Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Contributor II
Posts: 140
Registered: ‎01-04-2012
Windows XP

Hello

 

I would like a suggestion on how to identify windows xp on wireless using the controllers without clearpass and assigning them a new vlan. Should i be able to accomplish this with fingerprinting on the controller?

 

Thank you

Nils

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007
Re: Windows XP

Yes.  Start with Chapter 2:  http://www.arubanetworks.com/vrd/AOSDHCPFPAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm

 

You will need ArubaOS 6.2 and above to switch VLANs successfully.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,238
Registered: ‎07-20-2011
Re: Windows XP

You can create a UDR rule using the following fingerprint if you would like to place them in a particular role or VLAN

 

And the controller should already identifing those show user-table | include <  "Window XP" >

2014-03-21 14_54_51-www.arubanetworks.com_wp-content_uploads_AOS-DHCP-FingerPrint-AppNote.pdf.png

If you have Airwave you should able to identify these as well and run a report

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 140
Registered: ‎01-04-2012
Re: Windows XP

Thank you

 

On Airwave i can see the number of clients currently running windows xp. However, it does not validate the fingerprinting option, am i correct?

Contributor II
Posts: 140
Registered: ‎01-04-2012
Re: Windows XP

Thank you

 

I am running 6.1.3.10 but reading the doc it should work on this code.

MVP
Posts: 4,238
Registered: ‎07-20-2011
Re: Windows XP
Airwave get this information from the controller through snmp,

That AOS code should work
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007
Re: Windows XP
[ Edited ]

nislau03,

 

If you are using no encryption and want to put a Windows XP device into a different VLAN, your current code will work.  If you are using any type of encryption, there was a bug where you could not change VLANs with DHCP fingerprinting if the device is using encryption.  That is bug#61935  and it is fixed in ArubaOS 6.2.  In the release notes attached.

 

 

dhcp-finger.png

 

Using a user derivation rule to change the role or VLAN of a device is different from what is shown in Airwave or even the controller.  The device that is shown in Airwave or in the controller is populated via the browser agent that the device uses.  Using DHCP fingerprinting to put a device into a different VLAN or role using the DHCP fingerprint.  The DHCP fingerprinting Validated Reference Design is here: http://www.arubanetworks.com/vrd/AOSDHCPFPAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 140
Registered: ‎01-04-2012
Re: Windows XP

Thank you for tip about the bug save me hours of troubleshooting.

 

 

Regular Contributor I
Posts: 236
Registered: ‎04-03-2007
Re: Windows XP

Taking this a bit further is there a way, even if you are using ecryption, to have the UDR redirect the user to a web page that would say something like "sorry your device is Win XP and that is no longer allowed on our network"? Can mswitch be used somehow?

 

Great timely info!

 

Mike

Contributor II
Posts: 140
Registered: ‎01-04-2012
Re: Windows XP

There is option to include a captive portal profile to the role derivated. I havent tested to see if it will redirect the user to a captiver portal.

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: