Controller Based WLANs

How device type classification works in Aruba controller and how to verify if its working correctly?

Aruba Employee

This article applies to all the controller models and OS version

 

Device Type Classification:

 

 

When you select this option, the controller will parse user-agent strings and attempt to identify the type of device connecting to the AP. When the device type classification is enabled, the Global client table shown in the Monitoring>Network > All WLAN Clients window shows each client’s device type, if that client device can be identified.

Execute the command show user-table IP <IP address of the user> and check the filed "device type"


(ARUBA) #show user-table ip 10.64.20.18 
 
Name: host/GKAULDHAR-E6420.aspect.com, IP: 10.64.20.18, MAC: c0:18:85:3a:50:07, Role: authenticated, ACL: 113/0, Age: 00:05:43 
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-TLS, server: NPSSP-169.136.196.189 
Bandwidth = No Limit 
Bandwidth = No Limit 
Role Derivation: default for authentication type 802.1x 
VLAN Derivation: Default VLAN 
Idle timeout (global): 3600 seconds, Age: 00:00:00 
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0 
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0, vpnflags=0, u_stm_ageout=1 
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0 
IP User termcause: 1 
phy_type: a-HT-40, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 14 
Vlan default: 250, Assigned: 250, Current: 250 vlan-how: 1 DP assigned vlan:0 
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0 
SlotPort=0x2100, Port=0x10055 (tunnel 85) 
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a 
Current Role name: authenticated, role-how: 1, L2-role: authenticated, L3-role: authenticated 
Essid: Employee, Bssid: d8:c7:c8:f7:e3:59 AP name/group: SPcomms-room/Stockley-Park-2 Phy-type: a-HT-40 
RadAcct sessionID:n/a 
RadAcct Traffic In 10660/1815578 Out 5207/4667169 (0:10660/0:0:27:46106,0:5207/0:0:71:14113) 
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
Profiles AAA:Stockley-Park-Employee-Portal, dot1x:Dot1X-NPS-server, mac: CP: def-role:'logon' sip-role:'' via-auth-profile:'' 
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 0 
IP Born: 1382434139 (Tue Oct 22 10:28:59 2013) 
Core User Born: 1382434136 (Tue Oct 22 10:28:56 2013) 
Upstream AP ID: 0, Downstream AP ID: 0 
Device Type: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) 
L3-Auth Session Timeout from Radius: 0 
Mac-Auth Session Timeout Value from Radius: 0 
Dot1x Session Timeout Value from Radius: 0 
CoA Session Timeout Value from Radius: 0 
Dot1x Session Term-Action Value from Radius: Default 
Reauth-interval from role: 0 
Number of reauthentication attempts: mac reauth 0, dot1x reauth 0 
Address is from DHCP: yes 

(LHRR1-DC-WIFI1) #show user-table | include 10.64.20.18 
 
10.64.20.18 c0:18:85:3a:50:07 host/GKAULDHAR-E6420.aspect.com authenticated 00:05:47 802.1x SPcomms-room Wireless Employee/d8:c7:c8:f7:e3:59/a-HT Stockley-Park-Employee-Portal tunnel Win 7 GKAULDHAR-E6420 
 

Based on the above device string, Aruba controller classifies the device type based on the value (windows NT)

IN the above example, MSIE 9.0 denotes client is using Internet Explorer 9 and Windows NT 6.1 Denotes the OS as Win 7. 

We could also take a packet capture on the client while accessing a site in the browser. Open the packet capture file and check the HTTP packet and verify the UA string. 
 
rtaImage (2).jpg
 

 

Version history
Revision #:
2 of 2
Last update:
‎07-17-2014 10:36 AM
Updated by:
 
Labels (1)
Tags (1)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.