Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Frequent Contributor I

Windows XP

Hello

 

I would like a suggestion on how to identify windows xp on wireless using the controllers without clearpass and assigning them a new vlan. Should i be able to accomplish this with fingerprinting on the controller?

 

Thank you

Nils

22 REPLIES
Guru Elite

Re: Windows XP

Yes.  Start with Chapter 2:  http://www.arubanetworks.com/vrd/AOSDHCPFPAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm

 

You will need ArubaOS 6.2 and above to switch VLANs successfully.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Windows XP

You can create a UDR rule using the following fingerprint if you would like to place them in a particular role or VLAN

 

And the controller should already identifing those show user-table | include <  "Window XP" >

2014-03-21 14_54_51-www.arubanetworks.com_wp-content_uploads_AOS-DHCP-FingerPrint-AppNote.pdf.png

If you have Airwave you should able to identify these as well and run a report

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: Windows XP

Thank you

 

On Airwave i can see the number of clients currently running windows xp. However, it does not validate the fingerprinting option, am i correct?

Frequent Contributor I

Re: Windows XP

Thank you

 

I am running 6.1.3.10 but reading the doc it should work on this code.

Re: Windows XP

Airwave get this information from the controller through snmp,

That AOS code should work
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Windows XP

nislau03,

 

If you are using no encryption and want to put a Windows XP device into a different VLAN, your current code will work.  If you are using any type of encryption, there was a bug where you could not change VLANs with DHCP fingerprinting if the device is using encryption.  That is bug#61935  and it is fixed in ArubaOS 6.2.  In the release notes attached.

 

 

dhcp-finger.png

 

Using a user derivation rule to change the role or VLAN of a device is different from what is shown in Airwave or even the controller.  The device that is shown in Airwave or in the controller is populated via the browser agent that the device uses.  Using DHCP fingerprinting to put a device into a different VLAN or role using the DHCP fingerprint.  The DHCP fingerprinting Validated Reference Design is here: http://www.arubanetworks.com/vrd/AOSDHCPFPAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor I

Re: Windows XP

Thank you for tip about the bug save me hours of troubleshooting.

 

 

Regular Contributor I

Re: Windows XP

Taking this a bit further is there a way, even if you are using ecryption, to have the UDR redirect the user to a web page that would say something like "sorry your device is Win XP and that is no longer allowed on our network"? Can mswitch be used somehow?

 

Great timely info!

 

Mike

Frequent Contributor I

Re: Windows XP

There is option to include a captive portal profile to the role derivated. I havent tested to see if it will redirect the user to a captiver portal.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: