Filter
Top Products
Aruba Mobility Controller Configuration Guide
VIEW Certified
Page 17
user-role phones
session-acl phone_acl
!
Authentication
In addition to the encryption, it is recommended that you use MAC authentication to
authenticate the wireless IP telephones. On the Aruba System, the roles for wireless IP
telephones are derived using MAC-authentication. The wireless IP telephones can be
authenticated individually using MAC-authentication or as a group using the vendor OUI and
derivation rules. For instruction on enabling MAC-authentication refer to Aruba’s User Guide.
For the OUI-based derivation rule, configure the following from the CLI:
aaa derivation rules user
set role condition macaddr starts-with "00:90:7a" set-value phone
Quality of Service (QoS)
Quality of service is achieved by prioritizing the voice traffic over data traffic. To prioritize the
voice traffic over data traffic in the AP traffic queues, the “queue high” tag is used at the end
of each ACL to prioritize the traffic matching the ACL over all other traffic. In the example
shown above:
user alias avpp svc-avpp permit queue high
alias avpp user svc-avpp permit queue high
The traffic that matches the above two rules is prioritized over all other traffic. In addition, a
DiffServ tag or a Dot1p tag can be configured at the end of each ACL to indicate the relative
priority of the traffic to the traffic to the network.
Example:
user alias avpp svc-avpp permit dot1p 4 queue high dot1p-priority
4
tos 4 queue high
alias avpp user svc-avpp permit queue high dot1p-priority 4 tos 4
queue high
By default, the packets are not tagged.
In addition multicast/bradcast traffic in the air can be limited by turning on the firewall voip-
prox-arp. This command is available on the CLI alone.
(Aruba)#
configuration terminal
(Aruba) (config)# firewall voip-proxy-arp
Subnet Roaming
The Aruba system can be set up to support inter-switch inter-subnet roaming. The topology is
as shown in the figure on page 2.
When two or more switches are used in the Aruba WLAN system, one switch has to be
identified as the master and the others as the local switch. During VIEW Certification testing,
the Aruba 800 was configured as the master switch and the Aruba 6000 was configured as a
local switch; therefore, this configuration is used in the following examples.
For instructions on setting up a switch as a local switch refer to Aruba’s User Guides.