LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

January 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS January 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Aruba Wireless
From:	Kyle Evans <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 11 Jan 2007 08:56:29 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

We have CCA, and we just deployed Aruba wireless this past Fall.  The
solution works fine, but I wouldn't say we've become die-hard Aruba
zealots.  During talks with Aruba before the actual deployment, the
engineers said that Aruba is compatible with CCA in-band but not
out-of-band.  Fortunately, our servers are in-band, but if yours are
out-of-band then you may have problems.  You could always get a new CAS
dedicated to wireless and set it up as in-band though (we're still in
the process of procuring CASes dedicated to wireless).

Basically, the way it works is like this:  We set up a vlan with private
address space for the APs so we don't have to burn real IP space on
them.  The AP communicates with the controller on this vlan.  When a
client connects to an AP, the AP sets up an encrypted tunnel to the
controller and all the client's traffic is routed through the controller
via the tunnel.  At the controller, the client's traffic is assigned to
a vlan that has real IP address space.  The whole time the client is
connected, all of it's traffic is being routed through the controller. 
The vlan that the client's traffic is placed onto at the controller is
managed by CCA, just like the wired networks.

Most of the issues that needed to be solved were related to having one
SSID for the entire campus and making that work with individual
requirements for specific departments.  For example, we wanted students
in the residence halls to go through CCA, but not every department on
campus.  Currently, there also isn't good distributed management of APs
so that individual departments can control their APs (and nobody
else's).  However, this is *supposed* to work in the next release of
ArubaOS (and MMS--the management platform).

Another thing, we have a large deployment (~2000 APs) and we didn't want
to use per user firewalls, but we did want to use per user bandwidth
limiting.  Aruba recommended not limiting bandwidth per user because of
how large our deployment is.  We're not happy with that.  I suspect the
same would be true of per user firewalling.

Kyle

Mike Garner wrote:
> Hello all-
>
> We're currently a "cisco" shop for our swithing, routing, and wi-fi but are
> considering the move from fat AP's to lightweight AP's. The clear leaders
> are Aruba Networks and Airespace (now Cisco). The Aruba products have some
> interesting features including per user firewalls, role based
> authentication/access, etc.. though some of these features seem to overlap
> CCA. I'd appreciate hearing from any CCA schools that have I implemented CCA
> and Aruba. How does it work? Are you happy with the solution. Is CCA
> in-band, out-of-band, etc.? Do you have non-Aruba vlans that are still
> routed through or protected with CCA, for example wired dorms?
>
> Thanks!
> ~Mike
>
> ------------------------------------------
> Mike Garner
> IT, Western State College of Colorado
> [log in to unmask]
> 970.943.3123 
> 970.943.7069 (fax)
>
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU