ArubaOS and Controllers

Reply
Frequent Contributor I
Posts: 70
Registered: ‎04-03-2007

How to leverage device fingerprinting to a clients request

Just curious if someone can or has used the device fingerprinting to achieve the following;

Our client wants to block phones and other devices from getting an IP address from their network.

The issue is that students and even faculty are bringing to campus multiple mobile devices which are attaching to the network and cosuming IP's from their already too small scope. This is also affecting their web content filter as well as the devices are consuming licenses.

The client wants to block all phones and a few other mobile devices from getting IP's.

How do I leverage the device fingerprinting to achieve this? My first thought is to create rules with the dhcp option using the device fingerprint to put all the devices into a "denied device" role. The role would be assigned to a dead end VLAN with an IP scope from the controller that is not usable on the client network.

While I beleive this would work I think it to be a bit clumsy and not so elegant.

Any suggestions on a better process?

Thanks for any and all advice.

Regards,

Michael
Michael McNamee
Sr. Network Engineer - SecurEdge Networks
ACMP / ACDX / AWMP

http://www.securedgenetworks.com/secure-edge-networks-blog/
Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: How to leverage device fingerprinting to a clients request

What type of wireless network is this (encryption)? Do you only want domain devices on there?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 70
Registered: ‎04-03-2007

Re: How to leverage device fingerprinting to a clients request

They have a pre-shared key SSID for the students and staff using personal devices. The SSID also uses captive portal for user auth against AD. Everyone on campus knows the psk so they enter it on all their devices to get access which creates the large demand for IP's and firewall licenses.

They have a separate SSID for the school owned assets using 802.1x.
Michael McNamee
Sr. Network Engineer - SecurEdge Networks
ACMP / ACDX / AWMP

http://www.securedgenetworks.com/secure-edge-networks-blog/
Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: How to leverage device fingerprinting to a clients request

It might be easier to only allow the operating systems that you WANT on your network. Which operating systems do you desire?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 70
Registered: ‎04-03-2007

Re: How to leverage device fingerprinting to a clients request

The OS'es the client would allow are XP. Win7, Vista and MacOS.

They simply want to deny all the phone OS'es, devices as well as the iPod touch, android and Chrome tablets, etc...
Michael McNamee
Sr. Network Engineer - SecurEdge Networks
ACMP / ACDX / AWMP

http://www.securedgenetworks.com/secure-edge-networks-blog/
Frequent Contributor I
Posts: 70
Registered: ‎04-03-2007

Re: How to leverage device fingerprinting to a clients request

I have been playing with this and I do not see a way to keep the device they want to deny from getting an IP address. This is the major crux of their challenge is the large demand for IP addresses.
Michael McNamee
Sr. Network Engineer - SecurEdge Networks
ACMP / ACDX / AWMP

http://www.securedgenetworks.com/secure-edge-networks-blog/
Search Airheads
Showing results for 
Search instead for 
Did you mean: