Security

Reply
Occasional Contributor II
Posts: 14
Registered: ‎05-02-2011

Help with AmigoPod

Hello,

 

Can someone please help me to understand if AmigoPod will help in the following scenario? I have never configured AmigoPod before so this will be my first time.

 

I have a client who will be installing an Aruba Wireless solution into a private school which has a little over 600 students.

1 x 3200 Controller

24 x AP-105 Access Points

 

No problem here, been there done that... :)

 

He wants to implement an AmigoPod server so that potentially ALL 600+ students can bring in their own mobile device (iPads, and all the other flavors of tablets), and have them automatically self-register onto either a Guest Portal or the internal LAN depending on what the device is.

 

Is this something that AmigoPod can do or is it ONLY for registering devices onto a Guest network?

 

That is, can it also allow devices (Apple, Blackberry, Android, etc) to automatically register itself onto the internal LAN and not just a Guest network??

 

Also, how does licensing work? Do they get installed onto the AmigoPod server or the Wireless AP Controller?

 

Thanks,

 

Alan H.

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Help with AmigoPod

I'm pretty sure that Amigopod can do it all for you.

 

Think I recently saw new topics on this on the board, in addition to some very good VRD's you should check.

 

http://arubanetworks.com/vrd

 

* Amigopod and ArubaOS Integration

* ArubaOS DHCP Fingerprinting

 

..John


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II
Posts: 14
Registered: ‎05-02-2011

Re: Help with AmigoPod

John,

 

Thanks for replying. The problem is with these documents that they ALL reference guest access, or guest accounts, or something to do with guests.

 

It does not specifically say that valid, authenticated, non-guest users on a domain can use the AmigoPod to logon to the internal LAN.

 

I understand that this is a Visitor management solution, but for my client's situation, I need it to be able to work for both guests and non-guests.

 

I'll look through the links you sent to see if it mentions anything about what I am trying to do. Even if it doesn't it looks like these will come in quite handy.

 

Thanks again for your reply :)

 

Cheers!

 

Alan

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Help with AmigoPod

Amigopod can absolutely handle non-guest logins as well. You can have the non-guest accounts locally on Amigopod or point Amigopod to a RADIUS or LDAP server. It is extremely versatile.

Thanks,

Zach Jennings
Occasional Contributor II
Posts: 14
Registered: ‎05-02-2011

Re: Help with AmigoPod

Excellent!!

 

Thanks Zach!!

 

Alan

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Help with AmigoPod

See page 87, External Authentication Servers, in the Amigopod Deployment Guide, http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=6851

Thanks,

Zach Jennings
Occasional Contributor II
Posts: 14
Registered: ‎05-02-2011

Re: Help with AmigoPod

Ahhh....yes...i see....

 

Thank you!

Occasional Contributor II
Posts: 14
Registered: ‎05-02-2011

Re: Help with AmigoPod

Zach,

 

Just one more question. So my non-guests' devices will also be able to "self-register" onto the appropriate SSID correct?

 

Self-register meaning grab a certificate and then be redirected onto the "correct" SSID that has access to the internal resources.

 

Alan

 

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Help with AmigoPod

I believe you are talking about EAP-TLS. It was my understanding that this is the case. I thought there was documentation on how to set this up, but I can't seem to find it.

 

I know I've set it up for iPads in the past as a test (last year), so that our domain users could get a cert for their device, and connect their iPad to an EAP-TLS ssid. Then you can revoke the cert, if the iPad gets stolen.

Thanks,

Zach Jennings
Moderator
Posts: 150
Registered: ‎11-14-2011

Re: Help with AmigoPod

Zac is correct in saying that Amigopod supports a BYOD function called Mobile Device Provisioning Service (MDPS) and as of today this is design to support the enrollment and provisioning of Apple iOS devices leveraging the Apple Over-the-Air Provisioning API and SCEP based certificate enrollment. This allows a unique device client certificate to be pushed transparently to each device and this credential is then used for all future authentication and authorization transactions on your secure network.

 

This can be all tightly integrated into your Active Directory environment with the contents of the client certificate being leverage to differentiate users in your AD. For example, you could have an iPad enrolled by an executive get a completely different firewall role and bandwidth contract than a regular employee on their iPhone whilst connecting to the secure network.

 

And what about devices other than Apple iOS I hear you ask . . . . great question and watch this space. More news on this topic coming very soon.

Search Airheads
Showing results for 
Search instead for 
Did you mean: