2 min read

Video Blog:- Aerohive User Profiles, a Closer Look

December 10, 2018

In a previous video blog we looked at how organisations can gain control over who can access their network using one of 802.1x or a private pre-shared key.

Sitting behind either of these solutions are user profiles, which are stored on either a RADIUS server, access point or Aerohive's HiveManager.

In this video blog we take a closer look at user profiles, and how they can be provisioned to help network managers give each wireless user a unique experience, while increasing security.

HubSpot Video

User profiles are what allow each user to have a unique experience when connecting to the wireless.

A user profile will contain information such as VLAN assignments, firewall policies, SLAs and tunneling policies.

802.1x works with access points and a radius server sat somewhere on the network. When a user connects, authentication is sent to the RADIUS server. Provided it's accepted, a set of attributes is returned to the access point, that have been pre-configured.

The access point will take these attributes and and match them against user profiles that have been pre-configured within the wireless policy.

You can now assign the user to the user profile of your choosing.

For example, if they authenticate as a member of the IT Team, they receive the appropriate VLAN assignment, which might mean they they don't have any firewall restrictions and receive a high SLA. 

Alternatively, if they were to authenticate as a guest, they might receive an internet only firewall policy and a low SLA.

Being able to automatically divide the wireless traffic into different groups, who each receive a different wireless experience, with very little management overhead is a real boon to those managing networks.

Aerohive's PPSK functionality, allows you to achieve the same, but without having to use a RADIUS server. Different user groups can either be stored on the access points themselves, or within HiveManager.

So when a user authenticates, that key is checked against these groups. Assuming that key is found within one of those groups, the group is matched against the relevant user profile - again, giving that user a unique experience.

Network health check

Topics: Technical

Written by Neil Harrison