Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Occasional Contributor II

Re: Dorm networks

We have a specific open SSID for headless devices.  We hide the SSID and have it locked down in Clearpass so that only devices that are registered in Clearpass Guest are allowed onto the network.  In addition to the forced registration of devices rather than having an allow rule for specific device types we block certian devices such as smartdevices and computers.  That effectively forces all the devices on that network to be headless devices.  When the device is registered in Clearpass Guest the only role allowed (for the customer) is a registered device which we have set as the default.  We have specific roles in our controllers for that SSID as well as having it segregated onto its own separate vlan.  We do have airgroup enabled in our network.  

 

The one major hiccup that we have run into is that all Amazon devices register as a Kindle Fire.  The Fire is considered a smart device.  This causes problems for the Amazon Echo.  There are pre-built categories in Clearpass for the echo but the device profiling doesn't seem to work and as far as we have been able to tell it is a limitation on the Amazon side of things rather than Clearpass.

Re: Dorm networks


@Hephzibah11wrote:

We have a specific open SSID for headless devices.  We hide the SSID and have it locked down in Clearpass so that only devices that are registered in Clearpass Guest are allowed onto the network.  In addition to the forced registration of devices rather than having an allow rule for specific device types we block certian devices such as smartdevices and computers.  That effectively forces all the devices on that network to be headless devices.  When the device is registered in Clearpass Guest the only role allowed (for the customer) is a registered device which we have set as the default.  We have specific roles in our controllers for that SSID as well as having it segregated onto its own separate vlan.  We do have airgroup enabled in our network.  

 

The one major hiccup that we have run into is that all Amazon devices register as a Kindle Fire.  The Fire is considered a smart device.  This causes problems for the Amazon Echo.  There are pre-built categories in Clearpass for the echo but the device profiling doesn't seem to work and as far as we have been able to tell it is a limitation on the Amazon side of things rather than Clearpass.


We have not yet enabled the DHCP part of device profiling for ClearPass so we currently do not use Profiles. 

Have you opened a TAC case to see if Amazon Echo can be differentiated from the Kindle Fire? The Kindle e-reader should also be profiled differently.


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Occasional Contributor II

Re: Dorm networks

We have not seen any Kindle e-readers that seem to have problems.  We do not currently have one to test with so I am not sure if it will profile as a kindle fire or a kindle e-reader.  The profiling rule is not set up specifically as a fire it is as a Amazon->Kindle.  The kindle falls into the "smartdevice" category.  It is a simple change to put it into the home audio/video category and set it as either an echo or a fire tv.  We have not opened a TAC case as it has not been a high-priority issue as of yet.  As far as we can tell the kindle fire, the echo, and the fire tv all run slightly different versions of fire os and that is why they all profile in the same category of device.

Occasional Contributor II

Re: Dorm networks

Would you be willing to share some of this with me offline? I am working with Aruba support and believe we got most of it done but you raised some questions I would be interested in.
Occasional Contributor I

Re: Dorm networks

Wow! Seems like most of you are doing .1x in the dorms as well. Are all the devices falling to the same vlan? headless & .1x?  Our main issue is the Chrome/google casting that the students want, as they fall into 2 separate vlans, and it seems like with every update of an app or Chromecast, something breaks.

 

I currently have the main SSID on .1x for the students, and require them to register their headless devices in clearpass, but have so many issues with these extra devices and the home-functionality that the students want to have.  Hence the request to make it "more like home" for them. Of course, when they go to their classrooms, they're back on the .1x SSID.

Highlighted
Occasional Contributor II

Re: Dorm networks

What we found is that after enabling Airgroup if the user enables guest mode they should be able to see and use both google home/chromecast devices without issue.  As I mentioned previously we have our "entertainment device" netowrk setup as completely open with the only security being through clearpass, segregated vlan, and hidden network.  Students phones, laptops, etc are still on the .1x vlan and the headless devicecs are on a open network segregated by vlan that has registration required through clearpass guest.  We have seen a few google devices that need to be re-profiled as chromecast but those are few and seemingly far between

Occasional Contributor II

Re: Dorm networks


dmattox@millsaps.eduwrote:
Would you be willing to share some of this with me offline? I am working with Aruba support and believe we got most of it done but you raised some questions I would be interested in.

I would be more than happy to.  Sent you a DM

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: