Wireless Access

Reply
Frequent Contributor I
Posts: 126
Registered: ‎07-06-2010

Ability to dynamically change roles based on OS/Device fingerprint?

I dont think you can currently do this, but I think it would be cool to have the ability to dynamically change the role for the connected device based on its fingerprint after authentication happens.  Think of this like chained firewall rules.

 

Roles would be chained like this:

 

[OS/Device fingerprint]

[Radius Role]

 

 

Or better yet, allow more information to be populated in the internal database during radius authentication so you can send say filterID and group...

 

then you could have 

 

[OS/Device fingerprint]

[Group Role]

[Radius Role]

 

They would all be chained together with a deny at a higher level taking precedence.  Similar to how firewall chains work in most firewalls...

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Ability to dynamically change roles based on OS/Device fingerprint?

Some of this is possible using User Derived Rules.   Please see the DHCP Tech Note on the details:   http://www.arubanetworks.com/wp-content/uploads/AOS-DHCP-FingerPrint-AppNote.pdf.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Frequent Contributor I
Posts: 126
Registered: ‎07-06-2010

Re: Ability to dynamically change roles based on OS/Device fingerprint?

It is frustrating through as it does not appear you can chain them in any way.... Meaning I really cant give a power user on a mobile device anything different than the mobile device policy... As it says the dhcp fingerprint takes over any user derived roles...

 

Thanks for the information, I will play with this a bit as it looks quite interesting.

 

-Dan

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Ability to dynamically change roles based on OS/Device fingerprint?

That is correct.   With ClearPass there are some added abilities with device types and profiling; but with ArubaOS it is limited as you have discovered.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Frequent Contributor I
Posts: 126
Registered: ‎07-06-2010

Re: Ability to dynamically change roles based on OS/Device fingerprint?

I think it would be a really cool feature to be able to combine roles :)  including the ability for user roles from radius to send multiple defined roles, so you can send multiple groups over to the controller for more dynamic control of users, 

 

I understand that some of this is built into clearpass, but with my tight budget I just dont think that is an option ;)

Search Airheads
Showing results for 
Search instead for 
Did you mean: