Design and Implementation Guide. Apple iphone Compatibility



Similar documents
Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

9 Simple steps to secure your Wi-Fi Network.

Setting up a WiFi Network (WLAN)

VLANs. Application Note

WLAN Information Security Best Practice Document

Aerohive Private PSK. solution brief

BYOD: BRING YOUR OWN DEVICE.

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

CONNECTING THE RASPBERRY PI TO A NETWORK

Cisco Virtual Office Express

Top-Down Network Design

Enterprise A Closer Look at Wireless Intrusion Detection:

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Abstract. Avaya Solution & Interoperability Test Lab

IEEE a/ac/n/b/g Enterprise Access Points ECW5320 ECWO5320. Management Guide. Software Release v

Deploying iphone and ipad Virtual Private Networks

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

WLAN Authentication and Data Privacy

Configuring Routers and Their Settings

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

8 Steps For Network Security Protection

Lab Organizing CCENT Objectives by OSI Layer

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Best Practices for Outdoor Wireless Security

Nokia E90 Communicator Using WLAN

Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

White Paper. Enabling High-Performance for Apple ipads in the Enterprise

MN-700 Base Station Configuration Guide

Chapter 3 Safeguarding Your Network

Configuring Security Solutions

Microsoft Lync Certification Configuration Guide for WiNG 5.5

Technical Brief. Wireless Intrusion Protection

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Nokia E61i Configuring connection settings

Solving the Sticky Client Problem in Wireless LANs SOLVING THE STICKY CLIENT PROBLEM IN WIRELESS LANS. Aruba Networks AP-135 and Cisco AP3602i

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

RAP Installation - Updated

Virtuelle WLAN Controller Alcatel Lucent Wireless LAN Instant AP

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

ENHWI-N n Wireless Router

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: Doc Type: Q & A with Explanations Total Questions: 50

Configuring the WT-4 for ftp (Infrastructure Mode)

8 Steps for Network Security Protection

Chapter 2 Configuring Your Wireless Network and Security Settings

QUALITY OF SERVICE FOR CLOUD-BASED MOBILE APPS: Aruba Networks AP-135 and Cisco AP3602i

Configuring connection settings

Deploying a Secure Wireless VoIP Solution in Healthcare

University of Hawaii at Manoa Professor: Kazuo Sugihara

How To Secure A Wireless Network With A Wireless Device (Mb8000)

Wireless VPN White Paper. WIALAN Technologies, Inc.

Cisco RV215W Wireless-N VPN Router

Meraki Wireless Solution Comparison

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Exam Questions SY0-401

Network Security Best Practices

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

DV230 Web Based Configuration Troubleshooting Guide

Certified Wireless Security Professional (CWSP) Course Overview

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Design Guide for Pervasive Wireless Networks

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

Course Contents CCNP (CISco certified network professional)

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Securing Wireless LANs with LDAP

Application Note User Groups

NETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE Computer Network Analysis and Design Slide 1

Cisco RV110W Wireless-N VPN Firewall

ECB1220R. Wireless SOHO Router/Client Bridge

Cisco RV110W Wireless-N VPN Firewall

Evolving Network Security with the Alcatel-Lucent Access Guardian

All You Wanted to Know About WiFi Rogue Access Points

Lucent VPN Firewall Security in x Wireless Networks

Cisco AnyConnect Secure Mobility Solution Guide

Network Virtualization Network Admission Control Deployment Guide

Palo Alto Networks User-ID Services. Unified Visitor Management

Controller Management

Legacy Security

AC1200 Multi-Function Concurrent Dual-Band Gigabit Wi-Fi Router

How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

Chapter 2 Wireless Settings and Security

The next generation of knowledge and expertise Wireless Security Basics

TECH BULLETIN NETGEN1 DOOR CONTROLLER WI-FI NETWORK CONFIG

A Division of Cisco Systems, Inc. Wireless-G. User Guide. Broadband Router WIRELESS WRT54GL (EU/LA) Model No.

running operation mode painless TECHNICAL SPECIFICATION WAN/LAN: One 10/100 Fast Ethernet RJ-45 WPS (WiFi Protected Setup) WAN (Internet connection)

Security. TestOut Modules

Developing Network Security Strategies

Cisco RV 120W Wireless-N VPN Firewall

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

SATO Network Interface Card Configuration Instructions

INFORMATION TECHNOLOGY. Revised May 07. Home Networking Guide

Transcription:

Design and Implementation Guide Apple iphone Compatibility

Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new threats to the network are appearing as converged devices are being constantly introduced in the market. The devices are as almost as powerful as a regular computer, but lack the security controls found in a regular computer system. Some of the devices carry a powerful CPUs and large amounts of memory, running striped down versions of operating system that run on a personal computer. Universities are a good example of the kind of network where wireless devices on converged devices are likely to appear. It is common to find different versions of OS, laptops, and wifi enabled handsets all existing on the same common network. It is a nightmare for the network admin to try to secure these devices in an open access network. Currently the devices offer little or no control on what should and should not be executed. These devices become easy targets for hackers and viruses. In addition, some of the networking protocols implemented on these devices could be non-standards based, causing the network to behave in an erratic manner. These devices are a cause for great concern among network administrators. The devices not only poses productivity risks to individual, but could cause a situation which affects all of the users having access to the common resource, in this case the wireless LAN network. The Aruba Advantage Aruba Networks is uniquely positioned to reduce the effects of these kinds problems. Aruba Networks make it easier to mitigate the risks posed by such open access environments through the use of an integrated firewall and multilayered authentication. Scalability and battery life enhancements are available through VLAN pooling, Proxy ARP, and seamless layer 3 mobility. Integrated ICSA certified Firewall Aruba s role based firewall helps assign roles to users and devices based on parameters provided by the network administrator. These roles can be defined on the basis of user identity, device identity, device type, authentication mechanism, etc. This is a stateful firewall that is able to enforce security and access requirements. Violations can be acted upon to quarantine or blacklist users whose machines violate predetermined policy. Devices like iphones can be provided a unique role in the system with access to network resources appropriate to the network policy needs. E.g. one can disable access to itunes by limiting access to the multicast address and the port that the service runs on. 1 Apple iphone Compatibility Aruba Networks

Multilayered Authentication Converged phones and PDA devices usually use legacy security and authentication protocols (e.g. WEP, PSK). This security limitation can be overcome through additional layered security mechanisms to enhance the security of the device and user. As an example, a user or a device may be allowed to enter the network using a SSID that uses WEP encryption, but can be forced to authenticate with captive portal on VPN technologies to gain access to core resources (servers, file systems etc) on the network. VLAN Pooling and Proxy ARP VLANs are typically used not only to separate broadcast domains but also to separate users by class. A prime example would be to have a series of VLANs for students, and a separate VLAN for faculty use. The default method of mapping wireless users to VLANs is to associate an SSID with a VLAN. This is typically not a problem until the number of users grows beyond a reasonable subnet size, as would occur in very large classrooms or auditoriums. A VLAN typically cannot handle more than 200 users very effectively. Increased broadcast traffic on large VLANs not only causes performance problems and consumes precious over-the-air bandwidth, but also drains battery life on mobile devices. VLAN pooling, delivers the flexibility of VLAN-based network planning without any of the negative side effects. In VLAN Pooling, multiple VLANs form a VLAN pool, and all VLANs belonging to the VLAN pool are available at any location on the campus. VLAN assignment is performed dynamically at the time a user logs into the network and is based on current user loads on the different VLANs that form the VLAN pool. Aruba s Proxy ARP helps reduce the broadcast on a VLAN and helps improve client battery life by not flooding unneeded packets to the client, thus forcing it to wake up. Instead, the system answers ARP requests on behalf of the client, reducing the amount of time the client must be awake and transmitting to deal with routine network requests. Seamless Layer 3 Mobility Domains Creating multiple subnets allows the network to be structured more efficiently, and allows different VLANs and network segments to have their own IP ranges. This segmentation enhances troubleshooting and the maintainability of large networks. The downside is that if a user crosses a Layer 3 boundary, it may cause the active sessions to break (voice, data). Aruba s WLAN system provides Layer 3 mobility features that seamlessly connect across Layer 3 subnets, thus causing zero disruption to the application. This is achieved through IP mobility, allowing the client to keep their IP address as they roam through different subnets, with their traffic tunneled back to their original subnet for standard Layer 3 routing. Aruba Networks Apple iphone Compatibility 2

Conclusion In summary, the Aruba Networks Mobility Controller and thin Access Point solution provides a powerful feature set making it possible to deploy a secure, scalable and a versatile network. Network administrators are free to open their network to devices they do not have direct control of, secure in the knowledge that their network is protected from malicious activity and potential capacity issues. About Aruba Networks, Inc. Aruba Networks provides an enterprise mobility solution that enables secure access to data, voice and video applications across wireless and wireline enterprise networks. The Aruba Mobile Edge Architecture allows end-users to roam to different locations within an enterprise campus or office building, as well as to remote locations such as branch and home offices, while maintaining secure and consistent access to all of their network resources. Using the Aruba Mobile Edge Architecture, IT departments can manage user-based network access and enforce application delivery policies from a single integrated point of control in a consistent manner. Aruba s user-centric enterprise mobility solution integrates the ArubaOS operating system, optional value-added software modules, a centralized mobility management system, highperformance programmable mobility controllers, and wired and wireless access points. Based in Sunnyvale, California, Aruba has operations in the United States, Europe, the Middle East and Asia Pacific, and employs staff around the world. To learn more, visit Aruba at http://www.arubanetworks.com. 3 Apple iphone Compatibility Aruba Networks

Apple iphone Compatibility Test Description Aruba tested the Apple iphone in our labs to ensure seamless interoperability. The test specifics are summarized below: Test Topology DHCP MMS WLAN Controller Access points Aruba WLAN Test Set-up Results summary Vendor / Device Apple iphone Model 4Gb model 1.0 (1A5423a) Static WEP WPA-PSK WPA2-PSK Fast Roaming Standby Roaming VPN Aruba Networks Apple iphone Compatibility 4

Test Details The compatibility test plan consisted of the following: Network Connectivity: L2 and L3 connectivity was verified when the iphone was associated to a Aruba network. Association Modes: The mobile device is configured for the chosen security mode and then connected to the Aruba infrastructure. Successful data transfers upon connection are required to pass the test. The security modes tested are as follows. 1. Static WEP: In this mode, the mobile device under test is configured to encrypt traffic using the WEP (Wired Equivalent Privacy) standard, using pre-shared keys. 2. WPA-PSK: In this mode, the mobile device under test is configured to encrypt traffic using the WPA (Wi-Fi Protected Access that using TKIP) standard, using pre-shared keys i.e. no authentication. 3. WPA2-PSK: device under test is configured to encrypt traffic using the WPA2 (Wi-Fi Protected Access using AES-CCMP) standard, using pre-shared keys i.e. no authentication. 4. Open Roaming test: Roaming tests were performed on this device with and across controllers. Roaming tests were also done when the device woke up on a different access point than it has last associated on the same network. VPN tests: VPN connections were tested with L2TP and PPTP modes available on the phones terminating on the Aruba controller. Captive Portal: The phone was made to authenticate via the captive portal in addition to PSK to gain access to the internet resources are a guest user on the Aruba WLAN network. ITunes policy enforcement: The Aruba WLAN controller was configured to block requests to the ITunes service when on the corporate network. The multicast address and the port that subscribes to this service can be blocked using the in built L4-L7 session firewall on the WLAN controller. Notes WEP is not a recommend method of encryption due to known security weaknesses 802.1x is not currently supported on the iphone. 5 Apple iphone Compatibility Aruba Networks

Apple iphone Configuration A. Steps to associate the phone to a WLAN network. 1. Press Menu button on the phone 2. Navigate to Settings Wi-Fi 3. All the SSIDs available will be listed in the screen. 4. If the SSID you are trying to is hidden or not shown select Other option. 5. Select the SSID you wish to connect. 6. If you are connecting to a open SSID you will be automatically connected. 7. If you are connecting to WEP/WPA/WPA2 then you will be prompted for the password. Aruba Networks Apple iphone Compatibility 6

B. Steps to configure the L2TP/PPTP VPN client on the iphone 1. Press Menu button on the phone 2. Navigate to Settings VPN Settings 3. Selct the type of VPN you want to create L2TP/PPTP 4. Type the server name 5. Type in the password 2007 Aruba Networks, Inc. All rights reserved. Aruba Networks and Aruba Mobile Edge Architecture are trademarks of Aruba Networks, Inc. Apple is a trademark of Apple Inc., registered in the U.S. and other countries. iphone is a trademark of Apple Inc. All other trademarks or registered trademarks are the property of their respective holders. Specifications are subject to change without notice. DIG_IPHON_US_070730 7 Apple iphone Compatibility Aruba Networks

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information