafeNetgear Italia
Un approfondimento sulle nuove funzionalità proposte dalle soluzioni Wireless Controller di Netgear: Distributed Forwarding Band Steering - Enhanced RF Planner - Fast Roaming L2 e L3
The QinQ technology is called VLAN dot1q tunnel, 802.1Q tunnel, VLAN Stacking technology. The standard comes from IEEE 802.1ad and it is the expansion of the 802.1Q protocol. QinQ adds one layer of 802.1Q tag (VLAN tag) based on the original 802.1Q packet head. With the double layers of tags, the VLAN quantity is increased to 802.1Q.
How to configure the QinQ? Here we will list two occasions and they can be applied to Huawei switches higher level than Quidway S2700 and with EI version, Huawei S3700 switches and Quidway S5700, etc.
The AP330 is an enterprise-grade, high performance two radio (3x3) three stream MIMO 802.11n Access Point, targeted at high capacity enterprise environments.
PDF SubmissionDigital Marketing Institute in NoidaPoojaSaini954651
https://www.safalta.com/online-digital-marketing/advance-digital-marketing-training-in-noidaTop Digital Marketing Institute in Noida: Boost Your Career Fast
[3:29 am, 30/05/2024] +91 83818 43552: Safalta Digital Marketing Institute in Noida also provides advanced classes for individuals seeking to develop their expertise and skills in this field. These classes, led by industry experts with vast experience, focus on specific aspects of digital marketing such as advanced SEO strategies, sophisticated content creation techniques, and data-driven analytics.
Storytelling For The Web: Integrate Storytelling in your Design ProcessChiara Aliotta
In this slides I explain how I have used storytelling techniques to elevate websites and brands and create memorable user experiences. You can discover practical tips as I showcase the elements of good storytelling and its applied to some examples of diverse brands/projects..
Connect Conference 2022: Passive House - Economic and Environmental Solution...TE Studio
Passive House: The Economic and Environmental Solution for Sustainable Real Estate. Lecture by Tim Eian of TE Studio Passive House Design in November 2022 in Minneapolis.
- The Built Environment
- Let's imagine the perfect building
- The Passive House standard
- Why Passive House targets
- Clean Energy Plans?!
- How does Passive House compare and fit in?
- The business case for Passive House real estate
- Tools to quantify the value of Passive House
- What can I do?
- Resources
Technoblade The Legacy of a Minecraft Legend.Techno Merch
Technoblade, born Alex on June 1, 1999, was a legendary Minecraft YouTuber known for his sharp wit and exceptional PvP skills. Starting his channel in 2013, he gained nearly 11 million subscribers. His private battle with metastatic sarcoma ended in June 2022, but his enduring legacy continues to inspire millions.
EASY TUTORIAL OF HOW TO USE CAPCUT BY: FEBLESS HERNANEFebless Hernane
CapCut is an easy-to-use video editing app perfect for beginners. To start, download and open CapCut on your phone. Tap "New Project" and select the videos or photos you want to edit. You can trim clips by dragging the edges, add text by tapping "Text," and include music by selecting "Audio." Enhance your video with filters and effects from the "Effects" menu. When you're happy with your video, tap the export button to save and share it. CapCut makes video editing simple and fun for everyone!
1. Altai Super WiFi
1
Not for Distribution – Altai ConfidentialNot for Distribution – Altai Confidential
Altai Super WiFi
Altai Certification Training
Backend Network Planning
Professional Services
Altai Technologies Limited
2. Altai Super WiFi
2
Not for Distribution – Altai ConfidentialNot for Distribution – Altai Confidential
Altai Super WiFiModule Outline
• Service Controller Solution
– Layer 2 Network Deployment Scenario
– Layer 3 Network Deployment Scenario
• A3 ACS Solution
3. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
3
Service Controller Solution
• RADIUS or Active Directory in the existing network
as authentication server
• Multiple SSID for different groups of client to
access; e.g. staff and guest
• Each group of client is only allowed to access
specific network subnets
• Different authentication method can be applied
to different SSID
4. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
4
Layer 2 Network Deployment Scenario
• Deployment scenario: Enterprise only one or
several buildings network based on layer 2
connection.
• Solution 1: SC internet port behavior as network
backhaul, and LAN port connect to AP.
• Solution 2: one of SC ports behavior as network
backhaul.
5. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
5
Layer 2 Network Design
• Intranet for staff
• Ingress VLAN 1
• Egress VLAN 10
• Client IP subnet
192.168.1.x
• AD or RADIUS
Authentication
• Allowed access
intranet and internet
• Internet for guest
• Ingress VLAN 2
• Egress VLAN 10
• Client IP subnet
192.168.2.x
• SC Local account
• HTML-Authentication
6. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
6
Layer 2 Network Solution I
Radius Server
Active Directory
Service Controller
Internet Port: VLAN 10 & 20
LAN Port: VLAN 1 & 2
Router
SSID_Intranet
192.168.1.x
VLAN 1
VLAN Switch
VLAN 1, 2, 100
SSID_Internet
192.168.2.x
VLAN 2
Management SSID
192.168.100.x
VLAN 100
Trunk Port
Altai AP
VLAN 1
VLAN 2
VLAN 100
Trunk Port Trunk Port
Firewall
DHCP
server
Intranet
VLAN 20
VLAN 10
Management Server
VLAN 100
7. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
7
Layer 2 Network Solution II
Radius Server
Active Directory
Router
SSID_Intranet
192.168.1.x
VLAN 1
VLAN Switch
Network: VLAN 10,20
SC Port: VLAN 1, 2, 10, 20, 100
AP Port: VLAN 1,2, 100
SSID_Internet
192.168.2.x
VLAN 2
Management SSID
192.168.100.x
VLAN 100
Trunk Port
Altai AP
VLAN 1
VLAN 2
VLAN 100
Trunk Port Trunk Port
Firewall
DHCP
server
Intranet
VLAN 20
VLAN 10
Egress: VLAN 10 & 20
Ingress: VLAN 1 & 2
Service Controller
Management Server
VLAN 100
8. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
8
Layer 2 Active Directory authentication
Procedure
User
User associate with
wireless network
EAPOL start
EAP Response/identity
EAP response
DHCP request
AP
EAP Request/identity
Redirect the request to
Service Controller
EAP request
EAP success
Service Controller
EAP Response/Identity
Over AD
EAP Response over AD
AD Server
EAP request over AD
EAP success over AD
and user configuration
DHCP server
Response DHCP request
Send IP address back
9. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
9
Layer 2 HTML authentication Procedure
User
User associate with
wireless network
Send DHCP request
User attempts to
browse an Web site
User Login
Transport page sends
request for session
and welcome page
AP
Redirect the request
to DHCP server
Redirect the request to
Service Controller
Service Controller
Request is intercepted
Login page is returned
User login info is
sent for authentication
Transport page is sent
Session and Welcome
pages are sent
Local account
Login approved.
User configuration
setting are returned
DHCP server
Response DHCP request
Send IP address back
10. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
10
Layer 3 Network Deployment Scenario
• Deployment scenario: University & enterprise
multiple buildings network based on layer 3
connection.
• Solution 1: Two buildings connect to each other
based on layer 3 connection (Traffic forwarding
based on IP address). Since SC establish
communication with AP only by VLAN, each SC
should be deployment for every building in such
case.
• Solution 2: Two building connect to each other
based on tunnel which support VLAN function. In
this case, only one Service Controller is needed
for the entire network.
11. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
11
Layer 3 Network Design Solution_I
Building 1
• Intranet for staff
• Ingress VLAN 1
• Egress VLAN 10
• Client IP subnet 192.168.1.x
• AD or RADIUS
Authentication
• Allowed access intranet
and internet
• Internet for guest
• Ingress VLAN 2
• Egress VLAN 10
• Client IP subnet 192.168.2.x
• SC Local account
• HTML-Authentication
Building 2
• Intranet for staff
• Ingress VLAN 3
• Egress VLAN 10
• Client IP subnet 192.168.3.x
• AD or RADIUS
Authentication
• Allowed access intranet
and internet
• Internet for guest
• Ingress VLAN 4
• Egress VLAN 10
• Client IP subnet 192.168.4.x
• SC Local account
• HTML-Authentication
12. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
12
Layer 3 Network Solution_I
Radius Server
Active Directory
Router
SSID_Intranet
192.168.1.x
VLAN 1
VLAN Switch
Network: VLAN 10,20
SC Port: VLAN 1, 2, 10, 20
AP Port: VLAN 1,2
SSID_Internet
192.168.2.x
VLAN 2
Trunk PortTrunk Port
Firewall
DHCP
server
Intranet
VLAN 20 & 40
VLAN 10 & 30
Service Controller
Egress: VLAN 10 & 20
Ingress: VLAN 1 & 2
SSID_Intranet
192.168.3.x
VLAN 3
VLAN Switch
Network: VLAN 30,40
SC Port: VLAN 3, 4, 30, 40
AP Port: VLAN 3,4
SSID_Internet
192.168.4.x
VLAN 4
Trunk PortTrunk Port
Service Controller
Egress: VLAN 30 & 40
Ingress: VLAN 3 & 4
Altai AP
VLAN 1
VLAN 2
Altai AP
VLAN 3
VLAN 4
13. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
13
Layer 3 Solution I Authentication
Procedure
User
User associate with
wireless network
EAPOL start
EAP Response/identity
EAP response
DHCP request
AP
EAP Request/identity
Redirect the request to
Service Controller
EAP request
EAP success
Service Controller
In Builing 1
EAP Response/Identity
Over AD
EAP Response over AD
AD Server
EAP request over AD
EAP success over AD
and user configuration
DHCP server
Response DHCP request
Send IP address back
Building 1 for example
14. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
14
Case study: ASTRI Deployment
Active Directory
Router
SSID_Intranet
192.168.0.x
VLAN 1
AD authentication
VLAN Switch
Network: VLAN 10,20
SC Port: VLAN 1, 2, 10, 20
AP Port: VLAN 1,2
SSID_Internet
192.168.0.x
VLAN 2
HTML authentication
Trunk Port
Altai AP
VLAN 1
VLAN 2
Trunk Port Trunk Port
Firewall
Intranet
VLAN 20
VLAN 10
Egress: VLAN 10 & 20
Ingress: VLAN 1 & 2
Service Controller
DHCP server:192.168.0.x
15. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
15
Wireless Network
SSID
Target Clients
VLAN Authentication Encryption
Intranet Staff 1 Active Directory WPA/WPA2
Internet Guest 2 Captive Portal WPA-PSK
16. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
16
VLAN Network
SSID VLAN_Ingress
Client IP Address
VLAN_Egress
Colubris
Interface IP address
Intranet 1 192.168.0.x 10 10.6.11.2
Internet 2 192.168.0.x 20 10.6.12.2
17. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
17
Network configuration_ingress vlan
18. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
18
Network configuration_egress vlan
19. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
19
Network ports
20. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
20
DHCP server_1
21. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
21
DHCP server _2
22. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
22
DNS
23. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
23
Check IP routers
24. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
24
Join Active Directory
25. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
25
AD group configuration
26. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
26
Add RADIUS secret
27. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
27
Account Profiles_1
28. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
28
Account Profile_2
29. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
29
User account_1
30. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
30
User account _2
31. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
31
Access List
32. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
32
VSC AD authenticaton_1
33. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
33
VSC AD Authentication_2
34. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
34
VSC AD Authentication_3
35. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
35
VSC HTML Authentication_1
36. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
36
VSC HTML Authentication_2
37. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
37
Layer 3 Network Design Solution_II
• Intranet for staff
• Ingress VLAN 1
• Egress VLAN 10
• Client IP subnet 192.168.1.x
• AD or RADIUS
Authentication
• Allowed access intranet
and internet
• Internet for guest
• Ingress VLAN 2
• Egress VLAN 10
• Client IP subnet 192.168.2.x
• SC Local account
• HTML-Authentication
38. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
38
Layer 3 Network Solution_II
Radius Server
Active Directory
Router
SSID_Intranet
192.168.1.x
VLAN 1
VLAN Switch
Network: VLAN 10,20
SC Port: VLAN 1, 2, 10, 20
AP Port: VLAN 1,2,
SSID_Internet
192.168.2.x
VLAN 2
Trunk PortTrunk Port
Firewall
DHCP
server
Intranet
VLAN 20 & 40
VLAN 10 & 30
Service Controller
Egress: VLAN 10 & 20
Ingress: VLAN 1 & 2
SSID_Intranet
192.168.1.x
VLAN 1
SSID_Internet
192.168.2.x
VLAN 2
Trunk PortTrunk Port
Altai AP
VLAN 1
VLAN 2
Multiple Layer3 tunnel
Altai AP
VLAN 1
VLAN 2
39. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
39
MultipleLayer3Tunnel
Layer 3 Solution II Authentication
Procedure
User
User associate with
wireless network
EAPOL start
EAP Response/identity
EAP response
DHCP request
AP
EAP Request/identity
Redirect the request to
Service Controller
EAP request
EAP success
Service Controller
EAP Response/Identity
Over AD
EAP Response over AD
AD Server
EAP request over AD
EAP success over AD
and user configuration
DHCP server
Response DHCP request
Send IP address back
Building 1 for example
40. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
40
Case Study: Operator Network
Deployment Solution
IP
Backbone
Metro
Ethernet
Network
BAS
DSLAM
ADSL
AAAStandard DSL
Modem/Router Internet
AP (Switch Mode)
Controller
¿Tunnel between AP and Controller?
IP Service with PPPoE (Internet or MPLS VPN)
WiFi
Eth
GE
Wireless
Backhaul
Eth
Tunneling Router
Tunneling Router
Múltiple Access Point
TUNNEL
41. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
41
Altai A3 ACS Solution
• Deployment scenario: Hotzone whole network solution could be in one
box.
• RADIUS or MAC in the existing network is authentication server, do not
need to integrate with Active Director server
• Can use 3G as backhaul
• Roaming across A3s is not supported
• Local database is supported
• Multiple SSID for different groups of client to access, like staff and guest
• Each group of client is only allowed to access specific network subnets
• Different authentication method can be applied to different SSID
42. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
42
ACS Network Design Solution
• Intranet for staff
• Intranet ACS Profile
• Client IP subnet 192.168.0.x
• RADIUS authentication
• HTML-authentication
• Allowed access intranet
and internet
• Internet for guest
• Internet ACS Profile
• Client IP subnet 192.168.0.x
• MAC authentication
• Allowed access internet
only
43. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
43
Altai A3 Access Control System
Radius Server
A3_Gateway Mode
ACS Profile
Router
SSID_Intranet
Intranet ACS Profile SSID_Internet
Internet ACS Profile
Firewall
DHCP
server
Web Server
Switch
44. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
44
ACS User Login Procedure
45. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
45
Case Study: Hotspot Operator ACS
Profile Configuration
Radius Server
A3_Gateway Mode
10.6.127.200
DHCP server:192.168.0.1
SSID_HTMLAuth SSID_MACAuthrnet
3G network
Web Server
Hotspot Operator Noc
3G backhaul
46. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
46
Hotspot Operator Network Illustration
• 3G dongle as network backhaul
• A3 build-in DHCP server enabled
• Remote RADIUS server is for internal clients authentication
and accounting
• Remote Web server is for RADIUS server authentication.
• Access controlled list establish to define network access
difference for multiple kinds of clients
• Local account is for MAC authentication to clients who
could only access internet
47. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
47
ACS Profile
48. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
48
Local Account
49. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
49
RADIUS Server
50. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
50
Access Rules 1
51. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
51
Access Rules 2
52. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
52
Access Rules Profile
53. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
53
HTMLAuth Profile
54. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
54
MACAuth Profile
55. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
55
Export ACS profile
56. Altai Super WiFi
Not for Distribution – Altai Confidential
Altai Super WiFi
www.altaitechnologies.com
56
Thank You