What network professionals and enterprises can learn from the animal kingdom? Well, for example the patience of an owl importance of role-based access and advanced communication mechanisms of a bee hive. Let’s see how to make our lives as sweet as honey with Private Client Groups!
The structural perfection of a bee hive and the communication between its busy inhabitants is a marvel to behold. One of the fundamentals upon which this tiny world operates are roles. With brains the size of sesame seeds, honeybees have to work together in different capacities to maintain a healthy nest. That is why every bee has a job to do.
Some bees are nurses who take care of the brood. Some are janitors who keep the hive clean. Others are foragers, searching for the precious nectar to make honey. There are also guard bees who will stand at the front of the hive entrance, defending it from any intruders. If an outside bee aims to steal honey and attacks the hive, the intruder will be repelled. However, if a friendly bee comes in, they are allowed to enter and adopt the role of one of the worker bees.
Sounds like something we could adopt in our way of designing and operating the IT networks, doesn’t it?
You may also want to read:
Cloud-Managed Network Access Control (NAC) for Dummies
Whenever the NBA legend Dikembe Mutombo was on court, opponents had hard time breaking through the defenses. Can you say the same about your network? Learn how to secure all devices on your network with a playbook from David Coleman – a true MVP in the world of Wi-Fi!
Read More
When does the role-based access come in handy?
We could come up with a few ideas. Such capability would definitely serve its purpose in a dorm room in a school, a multi-dwelling unit, a hotel room or any other situation where one access point is deployed per room. Each room can have its own printer, gaming machine, smart TV with streaming services, connected light and so on and so forth.
But let’s stick with the higher education dormitory scenario. Imagine that all these devices belong to a student. The student doesn’t necessarily want some wise guy from the next door to hack into his or her network and play loud music in the middle of the night or print some spicy content without permission.
However, if a friend comes over, he or she is allowed to connect to our network without accessing the room resources, thanks to network segmentation and role-based access. See where we’re going with this?
How is this capability implemented in our network?
All devices in a room are grouped into a logical concept called Private Client Groups (PCGs), which are created based upon Extreme Networks’ patented Private Pre-Shared Key (PPSK) security technology, which in turn provide unique Wi-Fi authentication credentials and visibility.
PPSK security enables you to provide multiple groups of users, differentiated access policies even with a single SSID and single VLAN. Even when your Internet of Things (IoT) devices do not support 802.1x, you can assign each device unique identity credentials, provide per-device visibility, and of course, WPA2-level encryption. Private Client Groups can tie a PPSK tied to the MAC address of an anchor AP and can be used to identify the associated clients just like pheromones help identify bees from the same hive.
Now what happens when a friend visits your dorm room – are they blocked from any network access? No, they are still supported by redirecting to their own logical group. However, the traffic belonging to the visitor is tunneled automatically back via GRE to their anchor AP from the AP in your room.
Additionally, there is an automatic PCG segmentation option implemented via the integrated firewall capability of the AP. Just because the friend is in your room, it doesn’t mean that they are permitted to access your resources. And even if the visitor is not a member of the dorm at all and has no PCG, they can still be allowed access to the Internet.
Discover Private Client Groups in practice – read the story of Cordaan’s network
To bee or not to bee?
Private Client Groups is just like the concept of drifting bees that visit a hive: a friendly migrant is welcome, but the naughty bee is repelled. But just like every hive is unique and constructed to fit the space in which its built, networks also need to be adaptable to fit their environment.
To learn more about this fascinating feature, check out this blog entry from Dave Coleman CWNE #4, the leading authority in the world of Wi-Fi and our amazing Director of Product Marketing!
And if it’s the network security that you want to learn more about and implement in your network, be sure to check Extreme AirDefense – the most advanced wireless intrusion prevention system in the world!