Definition of Terms
Term Definition
DCA Dynamic Configuration Arbiter
ClearPass ClearPass Policy Manager
GRE Generic Routing Encapsulation
SAC Switch Anchor Controller
S-SAC Standby Switch Anchor Controller
UAC User Anchor Controller
Switch Bootstrap Control plane protocol packets exchange process between a switch and an SAC to register
a switch with the configured SAC.
User Bootstrap Control plane protocol packets exchange process between a switch and a UAC to register
a user with the published UAC.
Secondary role This information is an indication to the controller that it has to enforce additional policies to
user traffic based on policy configuration associated with the secondary role.
Reserved VLAN
mode
A VLAN is automatically created and reserved for tunnels in this mode.
Overview
Dynamic Segmentation enables Aruba switches to tunnel traffic (all traffic or the traffic of particular clients) to
Aruba controllers.
Dynamic Segmentation includes the following:
• User-Based Tunneling tunnels client traffic on the basis of user roles. This ability to dynamically tunnel traffic is
powerful, and when used correctly, can help in solving several deployment problems that are prevalent in
legacy campus networks. The policies associated with the client can be driven through a RADIUS server, a
downloaded role from ClearPass, or by local MAC authentication in the switch. Many devices that require
Power over Ethernet (PoE) and network access, such as security cameras, printers, payment card readers,
and medical devices, do not have built in security software such as those on desktop or laptop computers.
These devices can pose a risk to networks with the lack security on the device. User-Based Tunneling can
authenticate these devices using ClearPass, and tunnel the client traffic, utilizing the advanced firewall and
policy capabilities in the Aruba Mobility Controller. For providing secure access to IoT devices within the Aruba
Intelligent Edge wired network, controller clustering is available in ArubaOS 8.0.0.0. For more information, see
User-Based Tunneling.
• Port-Based Tunneling allows the Aruba switch to tunnel traffic to an Aruba Mobility Controller on a per-port
basis. All traffic on a configured switch port is statically tunneled to an Aruba Mobility Controller. For more
information, see Port-Based Tunneling.
Tunneling is enabled in the Aruba user role and can be combined with the Downloadable User Role (DUR)
feature for dynamic and flexible policy enforcement and segmentation.
Chapter 18
Dynamic Segmentation
608 Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08
To Next Page
Loading...
Need help?
General