Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Android on its own vlan?

This thread has been viewed 0 times

  • 1.  Android on its own vlan?

    Posted Dec 11, 2012 11:03 AM

    If I remember correctly i've seen that the aruba controller is capable of putting a device type onto its own vlan but the last couple times I looked for instructions i've failed miserably.  

     

    Can anyone point me in the right direction?     

     

    I would love to be able to force user android devices and maybe even iPhones and Blackberrys onto their own vlan.  

     

    Thanks!  

     

     



  • 2.  RE: Android on its own vlan?

    Posted Dec 11, 2012 01:50 PM

    Natively with ArubaOS you can detect device type by the fingerprinting the DHCP request.   However, because the process requires analyzing the DHCP request itself, the client is already assigned to a VLAN.  If you have ClearPass which has already profiled a device and its type, you could categorize enforcement profiles based upon device type to assign VLANs as part of the authentication process.



  • 3.  RE: Android on its own vlan?

    Posted Dec 12, 2012 05:57 AM

    im thinking out loud here, i havent build this or such. but cant you use the result of the DHCP finger print during the role / vlan assignment on the controller? or is it really just for reporting, from what i remember you can use to to deny access, so why not also change role / vlan?

     

    of course the client starts in a vlan and not every client likes being moved in a different vlan on the fly, but shouldn't it be possible?



  • 4.  RE: Android on its own vlan?

    Posted Dec 12, 2012 09:01 AM

    Ideally, yes.  But as you mentioned, the clients typically don't like the change, and often won't from my experience.   Would love to hear otherwise.

     

     



  • 5.  RE: Android on its own vlan?

    Posted Dec 13, 2012 03:47 PM

    I would be more then happy to experiment and try it if someone pointed me in the right direction :)  

     

    This deployment is at a school, we are lucky to have what we have clearpass probably isn't going to happen.  

     

    The problem i'm running into is all of these devices coming into one part of the building, then moving to another.  So with three different vlans there is a chance a single device will have a lease for 3 IP's.  

     

    Just trying to find a way to force some devices off onto a different dhcp scope to free up room for other devices. 

     

     



  • 6.  RE: Android on its own vlan?

    Posted Dec 13, 2012 03:51 PM

    In that particular scenario, do you require different VLANs for those parts of the building, or could you create a single virtual AP with a VLAN pool with multiple VLANs assigned?  This way, the device would get the same VLAN/IP through the pool no matter where they are; and you can add enough VLANs to the pool to satisfy your needs.