Security

 View Only

  • 1.  How to Block Android Phones but alow Android Tablets - CPPM

    Posted Sep 02, 2020 12:29 PM

    Hi Community,

     

    we are in process of deploying new WiFi solution to our client and since they are school they are asking if we can setup ClearPass to Allow Tablet type devices, but reject mobile phones.

     

    It is a school so most of this is iPad and iPhone which is OK as ClearPass is quite accurate in differentiating in between them, however there are some Android Tablets and lots of Android Phones, which we would like to look after also.

     

    I've looked at profiling results from ClearPass and most of the Android Devices are fingerprinted the same they are very similar.

     

    Below is phone:

    Tukan640_0-1599063888716.png

    Tablet Devices:

    Tukan640_1-1599063957843.png

    Can something be done to automate better recognition of the Android Devices or are talking to block/all all? The Controllers are also Aruba, code 8.7.0.0.

     

    Any help is greatly appreciated. Thank you.

     

     



  • 2.  RE: How to Block Android Phones but alow Android Tablets - CPPM

    Posted Sep 03, 2020 08:50 AM

    That might be a challenge, as technically there is no difference between Android phones and tablets. It's mostly the physical size.

     

    In this example, you could use the hostname as it has -tab- in it for the tablet. But that might not be the case for all tablets, and people might be able to change the hostname as well.

     

    Others may have a clever idea...



  • 3.  RE: How to Block Android Phones but alow Android Tablets - CPPM

    Posted Sep 03, 2020 09:40 AM

    Hi Herman,

     

    thanks for your update on this. I was looking at the fingerprints, seen no difference so I knew this one could be a hard nut. I've prepared client for an option where they will have to fingerprint the device and manually change the "Device Name" in endpoint from "Samsung device" to "Android Tablet" manually to allow Android in.

     

    I can build a policy allowing Windows, MacOS, iPads and Android Tablets in.

     

    Tukan640_0-1599140279386.png

    But if anyone has better idea don't be shy to share This is one very good thing about Aruba.....community.

     

    Thank you,



  • 4.  RE: How to Block Android Phones but alow Android Tablets - CPPM

    Posted Sep 03, 2020 09:42 AM

    The way to do this would be to use the optional Onboard module in ClearPass to assign EAP-TLS certificates to Android tablets.  Only those devices would be allowed onto the network.



  • 5.  RE: How to Block Android Phones but alow Android Tablets - CPPM

    Posted Sep 03, 2020 09:45 AM

    Hi cjoseph,

     

    I've thought of it too but cost of onboard were not factored into the proposal so too late to do this. It is ClearPass Entry we are dealing with so limited on what can be done as it is.

     

    Thank you both, I really appreciate your inputs.



Related Content