Filter
Top Products
Campus Wireless Networks Validated Reference Design Version 3.3 | Design Guide Mobility Controller Configuration | 47
Good guest policy as implemented by the stateful firewall should only allow the guest to access the
local resources that are required for IP connectivity. These include DHCP and possibly DNS if an
outside DNS server is not available. All other internal resources should be off limits for the guest. This
is usually achieved by denying any internal address space to the guest user.
Additional policies should be put in place to limit the use of the network for guests. The first policy is a
time-of-day restriction. The user should be limited to accessing the network during normal working
hours as they should only be using the network while conducting official business. Accounts should be
set to expire when their Local work is completed, typically at the end of each business day.
A rate limit can be put on each guest user to keep the user from using up the limited wireless
bandwidth. Employee users should always have first priority to the wireless medium for conducting
company business. Remember to leave enough bandwidth to keep the system usable by guests. Aruba
recommends a minimum of 10%. Guests can always burst when the medium is idle.
Create a time range:
Create a bandwidth contract and apply it to an AP group:
time-range working-hours periodic
weekday 07:30 to 17:00
wlan traffic-management-profile "employee-guest-app"
bw-alloc virtual-ap “corp-employee” share 45
bw-alloc virtual-ap "corp-app" share 45
bw-alloc virtual-ap "guest-net" share 10
ap-group "corp-aps"
dot11a-traffic-mgmt-profile " employee-guest-app"
arun_060
No access
after hours
Access controlled
arun_061
Mobility
controller
Data Controlled
data