Protect and Secure Your Wired IoT with Dynamic Segmentation

By Sue Gillespie, Senior Product Marketing Manager, Aruba
Share Post

From smart lighting to security cameras and badge readers, IoT devices are rapidly being deployed throughout networks of all sizes. This newfound network connectivity leads to lots of appealing operational benefits, but it also exposes the network to security risks as these devices hop on the same pathways as sensitive financial, medical, and business critical data. These devices rarely have very strong security built-in. Passwords are stored in clear text, they lack secure supplicants used with our laptops and desktops, and they are often physically located in un-secured public areas.

As more of these network-connected devices come online, the complex task of quickly identifying them and authenticating their roles becomes vital to a safe network. Aruba’s unique dynamic segmentation feature helps solve this security problem in a way that both simplifies management for IT and provides a more consistent user/device experience regardless of device type or where it is being connected. 

What Makes Dynamic Segmentation Simple and Secure?
Dynamic segmentation is an extremely useful way of securely segmenting wired user and IoT device traffic using Aruba's Mobile First Infrastructure. As the campus switch’s role moves beyond traditional wired connectivity to wireless aggregator and IoT connectivity, IT teams struggle with consistently and dynamically applying policies and advanced services across wired users and IoT devices. Dynamic segmentation lets them easily manage and secure a network full of IoT devices. Benefits include:

Dynamic Segmentation Ensures Consistency
The use of the Aruba controller as a unified policy enforcement point for traffic from both wired and wireless devices adds to the consistency of policies. Using a unified model that is centrally managed and enforced simplifies deployment and ensures consistent wired access and permissions as devices connect and disconnect. This allows an Aruba switch to act like a wired access point, so users or devices that connect to the switch are tunneled to the mobility controller and receive the same privileges and experience as when connected to the wireless network.

This is especially important when dealing with security cameras, payment card readers, and medical devices which are often dependent on Power over Ethernet (PoE) and lack built-in security software. These devices simply were not designed with enterprise-class encryption or authentication capabilities and depend on the network to provide secured access.

Authentication of users and IoT devices leverage Aruba ClearPass. And, the tunneling of client traffic harnesses the firewall and policy capabilities in the Aruba mobility controller to stop unauthorized or malicious connectivity. If a PoE LED light tries to set up 1,000 TCP sessions, for example, it will be quarantined. Similarly, a connected HVAC will not be allowed to access the company’s ERP system.

Aruba Switches Support Dynamic Segmentation
AOS 8.1 or later on the Aruba Controller and is supported on the switches below with our license free ArubaOS-Switch 16.04 release:

Aruba ClearPass provides a single point for policies that lets IT centally define and manage authentication and privileges.  All laptops, mobile phones and IoT devices connected to the network are also profiled upon connection to the network, matched to a role, and then the appropriate policy downloaded to the access port.

For more details

Learn more about dynamic segmentation for Aruba campus switches in this technical video. 


  • 2930F Switch
  • 3810 Switch
  • 5400R Switch
  • Dynamic Segmentation
  • Sue Gillespie