l产品介绍.ppt

* We can let the stateful firewall and policy engine within the Aruba mobility controller do the work for us to separate wireless users. Because the mobility controller inspects all traffic and understands how the device was authenticated and authorized, we can create roles that assign a particular kind of rights and privileges to classes of users. This allows us to greatly simplify and collapse SSIDs. We might only have a single corporate SSID now, but within that SSID many different types of users such as contractors or employees can connect and have different roles. This is true even if they are on the same VLAN. The VLAN is not important anymore. Who that user is and what they are authorized to do is what is important. We can even support converged devices and allow voice calls within the corporate SSID that have a higher Quality of Service than normal data. Quality of Service is no longer dependent on the SSID. Instead it can be assigned based on the type of traffic, user or device. With this model in place, we can now implement a truly secure network that supports a wide variety of mobile users, applications and devices. Each one is authenticated, encrypted and authorized. More importantly, this context is maintained wherever the user may roam and regardless of the network. This is a powerful tool for security implementation and control. Single Point of Security Control – terminating encryption, authentication and policy enforcement in one place, the mobility controller. Everyone else splits this out into different places, creating a security vulnerability. Universal Authentication – support disparate authentication types (captive portal, 802.1x, VPN) with the same AP. Role-Based Access Control – Learned the purpose of the user (guest, contractor, employee-marketing, employee-finance, etc). A firewall policy will apply to each type of user. Stateful Firewalls – this is what enables policy enforcement. High-Speed Encryption – Hardware-based Processing -