Scribd
Upload
153 views

ARUBA 101 Intro

This document provides an overview and agenda for designing Aruba WLAN solutions for mid-size businesses. It discusses the opportunity in the mid-market and need for a smarter, cloud-managed network. The Aruba solution presented includes business-class wired and wireless, simple management via the cloud, and built-in security. Key aspects covered are the Aruba Instant solution, access point portfolio, how Instant works via a master-slave configuration, reliable performance with ClientMatch, intelligent traffic control and application visibility, and the policy enforcement firewall.

Uploaded by

hpe cursos
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
153 views

ARUBA 101 Intro

This document provides an overview and agenda for designing Aruba WLAN solutions for mid-size businesses. It discusses the opportunity in the mid-market and need for a smarter, cloud-managed network. The Aruba solution presented includes business-class wired and wireless, simple management via the cloud, and built-in security. Key aspects covered are the Aruba Instant solution, access point portfolio, how Instant works via a master-slave configuration, reliable performance with ClientMatch, intelligent traffic control and application visibility, and the policy enforcement firewall.

Uploaded by

hpe cursos
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 47

Designing Aruba WLAN

Solutions
Eskinder Mesfin Cherient
CISSP|PMP|PRINCE2|MCSE|CCIE(wr)
+251930071465
[email protected]
Agenda
Mid-size businesses
Aruba solution overview
Instant architecture
Instant deployment and best practices
Resources

@ArubaNetworks | #ATM19 2
Midmarket Opportunity is BIG and Growing

$700 Billion • 33,000 Midsized enterprises in US


$18+ Billion • Enablement of Digital Workplace is
WW MIDSIZE ENTERPRISE Estimated WW Spend For among top 5 strategic initiatives

IT SPEND NETWORKING • Networking, Security and move to the


Cloud are top 3 infrastructure projects

Gartner’s Definition of Midmarket

@ArubaNetworks | #ATM19 3
The Impact on Midsize IT

Performance Analytics & Security

7 in 10 95%
Get complaints Need better
about poor Wi-Fi visibility & control

Simplicity By 2020, 78% of small to midsize


businesses will be taking advantage of
6 in 10 50% cloud computing.
Have little on-staff Looking to Cloud
Microsoft SMB Study
networking expertise Managed Wi-Fi

@ArubaNetworks | #ATM19 4
A Smarter, Better Network Needed

CONTEXT DRIVEN
CLOUD-MANAGED MOBILITY-CENTRIC

Approach that leverages


Networking that eliminates Wireless, that’s built for todays connection, user, and device
hardware and simplifies day to voice, video and data apps, and
data for visibility and
day operations mobile user behavior
enforcement.

@ArubaNetworks | #ATM19 5
Aruba’s Mid-Market Solution

Purpose-built for secure mobility, cloud & IoT

+ +
BUSINESS-CLASS Simple Management BUILT-IN SECURITY
WIRED & WIRELESS CLOUD & MSP STATEFUL FIREWALL & INTRUSION
DETECTION
High performance & scalable Insightful & Easy to Manage Infrastructure security

@ArubaNetworks | #ATM19 6
Value Based Services for Higher Profitability

Guest Wi-Fi Services Connectivity Health Presence Analytics


• Customized portals – logo, • User monitoring of association, • Measure customer traffic and
background, color, ads authentication, DHCP, Portal & DNS engagement based on RSSI
• Registration choices – anonymous, • Health scores for quick problem • Assess layouts and optimize staffing
self-registration or social logins identification based on peak hours
• Control options – networks, landing • Trending, and additional insight to • Compare metrics against baselines
page, duration and access isolate root cause and impact for consistency

@ArubaNetworks | #ATM19 7
Aruba Instant Solution
Aruba Instant Wi-Fi

ENTERPRISE-GRADE & VIRTUALIZED CONTROLLER


ALL INCLUSIVE

SIMPLE POWERFUL FLEXIBLE


• Wizard driven intuitive setup • High performance • Support varied use cases
• Less hardware • Best-in-class security • Cost effective

@ArubaNetworks | #ATM19 9
Wi-Fi That Can Evolve At The Speed of Business
MULTIPLE MANAGEMENT OPTIONS - MULTIPLE DEPLOYMENT OPTIONS
Aruba Central
Instant UI

ClearPass
Policy Manager

Instant Internet

Mobility
Controller

HQ

Flexible, future-proof deployment that can easily scale to large number of locations

@ArubaNetworks | #ATM19 10
AP Platform Portfolio
Indoor Access Points Hospitality and Remote (Branch) Hardened Access Points
Access Points

340 Series (AP-34x)


802.11ac 4x4:4SS, MU-MIMO, VHT160
1x 1GE + 1x 2.5GE, USB, BLE, dual 5GHz
11ac W2 Flagship

310 Series (AP/IAP-31x)


802.11ac 4x4:4SS*, MU-MIMO, VHT160 Outdoor Access Points
1x GE, USB, BLE, 802.3af POE
Baseline 4x4 11ac W2 platform

300 Series (AP/IAP-30x)


802.11ac 3x3:3SS*, MU-MIMO
1x GE, USB, BLE, 802.3af POE
Entry-level 3x3 11ac W2 platform

303 Series (AP-303)


Dual radio, 11ac 2x2:2SS, 1xGE
Low-cost 2x2 11ac W2 platform

@ArubaNetworks | #ATM19 11
Why Aruba Instant?
How Aruba Instant Works

First AP configured
Ready …

It becomes the “master” & manages the cluster


Set …

New APs connect to the “master” to download config

Instant APs Go!!

ü NO ONSITE IT NEEDED
ü FAULT TOLERANT NETWORK

@ArubaNetworks | #ATM19 13
Reliable performance with Aruba ClientMatch

Predictable Wi-Fi performance across the network


• Intelligently steers devices to the best AP
• Reduces “sticky” clients issues => fewer helpdesk tickets
• No client-side software required

REAL-TIME RF CORRELATION

DEVICE TYPE LOCATION CONGESTION INTERFERENCE ‘MU-MIMO Aware’

@ArubaNetworks | #ATM19 14
Intelligent traffic control with application visibility

On-Board DPI
− Depth - common apps
− Enterprise traffic

þ Prioritize business critical apps

Cloud-Based Web Policy


Enforcement
− Breadth - less common apps þ Block inappropriate content
− Web traffic
þ Enforce per user/device/location

GRANULAR VISIBILITY & CONTROL


q App category q Allow/deny
q Individual app q QoS
q Web category q Throttle
q Web reputation q Log
q Blacklist

@ArubaNetworks | #ATM19 15
Policy Enforcement Firewall ( PEF)
Aruba Firewall advantage

Identify Control Prioritize Optimize Follow


the User Access per Applications Performance the User
User

Policy Enforcement Firewall


• Identity-based Stateful firewall
• Role/identity based
• Application Aware
• Stateful policies versus “access control lists”
• Bi-directional
• Session aware; more difficult to spoof
• Dynamic
@ArubaNetworks | #ATM19 16
Better user experience for Unified Communication

Unified Communication and Collaboration

•Auto Classify UCC applications


• Classify S4B with SDN API and monitor activity
• Advanced heuristics can be leveraged to identify Skype,
Jabber and Facetime
•Offer deep visibility to call quality with Central
• UCC dashboard with real time correlation of call quality with
network health
• Per-User call visibility for faster troubleshooting
• Insights and reporting

@ArubaNetworks | #ATM19 17
Real Time Insights using Clarity Live

Inline Monitoring for associated clients


Ability to monitor DHCP, DNS,
RADIUS
AirWave
• Association time
• Authentication time
• DHCP time
• DNS time

Dashboards
• Network and Client level Live views
• Trends and patterns based on KPI/SLAs

@ArubaNetworks | #ATM19 18
ZTP for Secure and Fast Deployments
Complete Trust Zero Touch Scale

Secure Onboarding with


Ease of use, zero touch to Create Bulk Policy Template to
embedded TPM chip on most
provision Branch push to Branches
Aruba devices

DHCP
Aruba Activate
Server
DHCP Request

DHCP Response without


Mgmt. Address
IAP reaches out to Activate with
TPM Chipset
Serial #, MAC addr

Activate authenticates device provides cert


and redirects to Airwave/Central
IAP then reaches out to Central
with Serial #, MAC addr, cert
Central authenticates device and
then pushes down config, image
@ArubaNetworks | #ATM19 19
Instant Architecture
Cluster Architecture

VC IP:10.10.10.3/24
IP:10.10.10.4/24 One IAP is elected as Master,
Controller-less Architecture
rest are Slave

Master
IAP
Master virtualizes Controller
Instant OS
Function
Slave Slave
IAP IAP
IAPs in same L2 form a Up to 128 IAPs per cluster
IP:10.10.10.5/24 IP:10.10.10.6/24 Cluster recommended

Virtual Controller 1

@ArubaNetworks | #ATM19 21
Management Plane - Centralized
Configuration
Sync

Monitoring

Image
Master Management
IAP Management
Plane
External
Servers
Slave Slave
IAP IAP
DRP

Magic
VLAN

DHCP
Server

@ArubaNetworks | #ATM19 22
Control Plane - Distributed
Auto
Channel

Auto
ARM Power
Master
IAP
Control Band
Plane Steering
AppRF
Slave Slave
IAP IAP Client
Match
Firewall
Client
Aware

Infrastructure
IDS/IPS
Client

@ArubaNetworks | #ATM19 23
Data Plane - Distributed

Master
IAP
AP
Data VLAN
Plane Client
Slave Slave
IAP IAP VLAN

@ArubaNetworks | #ATM19 24
Instant Provisioning

Master
IAP
Configure ONLY Master AP

Slave Slave
IAP IAP Other APs auto-join in same L2
Slaves

ZTP with Activate

Aruba Activate

@ArubaNetworks | #ATM19 25
Master Election
IAP Boots up in
INIT State

Listens for Beacons for


random period

Master Yes
Beacon Become Slave
Received ?

No
Special treatment for
Become Potential Master • Preferred master
• 4G/3G modem

Conflict resolution based on:


Higher
Priority Yes • Uptime
Beacon
Received ?
• MAC address
• IP scope
No

Become Master @ArubaNetworks | #ATM19 26


Master Failover Master IAP unavailable

Back off Interval

Master Yes
Beacon Continue as slave
Received ?

No

Transition to potential master


And send Unicast Failed
Master

Is Master Yes
Beacon
Received

No

Become Master
@ArubaNetworks | #ATM19 27
Instant Deployment Models
Deployment Model: Cluster

Store A

SSID:Employee SSID:Employee
IAP IAP
SSID:Guest SSID:Guest

WAN

Store B Store C

SSID:Employee SSID:Employee
IAP IAP IAP SSID:Guest
SSID:Guest SSID:Guest

@ArubaNetworks | #ATM19 29
Single IAP Branch
WAN/Internet
– Simplified network design
– Acts as NAT device
– No Additional switches required
Branch Office
– Can also use USB 4G modem as Uplink

– Suitable for:
– Retail Chain
– Coffee Shop
– Teleworker
– Off-site Branch

– POE pass-through with AP-303P

@ArubaNetworks | #ATM19 30
Multi-IAP Branch: Hierarchical Mode design
Internet

• When a WAN device is NOT available


• Suitable for 3-5 IAPs per site Branch Office

• Multi-Port IAP Connected to WAN is called


Root IAP
• Can connect Wired Hosts
• Can connect other IAPs
• Root is always Master

• AP-303P supports daisy-chaining IAP IAP

@ArubaNetworks | #ATM19 31
Deployment Model: Standalone
Room 1 SSID:Guest Room N SSID:Guest Internet

IAP

IAP
Data Center

Room 2 SSID:Guest Firewall

IAP

Room 3 SSID:Guest Lobby

IAP SSID:Guest IAP SSID:Employee

@ArubaNetworks | #ATM19 32
A Note on Standalone IAPs

IAPs may be deployed either in cluster mode or in standalone mode


All standalone APs at a site should still be deployed in the same management VLAN
• Roaming, ARM, ClientMatch, mesh, IDS etc would continue to work between IAPs in standalone mode

Caveats for IAPs in standalone mode


• DHCP needs to be external
• NAT gateway needs to be external
• Shared VPN not supported. Per-AP VPN is the available option.
• Dynamic Radius Proxy (DRP) not supported
• Wireless containment would not work today
• Central support for ZTP of IAPs in standalone mode not yet available

@ArubaNetworks | #ATM19 33
Instant Configuration
Wizard-based WLAN Configuration

Simple Configuration

Policy

WPA3 and OWE

Role-based Access Control

@ArubaNetworks | #ATM19 35
VLAN Derivation Rules

Dynamically Assign VLANs

Magic VLAN for Guest SSID

Role-based Access Control

@ArubaNetworks | #ATM19 36
Role-Based Access

Sever 1

Role: IT
Rule 1: Allow all
IAP Internet

Role: Employee
Rule 1 : Deny access to server 1
Rule 2 : Deny social networking sites
Rule 3 : Allow all

@ArubaNetworks | #ATM19 37
Network-Based Access

Server 1

Rule 1 : Deny access to Server 1


IAP Internet
Rule 2 : Allow all

@ArubaNetworks | #ATM19 38
Content Filtering and Traffic Shaping

Layer 7
Access Control Lists

Application Throttling or QoS


using DSCP, 802.1p

Block Content using Web and


App Categories

Get granular access control for


your Org

@ArubaNetworks | #ATM19 39
DPI with AppRF

Layer 7 Visibility with Deep


Packet Inspection

Visualize Trends with per AP or


per Client View

Block Content using Web and


App Categories

View data for last 1 min or 15


mins

@ArubaNetworks | #ATM19 40
SSID Zone and Time Profiles

Choose between SSIDs to


Broadcast in an area

Choose when to broadcast your


SSID

Reduce Management traffic


Overhead

@ArubaNetworks | #ATM19 41
Adaptive Radio Management

Radios that adapt to your


environment

Adapts to CCI, ACI, client receive


sensitivity

Always Client and Application aware

Patented ClientMatch resolves


Sticky Client Issue

@ArubaNetworks | #ATM19 42
Wireless Intrusion Detection and Protection

@ArubaNetworks | #ATM19 43
Instant Mesh

P2P, P2mP
Instant Mesh

Cluster and standalone


modes

Locked to 5GHz for better BW

Ensure Security over Mesh


Link

@ArubaNetworks | #ATM19 44
Instant Best Practices

Master table to tune the most


important knobs
Feature Default Setting Sparse AP with data Dense AP with data only Recommended Settings for voice and video High Interference
only Environment
Scanning Enabled Enabled Enabled Enabled enabled
(Disable scanning on detecting voice or
video traffic under ACL)
Client Aware Scanning Enabled Enabled Enabled Enabled Disabled
Background Spectrum Disabled Disabled Disabled Disabled Enabled
Monitoring (To show interference
sources)
Client Match Disabled Enabled Enabled Enabled Enabled
Band Steering Prefer Prefer Prefer Prefer Prefer
5Ghz 5Ghz 5Ghz 5Ghz 5Ghz
Airtime Fairness Default Access Fair Access Fair Access Fair Access Fair Access
Min Transmit Power 18 18 9 18 12
Broadcast Filtering Disabled All ARP ARP (Disabled if running Multicast) ARP

Multicast Optimization Disabled Enabled Enabled Enabled Enabled

Dynamic Multicast Disabled Disabled Disabled Enabled Disabled


Optimization
Interference Immunity 2 2 2 2 2
Level Modify if Aruba Support
recommends you to do so
Beacon Interval 100ms 100ms 100ms 100ms 100ms

Wide Channel Band 5GHz 5GHz 5GHz 5GHz 5GHz

Local Prob Req Threshold 0 0 25 25 25


(db)
Dynamic CPU Management Automatic Automatic Automatic Automatic Automatic
@ArubaNetworks | #ATM19 46
Still not a part of the Airheads
Community? Sign up today!
community.arubanetworks.com

@ArubaNetworks | #ATM19 50

You might also like