Security

Reply
Occasional Contributor II
Posts: 77
Registered: ‎11-17-2011

Android on its own vlan?

If I remember correctly i've seen that the aruba controller is capable of putting a device type onto its own vlan but the last couple times I looked for instructions i've failed miserably.  

 

Can anyone point me in the right direction?     

 

I would love to be able to force user android devices and maybe even iPhones and Blackberrys onto their own vlan.  

 

Thanks!  

 

 

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: Android on its own vlan?

Natively with ArubaOS you can detect device type by the fingerprinting the DHCP request.   However, because the process requires analyzing the DHCP request itself, the client is already assigned to a VLAN.  If you have ClearPass which has already profiled a device and its type, you could categorize enforcement profiles based upon device type to assign VLANs as part of the authentication process.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Android on its own vlan?

im thinking out loud here, i havent build this or such. but cant you use the result of the DHCP finger print during the role / vlan assignment on the controller? or is it really just for reporting, from what i remember you can use to to deny access, so why not also change role / vlan?

 

of course the client starts in a vlan and not every client likes being moved in a different vlan on the fly, but shouldn't it be possible?

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: Android on its own vlan?

Ideally, yes.  But as you mentioned, the clients typically don't like the change, and often won't from my experience.   Would love to hear otherwise.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 77
Registered: ‎11-17-2011

Re: Android on its own vlan?

I would be more then happy to experiment and try it if someone pointed me in the right direction :)  

 

This deployment is at a school, we are lucky to have what we have clearpass probably isn't going to happen.  

 

The problem i'm running into is all of these devices coming into one part of the building, then moving to another.  So with three different vlans there is a chance a single device will have a lease for 3 IP's.  

 

Just trying to find a way to force some devices off onto a different dhcp scope to free up room for other devices. 

 

 

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: Android on its own vlan?

In that particular scenario, do you require different VLANs for those parts of the building, or could you create a single virtual AP with a VLAN pool with multiple VLANs assigned?  This way, the device would get the same VLAN/IP through the pool no matter where they are; and you can add enough VLANs to the pool to satisfy your needs.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: