In a previous video blog we looked at how organisations can gain control over who can access their network using one of 802.1x or a private pre-shared key.
Sitting behind either of these solutions are user profiles, which are stored on either a RADIUS server, access point or Aerohive's HiveManager.
In this video blog we take a closer look at user profiles, and how they can be provisioned to help network managers give each wireless user a unique experience, while increasing security.
User profiles are what allow each user to have a unique experience when connecting to the wireless.
A user profile will contain information such as VLAN assignments, firewall policies, SLAs and tunneling policies.
802.1x works with access points and a radius server sat somewhere on the network. When a user connects, authentication is sent to the RADIUS server. Provided it's accepted, a set of attributes is returned to the access point, that have been pre-configured.
The access point will take these attributes and and match them against user profiles that have been pre-configured within the wireless policy.
You can now assign the user to the user profile of your choosing.
For example, if they authenticate as a member of the IT Team, they receive the appropriate VLAN assignment, which might mean they they don't have any firewall restrictions and receive a high SLA.
Alternatively, if they were to authenticate as a guest, they might receive an internet only firewall policy and a low SLA.
Being able to automatically divide the wireless traffic into different groups, who each receive a different wireless experience, with very little management overhead is a real boon to those managing networks.
Aerohive's PPSK functionality, allows you to achieve the same, but without having to use a RADIUS server. Different user groups can either be stored on the access points themselves, or within HiveManager.
So when a user authenticates, that key is checked against these groups. Assuming that key is found within one of those groups, the group is matched against the relevant user profile - again, giving that user a unique experience.