01-18-2012 02:44 PM
Can someone please help me to understand if AmigoPod will help in the following scenario? I have never configured AmigoPod before so this will be my first time.
I have a client who will be installing an Aruba Wireless solution into a private school which has a little over 600 students.
1 x 3200 Controller
24 x AP-105 Access Points
No problem here, been there done that... :)
He wants to implement an AmigoPod server so that potentially ALL 600+ students can bring in their own mobile device (iPads, and all the other flavors of tablets), and have them automatically self-register onto either a Guest Portal or the internal LAN depending on what the device is.
Is this something that AmigoPod can do or is it ONLY for registering devices onto a Guest network?
That is, can it also allow devices (Apple, Blackberry, Android, etc) to automatically register itself onto the internal LAN and not just a Guest network??
Also, how does licensing work? Do they get installed onto the AmigoPod server or the Wireless AP Controller?
01-19-2012 07:00 AM
I'm pretty sure that Amigopod can do it all for you.
Think I recently saw new topics on this on the board, in addition to some very good VRD's you should check.
* Amigopod and ArubaOS Integration
* ArubaOS DHCP Fingerprinting
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
01-19-2012 07:08 AM
Thanks for replying. The problem is with these documents that they ALL reference guest access, or guest accounts, or something to do with guests.
It does not specifically say that valid, authenticated, non-guest users on a domain can use the AmigoPod to logon to the internal LAN.
I understand that this is a Visitor management solution, but for my client's situation, I need it to be able to work for both guests and non-guests.
I'll look through the links you sent to see if it mentions anything about what I am trying to do. Even if it doesn't it looks like these will come in quite handy.
Thanks again for your reply :)
01-19-2012 07:13 AM
Amigopod can absolutely handle non-guest logins as well. You can have the non-guest accounts locally on Amigopod or point Amigopod to a RADIUS or LDAP server. It is extremely versatile.
01-19-2012 07:20 AM
See page 87, External Authentication Servers, in the Amigopod Deployment Guide, http://support.arubanetworks.com/DOCUMENTATION/tab
01-19-2012 07:30 AM
Just one more question. So my non-guests' devices will also be able to "self-register" onto the appropriate SSID correct?
Self-register meaning grab a certificate and then be redirected onto the "correct" SSID that has access to the internal resources.
01-19-2012 08:13 AM
I believe you are talking about EAP-TLS. It was my understanding that this is the case. I thought there was documentation on how to set this up, but I can't seem to find it.
I know I've set it up for iPads in the past as a test (last year), so that our domain users could get a cert for their device, and connect their iPad to an EAP-TLS ssid. Then you can revoke the cert, if the iPad gets stolen.
01-19-2012 09:12 AM
Zac is correct in saying that Amigopod supports a BYOD function called Mobile Device Provisioning Service (MDPS) and as of today this is design to support the enrollment and provisioning of Apple iOS devices leveraging the Apple Over-the-Air Provisioning API and SCEP based certificate enrollment. This allows a unique device client certificate to be pushed transparently to each device and this credential is then used for all future authentication and authorization transactions on your secure network.
This can be all tightly integrated into your Active Directory environment with the contents of the client certificate being leverage to differentiate users in your AD. For example, you could have an iPad enrolled by an executive get a completely different firewall role and bandwidth contract than a regular employee on their iPhone whilst connecting to the secure network.
And what about devices other than Apple iOS I hear you ask . . . . great question and watch this space. More news on this topic coming very soon.