User-based tunneling
User-based tunneling uses GRE to tunnel ingress traffic on a switch interface to a mobility controller for further processing. User-based tunneling enables a mobility controller to provide a centralized security policy, using per-user authentication and access control to ensure consistent access and permissions.
Applications of user-based tunneling include:
- Traffic segmentation: Enables splitting of traffic based on user credentials rather than the physical port to which a user is connected. For example, guests on a corporate network can be assigned to a specific VLAN with access and firewall policies defined to protect the network. Traffic from computers/laptops can be tunneled while allowing VoIP traffic to move freely through the wired network.
- Authentication of PoE devices: Many devices that require power over Ethernet (PoE) and network access, such as security cameras, payment card readers, and medical devices, do not have built in security software. As a result, these devices can pose a risk to networks. User-based tunneling can authenticate these devices and tunnel the client traffic to a mobility controller, harnessing the firewall and policy capabilities to secure the network.