Security

I have a costumer that uses iPAD’s in production. They want to allow iPAD’s but disallow iPHONES (and all other smart devices) to the network.  They do not want to use MAC-authentication.  I have looked into BYOD and it looks as iPhones and iPads are sending the same DHCP fingerprint. But the controller sees the difference (client à device types). Do anyone know how to use User Rules for this?  

---

@Tom.christensen@nordialog.no wrote:

I have a costumer that uses iPAD’s in production. They want to allow iPAD’s but disallow iPHONES (and all other smart devices) to the network.  They do not want to use MAC-authentication.  I have looked into BYOD and it looks as iPhones and iPads are sending the same DHCP fingerprint. But the controller sees the difference (client à device types). Do anyone know how to use User Rules for this?  

---

You are correct; the DHCP signature for an iPad and iPhone are the same.  You can only use the DHCP fingerprint for a user derivation rule.  The controller sees the difference in devices by inspecting the browser string, but we cannot create a user derivation rule based on a browser string.  Browser strings are unreliable and can be faked, anyway, so that would not  be a reliable method to disallow access.

What are the iPads using for access to the network, currently?

The iPADs are using the WLAN with 802.1x authentication.

---

@Tom.christensen@nordialog.no wrote:

The iPADs are using the WLAN with 802.1x authentication.

---

Well, you have a two-fold issue:  Any handheld device can get on using 802.1x.

You might want to create an WPA2-PSK SSID specifically for iPads and other non-domain devices that you want on your network.  For your 802.1x SSID you might want to turn on "Enforce Machine Authentication" in the 802.1x profile to ensure that only domain devices get on that network.  Please check out the thread here:  http://community.arubanetworks.com/t5/Security-WIDS-WIPS-and-Aruba-ECS/Machine-amp-User-Authentication-iPhones-getting-online/m-p/1638/highlight/true#M18