Guest Access

Guest access provides a secure and convenient means of granting network access to customers, contractors, and other visitors over wired and wireless LAN networks without major reconfiguration of guest computers or the need for IT staff assistance. Aruba's user-centric architecture allows access rights to be granted on a per user basis, restricting access based on time, location, and need-to-know basis. Depending on the visitor, access might be limited to Internet surfing, or it could include access to core server resources. Security and simple management are the keys to an effective guest access system, and Aruba's best-of-class GuestConnect™ service protects the internal network and provides accountability for, and auditing of, who uses the network, when it is being used, and how it is being used.

GuestConnect Feature Offers Flexible and Secure Access for Visitors

The GuestConnect captive portal feature provides secure, Web-based authentication. Client devices connect to the network and are blocked from all access until a Web browser is opened and authentication credentials are entered. The exchange of authentication credentials is secured using industry-standard SSL, and can be configured to require a valid user name and password, or non-validated email addresses. The captive portal pages can be customized by uploading custom backgrounds, acceptable use policies, and other text.

The guest provisioning feature allows a front desk receptionist to use a standard Web browser interface to add, delete, and modify guest user accounts, including an expiration date and time. By provisioning guest accounts, unauthorized users can be prevented from using enterprise network resources. User names and passwords are automatically generated by the Mobility Controller, eliminating front-desk administration time. Guest access tickets are customizable and can include both the acceptable use policy and a company logo.

A policy enforcement firewall separates employee and guest traffic while blocking outsiders. Guest users are assigned a guest role, while employees are assigned an internal role, and separate stateful firewall policies are applied to each. Aruba's ICSA-certified policy enforcement firewall permits fine-grained control over what each user role is allowed to do on the network, preventing guests from accessing internal resources and blocking employees from having direct access to the Internet.

Secure tunnel redirection diverts guest traffic reaching an Aruba Mobility Controller to an IPsec or GRE tunnel for transport outside the enterprise firewall. Secure tunnel redirection prevents guest traffic from traversing any portion of the internal network in a non-tunneled format, blocking any attempts to use crafted packets or VLAN hopping attacks.

Secure Tunnel Redirection Isolates Guest and Enterprise Traffic

Aruba's non-disruptive deployment capability requires no reconfiguration of closet switches, routers, VLANs, or ports. Since the guest access feature encompasses both wired and wireless LANs, only a single solution is required for all corporate networks reducing IT overhead and expenses.