Security

Reply
New Contributor
Posts: 3
Registered: ‎03-11-2014

Onboarding Gaming Consoles

Hello everyone,

 

I'm very new to Aruba and enterprise wifi, as a whole. I've searched the boards and found a couple posts, but the information doesn't seem to match what we have going here.

 

We are a smallish private liberal arts college. (Enrollment about 1300) Right now, I have a network running that is secure with 802.1x authentication against our Domain Controllers.

 

I have a guest network that has captive portal with email registration.

 

We are running Aruba 7220 conrollers, a mix of 105 and 135 APs, and Clearpass with Clearpass Guest. We also use AirWave for monitoring.

 

I am looking to set up a 3rd SSID to handle "dumb" devices. This would include Chromecast devices, wireless webcams and video game consoles. Is it best to put that traffic on it's own SSID, or use roles to lump that in on the Guest? If the latter, does anyone have any guidance they can point me towards on how to modify my existing rules to allow that? If the prior, Is it just setting up another SSID in my controller?

 

Thank you!

Guru Elite
Posts: 8,639
Registered: ‎09-08-2010

Re: Onboarding Gaming Consoles

[ Edited ]

You would use an existing open or PSK network. A separate SSID is not necessary. ClearPass guest has a "Guest Device" (MACTrac) feature which allows you to manually register devices that are not 802.1X or browser capable. When those devices authenticate to the network via MAC-Auth, they bypass the captive portal and are assigned the appropriate role.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎03-11-2014

Re: Onboarding Gaming Consoles

I'm following this post: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Guide-Using-ClearPass-to-steer-users-to-secure-networks-mhc/m-p/144823

 

But I've also come across where it was stated that current best practice is not levaraging more than 2 networks?

Guru Elite
Posts: 8,639
Registered: ‎09-08-2010

Re: Onboarding Gaming Consoles

You should design your networks based on encryption type/authentication type. (WPA2-Enterprise 802.1X, WPA2-PSK, open)

 

All of the other magic can be done on the backend in ClearPass.

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,639
Registered: ‎09-08-2010

Re: Onboarding Gaming Consoles

These screenshots should help get you started:

 

douggiefresh1.PNG

 

douggiefresh2.PNG

 

douggiefresh3.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎03-11-2014

Re: Onboarding Gaming Consoles

Tim, thanks for the great info! One quick question. The screenshots show a Game Console Role.

 

What do your conditions on that role look like?

Guru Elite
Posts: 8,639
Registered: ‎09-08-2010

Re: Onboarding Gaming Consoles

It simply returns the user role "GAME-CONSOLE" to the controller. You can then create firewall rules in that role on the controller (or the controller can download them from ClearPass)


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: