Wireless Access

Reply
Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

DHCP fingerprint deny smartphone and tablet access but allow some to access

I have help my customer create a User-Derived Role to deny the smartphone and tablet access the "Office SSID", which is based on OS DHCPfingerprint. But now my customer want to allow few tablet user access to "Office SSID". I did try to create a policy to allow few tablet user allow to access "Office SSID" based on the device IP address, but have some problem:

 

1. Cannot straightaway connect to "Office SSID", need to connect to "Guest SSID" first then disconnect it and connect back to"Office    

    SSID" it work fine. "Guest SSID" authentication use WPA2 and "Office SSID" use 802.1x. (At Building A)

 

2. If user move to "Building B" the tablet user not able to access "Office SSID, because "Building B" doesn't have "Guest SSID" cause  

    office policy not allow.

 

Is there any other way to allow few tablet user (Android OS) to access "Office SSID" but still deny access for all other tablet user?

 

Please advise

Guru Elite
Posts: 21,026
Registered: ‎03-29-2007

Re: DHCP fingerprint deny smartphone and tablet access but allow some to access

If you are only allowing laptops on, why don't you turn on enforce machine authentication and then create exceptions in the local user database for the mobile devices that you want to allow on?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

Re: DHCP fingerprint deny smartphone and tablet access but allow some to access

[ Edited ]

cjoseph wrote:

If you are only allowing laptops on, why don't you turn on enforce machine authentication and then create exceptions in the local user database for the mobile devices that you want to allow on?

 


I cannot turn on Enforce Machine Authentication because my customer environment doesn't support it because have some problem when enable it. My customer just want allow few tablet user (Android OS) able to access and all other are not allow. My customer want allow Windows and Mac OS laptop to access the "Office SSID".

 

Just want to confirm If i create a Derive Role with DHCPfingerprint deny policy does it always take precedence the "allow policy" even i have define the IP address for the device? 

 

Please advise.

Guru Elite
Posts: 21,026
Registered: ‎03-29-2007

Re: DHCP fingerprint deny smartphone and tablet access but allow some to access

The rules that make changes based on DHCP fingerprint are user derivation rules.  Those would be the same rules that you would use to make exceptions for mac addresses of devices.  If you only had a device or two to manage, this would be workable.  More than that and it is not a good way to do it.  Basically you would end up doing DHCP fingerprinting for every type of device to ensure that they are allowed to connect.  I do not know enough about your setup to propose a workable solution.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: