ArubaOS and Controllers

This community is currently in a read-only state due to a maintenance window. For more info click here
Occasional Contributor II

Policy to block Windows Users

I have a new requirement to be implemented and that being the windows users should not be allowed to associate with any Access point using 6.0 OS Finger printing feature. Has any one done this before? or if this is even possible?
Guru Elite

Re: Policy to block Windows Users

First, you would create a role called "block-role" which has a firewall policy blocking traffic. This role would be to place windows users into once they attach. Then you would create a user derivation rule that looks for the Windows DHCP option and then would move users into that role. Next, you would apply that user derivation rule to the AAA profile of the SSID you want to block users:

config t
aaa derivation-rules user Windows
set role condition dhcp-option starts-with "37010F03062C2E2F1" set value block-role
aaa profile
user-derivation-rules Windows

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide