Wireless Access

Reply
Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

802.1x authentication block access based on device operating system

Can 802.1x authentication block access based on device operating system such as android and Apple IOS or windows?

 

 

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: 802.1x authentication block access based on device operating system

use DHCP finger-printing

 

and to block such things you need to have PEF license.

 

refer to this document: http://www.arubanetworks.com/wp-content/uploads/AOS-DHCP-FingerPrint-AppNote.pdf

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication block access based on device operating system

I have create User Rules as attached screen capture. But those Apple iOS and Android user still get the "Authenticated" role instead of "BYOD_Deny" role. Which iOS and Android device still "Authenticated" role from 802.1x Authentication Default Role.

 

I already define the User Derivation Rules under "AAA Profile". 

 

Please advise. 

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: 802.1x authentication block access based on device operating system


jordontin wrote:

I have create User Rules as attached screen capture. But those Apple iOS and Android user still get the "Authenticated" role instead of "BYOD_Deny" role. Which iOS and Android device still "Authenticated" role from 802.1x Authentication Default Role.

 

I already define the User Derivation Rules under "AAA Profile". 

 

Please advise. 


Are you sure you have it attached to the correct AAA profile?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication block access based on device operating system

Yes, it was attach to correct AAA profile. Because for windows laptop it can get the role for "User Derivation Rules" but for Apples iOS and Android device was not.

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: 802.1x authentication block access based on device operating system

Did you enable dhcp debugging to see if the users match the dhcp fingerprint or not?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication block access based on device operating system

Ok. later i will try on that and will update the status.

Frequent Contributor I
Posts: 177
Registered: ‎05-18-2011

Re: 802.1x authentication block access based on device operating system

Manage to block base on OS type by adding some Android DHCP fingerprinting as below website link:

 

http://www.educause.edu/discuss/networking-and-emerging-technologies/wireless-local-area-networking-constituent-group/aruba-dhcp-fingerprinting

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: