We have compiled this morning's Q&A chat window, with answers of course, and wanted to share with all.
Q: What kind of ratio do you have as far as devices per student? Also, what kind of coverage do you provide? Are the access points in the hallways? Classrooms?
A: Depending on the school, BCPS sees up to 3 devices per user ratio within the WLAN. Especially by allowing for BYOD and guest services, this number has increased significantly. In terms of coverage, when there is metal/concrete building infrastructure in place, BCPS prefers to deploy APs in the classrooms. Otherwise, it makes more sense to deploy within the hallway.
Q: Does one SSID take precedence over another as far as bandwidth? Air time? If so, how have you found the performance of these settings?
A: No precedence was set across different SSIDs although separate set of policies are enforced for guest user traffic. PSK SSID will soon be retired and moved under 802.1x / Machine Auth enabled SSID, reducing the number of SSIDs to two. Aruba Instant powered SSID for mobile carts is an overlay to the centralized WLAN infrastructure powered by Aruba Mobility Controllers and thin APs; it is configured to be mobile / hotspot type deployment and accessed on demand during class hours.
Q: What is your policy as far as broadcast traffic on the different SSIDs? And why?
A: In order to reduce the amount of ARP traffic over the air, hence improve available air-time, Aruba recommends the use of proxy ARP. Second method is to use multicast rate optimization where the multicast traffic is forwarded at the highest 802.11 link rate visible to associated clients per access point. Third method is to enable IGMP proxy and convert multicast traffic to unicast in case of high bandwidth multicast applications for mobile devices. Fourth method is to enable multicast DNS (mDNS) proxy and reduce the amount mDNS discovery traffic (eg. Apple Bonjour) over the air. Last but not least, you can disable use of any undesired broadcast or multicast protocols using the policy enforcement firewall within Aruba Instant APs or Mobility Controllers.
Q: If a domain user connects to the wifi, can they connect to their AD profile?
A: Yes, a domain user will use their credentials to connect to the wireless LAN. They will be recognized as a valid user and given access priviliges and user policy. If their credentials do not match, they will be denied access.
Q: Can the controller read AD from more than one AD? We have 2 AD's on our campus to manage users from a windows domain and an Apple domain. Can it see and look for which domain the user is on?
A: Yes, Aruba Mobility Controller and Aruba Instant can talk to both directories. If the user is not found within the first domain, Aruba WLAN will check within the second domain.
Q: Do they generate reports on various system functions, and if so, any examples?
A: Yes, AirWave is capable of generating reports on users, devices, access times and bandwidth. Attached is a list of all report options available within AirWave reporting. AirWave retains user and network data for up to 500 days, and it is possible to create customized reports as a mix-and-match of all the available options.
Q: Do the APs do rogue detection/jamming?
A: Yes, the APs are capable of rogue classification (separating them from neighboring APs) and containment. The IT administrator has the ability to set a confidence threshold for a rogue AP, and then has the option to tarpit over the air (attack the attacker without wasting too much airtime) or ARP poison over the wire using the access points. More details on RFProtect capabilities of Aruba Instant and Aruba Mobility Controllers are located in the test report attached.
Q: What does the management interface look like?
A: Here is a demo of the Aruba Instant user interface. For AirWave, here is a quick demo video as well.
Q: How many APs did BCPS deploy?
A: They have deployed over 1500 APs and have plans to quadruple the number.
Q: How have you integrated Airwave into a centralized Enterprise Management System (if have)? Any insights into the "Northbound/Southbound Interface" environment wrt an EMS/NMS?
A: AirWave supplies an XML API allowing you to integrate with other vendor's IT management applications or custom applications. Any info visible to AirWave is accessible via the API.
Q: What is the link speed between your buildings?
A: BCPS uses 100Mbps speed links for each school.
Q: Are you using ClearPass for the guest access acounts?
A: BCPS is using the guest services within the Mobility Controller today, but evaluating ClearPass for BYOD services.
