Tag Archives: Aruba

Using Aruba’s Tunneled-Node to Extend Wireless AAA Policies to the Wire

I recently recorded a 10 minute video demonstration of how you can use an Aruba Networks Mobility Access Switch to extend your existing wireless AAA and QoS policies out to the wired access layer.

Now that you’ve watched the video, here is a quick recap of some of the benefits and use cases for tunneled-node.

Benefits (In no specific order):

  • Management – AAA profiles for wired and wireless users are created in a single location.
  • Efficiency – Ideally, you already have strong AAA and QoS policies on the WLAN. Tunneled-Node means you don’t have to recreate the wheel. Instead just reuse the same policies and apply them to wired ports.
  • Security – This is the main driver now isn’t it? Clearly, having users/devices authenticate to receive derived roles matching their requirements is a much better way to go compared to wide open wired access for all.


  • Tunnels – The name kind of spells out the first limitation. Given that all traffic is tunneled to you mobility controller from the switch, you will need to make sure your controller is sized to handle the increased load.
  • Closed Architecture – Currently, this solution requires you to have both an Aruba mobility controller and mobility access switch. Both products function just fine without each other, but tunneled-node functionality requires both.

When is this solution a good fit?

In my opinion, the solution fits well in the following scenarios:

  • Board rooms and public spaces – A single switch could easily increase security in areas that host both employees and guests/contractors/students. Employees get internal access in boardrooms while guests get internet-only access even when plugging into the same port.
  • New WLAN deployments – If your organization is just deploying a new Aruba WLAN, then a mobility access switch could be of great benefit. You’ll need something to provide PoE power to the access points anyway.

I really don’t want this to come across as an Aruba advertisement. There are certainly other solutions on the market today but I think tunneled-node should be given serious consideration for any organization with an already deployed Aruba WLAN.


Please feel free to contact us, or leave a comment, if you have questions about how this solution works. Also, the lab I used in the demo was built completely self-contained and portable. So, if you’d like to have a live demo, in-person, we can arrange that as well.




It’s More Than Just a Partner Conference

I’m happy to announce that I will be attending the 2012 Aruba Partner Summit from March 19th to March 21st in Las Vegas. I’ve never attended an Aruba partner conference before, but the impression I get is that this will be more than just another partner conference.

When I think of a typical partner conference, I envision a few speeches from CEOs and founders, maybe a hand-off demo or two, and possibly some whiz-bang-hey-look-how-awesome-we-are case study reviews. Boring. This will not be the case at the Aruba Partner Summit; just take a look at the agenda. The summit will have quite a few sales and technical information sessions to help get people exposed to the entire solution line-up.

Personally, I’m looking forward to the following two sessions:

  • Designing Wi-Fi Networks for High Density Environments
  • Overcoming Challenges in Outdoor Wireless

While these are the two sessions I’m looking forward to the most, I will be attending all of the technical sessions. I’ll try to post some updates during and after the summit to share what I can. Be sure to check back in a few weeks to get my thoughts on the summit and the future of wireless networking as Aruba sees it.


If you’re interested in discussing any of the agenda items after the summit, please feel free to contact me. I’m always excited to sit and talk wireless with anyone who is interested in the technology.

Wireless UI Walkthroughs

Recently I created two wireless vendor UI walkthroughs and thought they would be worth sharing with the NCI crowd.

The first walkthrough is of the Meraki Systems Manager. This feature is built-in to the Meraki Enterprise Cloud Controller and offers a fairly extensive set of MDM features to Meraki customers at no extra cost.


The second walkthrough is of the Aruba Instant Virtual Controller UI. The Instant architecture does away with hardware controllers, feature licensing, and even simplifies the administrative experience.


I hope you find the videos interesting. As always, if you have any questions, or would like a live demonstration please do not hesitate to contact us.


Bonus Marks: Did you spot the hidden surprise in one of the videos?

Amigopod and PAN User-ID Integration

Question: What happens when two vendors work together with the common goal of making your life easier?

Answer: Your life gets easier.

Here is a quick ~5 minute video showing the integration capabilities between Aruba Networks’ Amigopod and Palo Alto Networks’ User-ID Agent. Aruba and PAN have allowed their systems to share user-ID information between each other; the benefit to you is that users can receive the same user-based firewall policy whether they are connected via wire or wirelessly. Watch the video, you’ll see what I mean.


Pretty neat stuff, no? Tight integration between wired and wireless solutions is going to be very important as we move into 2012. It’s good to see that some vendors are not only working on expanding their own offerings, but also taking the time to ensure that they play nicely with others.

Dan C.

We’d love to hear what you think of the video. Please leave a comment or contact us with your thoughts, comments, or questions.

Thoughts After Day 3 of Aruba WLAN Training

Course complete!. All the gear is factory reset, packed away, and the test has been written and passed. It was a fun three days of configuring, tweaking, and experimenting with wireless controllers, access points, and AirWave, but all fun things must come to an end.

The last day of the 3-day Implementing Aruba WLANs course was a bit like a catch-all day for the topics that didn’t fit nicely into the other sections. We covered captive portals, remote APs, Adaptive Radio Management, and Spectrum Analysis. Given the wide choice of topics, it was actually a little difficult to come up with just a few thoughts based on the days activities, but here goes:

  1. As wireless vendors roll out amazing features like remote APs, which allows the office to follow the users regardless of where they are physically located, we will see WLANs positioned nicely to start displacing wires in a more permanent way at head offices and branch offices alike. The ability to control authentication, access, and encryption for wired and wireless users regardless of where they are is very empowering for organizations and I can’t see how this won’t be a standard offering by all wireless vendors in the very near future. I can already think of a few WLAN vendors who have rolled out remote AP offerings so, as far as I’m concerned, the flood gates have been opened.
  2. Spectrum analysis is a cool feature which can be quite handy when it comes to keeping your WLAN running optimally. However, I can’t over-stress the importance of not relying too heavily on having your tools do all the troubleshooting and interpretion for you. Some decisions can be made fairly accurately by tools while others still require human interpretation. The introduction of spectrum analysis by a few large WLAN vendors is definitely a good thing but, like all things in IT, you need to take the time to learn what the tools output actually means so that you can make educated desicions regarding the behaviour and configuration of your WLAN deployment. Spectrum analysis is meant to provide more information which should help us make more informed decisions; the decisions still need to come from a trained WLAN professional though.

I would definitely recommend the Implementing Aruba WLANs course for anyone involved in deploying or administering a small to medium-sized Aruba deployment. For larger deployments involving multiple sites and controllers I suggest taking your training beyond ACMA certification and checking out the Scalable WLAN Design & Implementation course which will prepare you for the Aruba Certified Mobility Professional (ACMP) certification.

Dan C.

If you have any questions about wireless training or are planning a wireless deployment and would like to have a discussion about it, please feel free to contact us or post a comment.

Thoughts After Day 2 of Aruba WLAN Training

Day 2 of the Implementing Aruba WLANs course has come to a close and we have managed to make a nice mess of the room. It’s amazing how quickly 6 people can fill a room with controllers, access points, cables, laptops, and courseware!

Much like the first day of the course, the second day was very educational. Focusing mainly on authentication, access control, and roles, I’d say this day represented the meat of the course. Here are my thoughts after day 2:

  1. To securely deploy a wireless network you had better brush up on your 802.1X, RADIUS, and PKI knowledge. Home WLANs are not the same thing as Enterprise WLANs; pre-shared keys (PSK) are not a scalable or manageable solution in most enterprise deployments. All SMB, or enterprise WLAN vendors support robust authentication when it comes to wireless networks so take advantage of these features.
  2. Role derivation is awesome! Having the ability to assign specific access policies and VLAN assignments to clients based on device type or group membership is a great way to avoid excessive SSID creation and provide granular control that matches the capabilities and requirements of each user/device. Regardless of the WLAN vendor you are using, I would highly recommned looking into this feature the next time you are thinking about creating a new SSID for a new business requirement. You just might save your self some configuration effort and eliminate needless wireless beacons at the same time.

Overall I’d say day 2 was a success. WLAN security is incredibly important so I was very happy to see that we spent the entire day exploring the various options available to us.

Dan C.

If you have thoughts, comments, or questions about WLAN security, please leave a note in the comments section.

Thoughts After Day 1 of Aruba WLAN Training

I firmly believe that the only way to stay on top of the wireless networking industry is to fully embrace the idea of lifelong learning. To me, this doesn’t just mean learning new skills and products, but also taking the time to revisit and refresh the things you think you already know. That’s why I jumped at the chance to sit in on a three-day Implementing Aruba WLANs course being held at my office. True, I do already have my ACMA, but I attained this back when controllers were running ArubaOS 3.x. Now that ArubaOS 6.x is out, I figured it couldn’t hurt to revisit the course and make sure I’m still up to date. Here are a few observations after completing the first day:

  1. Regardless of how simple a WLAN controller is to configure, anyone involved in designing, securing, or administering a WLAN must still understand the underlying 802.11 technology. Fancy wizards and snazzy interfaces are great when things are working fine, but don’t expect your WLAN to run as efficiently, securely, or resiliently if you don’t know what all those knobs and dials are actually doing. That beings said, Aruba Networks has done a great job improving and enhancing their configuration wizards. These wizards do such a good job of simplifying the basics of configuring your controller(s) that someone could technically get a secure WLAN up and running with very little wireless knowledge or experience. Unfortunately, there is no WLAN Administration Wizard. Until that day arrives, hit the books and start learning the underlying technology. A good place to look for vendor neutral wireless certification is the CWNP organization.
  2. Wireless networks are at a critical, and potentially dangerous, juncture in their relatively short lives. If we spend the time to properly plan, design, and secure wireless networks they have the potential to dramatically affect the way we work and play in a very positive and reliable way. However, if we rely too heavily on the perceived simplicity of deploying wireless networks without doing our homework first, then we are setting mobile computing up for failure or, at the very least, an existence that falls very short of the true potential of wireless networking.

Overall, day one was very informative and a lot of fun. It’s always great to see people putting in the time and effort required to properly implement a wireless network. So far the Deploying Aruba WLANs course has delivered what was promised and I am looking forward to sharing my thoughts on the next two days.

Dan C.

Full Disclosure: NCI is a partner with Aruba Networks.