User-based tunneling

User-based tunneling uses GRE to tunnel ingress user traffic on an access switch interface to an HPE Aruba Networking gateway for further processing. User-based tunneling enables a HPE Aruba Networking gateway to provide a centralized security policy, using per-user authentication and access control to ensure consistent access and permissions.

Applications of user-based tunneling include:

• Traffic segmentation: Enables splitting of traffic based on user credentials, rather than the physical port to which a user is connected. For example, guests on a corporate network can be assigned to a specific VLAN with access and firewall policies defined to protect the network. Traffic from computers/laptops can be tunneled, while allowing VoIP traffic to move freely through the wired network.
• Authentication of PoE devices: Many devices that require power over Ethernet (PoE) and network access, such as security cameras, payment card readers, and medical devices, do not have built-in security software. As a result, these devices can pose a risk to networks. User-based tunneling can authenticate these devices and tunnel their traffic to a mobility gateway, harnessing the firewall and policy capabilities to secure the network.

At the most basic level User-Based Tunneling has two components:

• User-Roles refers to the ability to assign roles, on the fly, to a wired device/user, based on such things as the access method of a client. When leveraging ClearPass, additional context can be added, such as time-of-day and type-of-machine. As a result, IT staff no longer must pre-configure an access-port to VLAN and uplinks.
• Tunneling is the ability to tunnel traffic to an HPE Aruba Networking Mobility Gateway (previously known as tunneled-node).

User-based tunneling supports two types of gateway deployments:

• Standalone Gateway Support
• Clustered Gateway Support