Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎04-19-2012

how to create the user derivation-rules to control the devices ?

[ Edited ]

I want to allow one andriod to access the internet, other andriods are not allowed to access to  Internet .

Is it not possible to use  the role-derivation on the anriod ? how to do it ? I need your help , thank you!

 

platform  :

aruba os 6.1.x

 

method :

dhcp fingerprint

 

 

 

my english is so poor . 

MVP
Posts: 3,015
Registered: ‎10-25-2011

Re: how to create the user derivation-rules to control the devices ?

If you want to give different permissions to different androids you need clearpass

 

If you use fingerprint the rule will apply to all the androids..

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: how to create the user derivation-rules to control the devices ?


lmxc001 wrote:

I want to allow one andriod to access the internet, other andriods are not allowed to access to  Internet .

Is it not possible to use  the role-derivation on the anriod ? how to do it ? I need your help , thank you!

 

platform  :

aruba os 6.1.x

 

method :

dhcp fingerprint

 

 

 

my english is so poor . 


If you want only a single device to go to the internet, maybe you can do a user derivation rule which places a device that begins with that mac address in a specific role.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-19-2012

Re: how to create the user derivation-rules to control the devices ?

I  have used this to deny my andriods with  dhcpfingerprint,but I want to allow to someone to access to the internet。There I have tried to create rules with mac-address to allow my andriod to access to internet ,at the same time , the other devices are allowed to access to internet ,too.This is what I don't  want to see.   I don't known you can understand my words. 

 

policies :

ip access-list session mdac
user any udp 68 deny log
user any svc-icmp permit

user any svc-dns permit

 

aaa derivation-rules user devices
set role condition macaddr equals "84:74:2a:f9:ee:af" set-value authenticated description "myandriod"
set role condition dhcp-option equals "0c616E64726F69645F" set-value devices-ctrl description "andriod 2.3"
set role condition dhcp-option equals "3c6468637063642034" set-value devices-ctrl description "andriod 2"
set role condition dhcp-option equals "37010f03062c2e2f1f217" set-value devices-ctrl description "unkown1"
set role condition dhcp-option equals "37012103060f1c333a3b" set-value devices-ctrl description "andriod4.x"

 

my device's derivation-rules is devices ,but it can't access to internet.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: how to create the user derivation-rules to control the devices ?

What criteria do you want to use to determine who can go to the internet? Is it username? Is it MAC address? Is it operating system? With user rules, you can only use one criteria to determine what role a device gets. All of the other criteria are ignored.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-19-2012

Re: how to create the user derivation-rules to control the devices ?

Maybe it's mac-address . mac authentication can solve my problem,but it's complex to collect the macs. 

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: how to create the user derivation-rules to control the devices ?

Well,

 

How many devices do you need to make this exception for?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-19-2012

Re: how to create the user derivation-rules to control the devices ?

Some people is guest ,I can't identify them when they access to internet 。It's hard to limit  the guest。

Frequent Contributor I
Posts: 179
Registered: ‎05-18-2011

Re: how to create the user derivation-rules to control the devices ?

At the moment you have how many broadcasted SSID

 

It is possible for you create a SSID just specially for Guest or visitor? Then create or assign a VLAN to the guest and just only allow go to internet, don't have access right to access your office network. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: