Security

I've had some of my friends telling me horror stories recently about the amount of bandwidth that's being used by newly-deployed tablets in their environments.  For some, it's the heavy use of technology like Airplay.  For others, it's constant use of apps like Netflix (even though they aren't supposed to be doing that at work/school).

While the app issue probably can't sort itself out, I'm being asked if there are ways to restrict certain devices (like iPads) to a specific amount of bandwidth to prevent things like Airplay from causing havoc on the network.  I know that you can setup policies to do such a thing.  I've even seen admins that turn down the amount of available bandwidth on Android devices to something like 1k/sec in order to discourage use of those devices on the wireless network.

Do you restrict bandwidth by device type?  If so, do you favor or punish one device over another?  I don't want this to turn into a flame war of robot vs fruit.  I'm just curious if people with both in their networks are seeing one eating up more bandwidth than the other.

Hi

Good morning,

Yes you can :) (With Aruba) :smileyhappy:

• With DHCP fingerprint - You can assign access role  to each specific device type
• you can assign different bandwidth  contract to each access role (and also config the access role to fit the specific APS/ports u want to work for those devices)
• And I can think on other methods as well. - that's the magic,when u have a controller from Aruba - there is almost no limit to what magic we can do in the client environment. :)
• regarding your question - Usully the mobile APPS consume and work differently from computer apps... (some enterprise even installing different GW dedecited  the mobile ssid and limit this mobile ssid to mobile devices connectivity (again with DHCP fingerprint)
  

regards.

Me

---

@kdisc98 wrote:

Hi

Good morning,

Yes you can :) (With Aruba) :smileyhappy:

 

• With DHCP fingerprint - You can assign access role  to each specific device type
• you can assign different bandwidth  contract to each access role (and also config the access role to fit the specific APS/ports u want to work for those devices)
• And I can think on other methods as well. - that's the magic,when u have a controller from Aruba - there is almost no limit to what magic we can do in the client environment. :)
• regarding your question - Usully the mobile APPS consume and work differently from computer apps... (some enterprise even installing different GW dedecited  the mobile ssid and limit this mobile ssid to mobile devices connectivity (again with DHCP fingerprint)
  

 

regards.

 

Me

---

Fingerprinting is good... but it would be nice to be able to provide additional roles not just the device role...  Some users on mobile device should be able to have different policies than others... Device fingerprinting takes precedence over the other role....

It would be much better if it was 

[user role]

[device role]

I have added this to the "ideas" box....

I suspect the horror stories are to do with internet links being choked rather than something else?

I typically don't determine bandwidth limits by way of device type. I think that's a bit arbitrary and not very friendly. If you think about it, the user type really determines the bandwidth to be delivered (if you're going to enforce it) in most scenarios, and the device+user type determines threat level.

Let's ignore the security bit though...

In order to offer a suggestion, I would need to know a bit more about your environment.

1. What's your business type? Are you academia or something else?

2. Are you authenticating the devices and/or users on the wireless service? If so, how (including auth server type)? Captive portal, 802.1x/EAP?

3. Where is your bandwidth constraint most significant? I.e. ignore the WiFi and assuming this is internet traffic we're limiting, what's your outbound pipe speed?

4. What's the volume of users in each logical group?

5. How many APs in your estate?