17
Copyright © 2016 Arrive Systems, Inc. All rights reserved.
5. VLAN Based Secure Provisioning
In this method, Arrive AirPoint devices join the enterprise wireless network, within a
contained SSID and VLAN. Arrive AirPoint supports WPA/WPA2-PSK (pre-shared key).
A specific SSID and VLAN is created on your wireless controller with WPA2 PSK security
configuration. Additionally one may consider adding MAC address based authentication
to ensure only the Arrive AirPoint devices are connected to this SSID. (Arrive AirPoint MAC
Addresses are available from the On Screen Display).
The Wireless controller and firewall needs to get configured in a way to block the traffic
from this VLAN (subnet) towards your corporate/campus network and optionally to internet .
Arrive AirPoint has a AirPlay receiver which uses Bonjour protocol to advertise its capabilities.
The Bonjour protocol is a non-routable protocol. Arrive AirPoint device is configured to
connect to the enterprise WiFi LAN using a SSID/VLAN and Secure WPA/WPA2 key (one time
configuration required).
Wireless controller mDNS listener for this VLAN must be enabled, and VLAN is configured
to only allow incoming connections (based on your wireless controller configurations).
Outbound traffic is not allowed.
To segregate users it will be important for you to ensure that the guest and corporate
networks exist in separate SSID/VLANs.
Your wireless controller listens for Bonjour mDNS advertisements from AirPoints installed
in different rooms. The Wireless controller caches the information (List of AirPoints , IP
addresses and MAC addresses).
1
Arrive AirPoint requires to connect to internet for OTA (Over The Air software update).
Blocking the internet access will stop the AirPoint from receiving the new firmware and
patches.
The Apple BYOD devices in GUEST or the Corporate SSID send request for list of available
services. Wireless controller sends the list of Arrive AirPoints to the user devices which are
located in GUEST or Corporate wireless SSID/ VLAN.
Once the Apple iPhone/iPAD receives the list of devices from controller, it shows as the list of
available Mirroring displays.