当然,我们已经编译了今天早上的问答聊天窗口,并希望与所有人分享。感谢所有加入网络研讨会的人。有关演示文稿的副本和视频录制,请参阅Airheads Social知识库文章.
Still got more questions? Please post them here or to Campus WLAN, Mobility Access Switches, ArubaOS and ClearPass forums!
问答环绕Aruba移动访问开关
Q:Can you please tell the difference between Aruba's S2500 and S3500 switches?
A:There is a table posted atAruba websitedescribing the differences. The S3500 is a modular switch - power, uplink/stacking, field replaceable fan trays. The S2500 has a fixed configuration - power, fans and uplinks, comes in a 12" form factor.
Q:Are you telling me that with Aruba, I don't have to have any VLANs?
A:VLANs can be anchored further back in the network and dynamically assigned. Firewall on the controller is used for policy enforcement and VLANs are simply used to control broadcast domains. You can have as many or as less VLANs as you like as long as you follow LAN design best practices for IP services like DHCP, DNS, etc.
Q:How many Aruba switches do we need to install?
A:Number of switches is dependent on the number of wired ports required in the network. You have the ability to configure a port to tunnel traffic to the firewall on the controller or allow it to do local L2 or L3 forwarding.
Q&A on Aruba AirGroup
Q:因此,Airgroup需要Clearpass Guest(Amigopod)?Airgroup是ClearPass的一部分吗?
A:AirGroup requires ClearPass for it to be most effective. Without ClearPass guest, L3 discovery, traffic optimization, role based access to services (eg. students can't access Apple TVs in classrooms but teachers can) and selective advertisement of services (eg. make AirPrint available across the network but not AirPlay) is still possible with Aruba Mobility Controllers. ClearPass Guest delivers store & easy definition of user-owned, group-owned, location-assigned, user-and-friends context and hence it is highly recommended.
Q:For now, We are only interested in making Apple TVs work in classrooms. Do I need the entire ClearPass solution to accomplish this?
A:You could address this with just the Aruba Mobility Controller. You could restrict access for certain devices to just teachers.
Q:I am looking for a solution that provides more than PSK security. Can Apple Bonjour (AirPlay & AirPrint) play across a multi-level security domain scenario?
A:诸如Apple TV,无线打印机之类的服务主要使用PSK Security正确。假设是,移动设备将通过强大的企业安全环境访问网络。Aruba解决方案的值是它建立在具有多个安全域的环境中实现此环境所需的灵活性 - 使用PSK和移动设备使用802.1X / RADIUS安全连接服务所需的灵活性。
Q:You mentioned the limitation of multicast on wireless....how does this address that issue?
A:不会有mdn AirGroup因为阿鲁巴岛莫bility Controller will act as the mDNS proxy. It will store the information about all services available in the network and based on policies defined within the controller firewall rules and ClearPass Guest service registration list, it will present availability to mobile devices based on user, role, location, in other words context. Reply to Bonjour discovery traffic will be sent as unicast by the Mobility Controller... which acts as the broker in the relationship between the mobile devices and mDNS services.
Q:"Mary's devices go into a Personal AirGroup" That seems like a loaded statement. How will those thousands of groups be created and managed? Using the local LDAP or AD?
A:The groups are created as each device is added by the owner (for personal Apple TVs, etc) or by an administrator (for local printers, etc). AirGroups are not created or maintained by admins. They are dynamically created and never require the admin to maintain. And LDAP or AD can be used to associate existing user groups with shared devices.
Q:Can the access be scheduled? So after hours, students can AirPlay in classrooms.
A:是的- access can be scheduled based on location, time of day.
Q:Will an AppleTV that doesn't support EAP-PEAP or EAP-TLS still be able to connect to the same SSID?
A:Apple TVs today do not support 802.1x unfortunately. So if wireless, they have to stay under a PSK SSID or wired Ethernet.
Q:Does AirGroup work well with Juniper4500 Core, Juniper4200 edge?
A:是的,AirGroup将作为第三方有线网络的覆盖层。边缘,分配或核心无限制。
Q:关于Apple TV,每个人都必须拥有Apple TV?
A:您可以拥有共享的Apple TV,或者员工/学生可以使用自己的私人Apple TV并授予与朋友的访问权限。
Q:我知道您专注于Apple产品,其他技术(例如Droid,Windows,Linux等)又如何呢?
A:这与支持MDN的任何设备有关。这不仅是Apple产品,而且Apple在Bonjour采用这项技术方面最具侵略性。
Q:学生只能作为客人通过吗?
A:是的,他们的资源将被注册为客人用户。类似于使用ClearPass Guest(前Amigopod)对访客用户的基于赞助商的注册。
Q:Are services such as ClearPass and AirGroup supported by 6.0.x or 6.1.x AOS versions only, or also in 5.0.x?
A:The specific code release hasn't been identified yet. Available for a limited number of customers to test today and second half of 2012 for GA. Unlikely that it will be available in a 5.0.x release.
Q:我是否完全需要Airwave才能获得ClearPass和所有基于上下文的发现服务?
A:No, however you do need ClearPass Guest for AirGroup to have location and user context.
Q:Are Clearpass and Airgroup part of, or related to Aruba Amigopod visitor management system?
A:Amigopod已被吸收到Clearpass产品组合中,并被更名为Clearpass Guest。AirGroup有两个组件:Arubaos操作系统在Aruba Mobility Controller上运行,并且(强烈建议用于完整功能)Clearpass Guest(前Amigopod)解决方案。
Q:学生必须提供哪些信息,以提供她拥有的有线设备(例如Apple TV)?
A:她将向她想使用此设备的人注册此设备MAC地址 - 只有玛丽,玛丽和她的朋友等(按用户名)或IT管理员可以将此设备识别为共享,并允许访问已在广告中确定的组实例。
Q:如果仅为有线设备提供MAC地址,则Aruba基础架构如何查看/在网络上查找设备?
A:只要VLAN可用于Aruba基础架构,它将监视和执行MDNS Discovery,以找出整个VLAN的所有服务。
Q:Is this service location aware - can you automatically point to the closest printer for instance?
A:是的,服务是位置意识的。添加MDNS设备后,将位置分配给该设备。然后,移动用户仅看到与她的移动设备紧邻的MDNS设备(打印机投影仪等)。
Q:So ClearPass Guest provides the ACL and not the network?
A:ClearPass guest provides the policy definition - eg. "user X owns this Apple TV". ACLs are not part of the ClearPass Guest solution and are implemented within the Aruba infrastructure.
Q:Apple TV将需要额外的SSID,不支持802.1X
A:是的 - 它将需要一个仅是PSK的额外的SSID。如果PSK不可接受,则有线连接必须是备份选项。对于AirGroup,其中任何一个都是插件N-Play服务的可接受的连接方法。
Q:该功能仅能使用Aruba开关,还是控制器能够通过软件/固件升级来进行边缘管理?
A:AirGroup feature is available without Aruba Mobility Access Switches.
Q:Airgroup会覆盖SSID中传统的设备间通信方法的传统方法吗?
A:它将与之一起使用,它不会覆盖任何现有规则。
Q:Can you blend Windows, Android & Mac devices in all of this?
A:是的- anything that uses mDNS is supported.
Q:可以在Bradford NAC和Aruba环境中使用Airgroup产品吗?
A:是的
Q:您是否介绍了该解决方案如何处理启用较低数据速率的多播的要求?
A:Since Mobility Controller is acting as the mDNS proxy, it will let the mobile devices know what services are available to them - multicast discovery hence will be limited to a minimum over the air. Only from mobile devices to the AP.
Q:Would the guest of a student also have access to the internet as well?
A:This would be defined by the network access policies, independent of this feature. Student's friends will not lose any access they had within the network before they were dynamically assigned to their friend's AirGroup.
