Security

last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Help with AmigoPod

This thread has been viewed 0 times

  • 1.  Help with AmigoPod

    Posted Jan 18, 2012 05:44 PM

    Hello,

     

    Can someone please help me to understand if AmigoPod will help in the following scenario? I have never configured AmigoPod before so this will be my first time.

     

    I have a client who will be installing an Aruba Wireless solution into a private school which has a little over 600 students.

    1 x 3200 Controller

    24 x AP-105 Access Points

     

    No problem here, been there done that... :)

     

    He wants to implement an AmigoPod server so that potentially ALL 600+ students can bring in their own mobile device (iPads, and all the other flavors of tablets), and have them automatically self-register onto either a Guest Portal or the internal LAN depending on what the device is.

     

    Is this something that AmigoPod can do or is it ONLY for registering devices onto a Guest network?

     

    That is, can it also allow devices (Apple, Blackberry, Android, etc) to automatically register itself onto the internal LAN and not just a Guest network??

     

    Also, how does licensing work? Do they get installed onto the AmigoPod server or the Wireless AP Controller?

     

    Thanks,

     

    Alan H.


    #3200


  • 2.  RE: Help with AmigoPod

    Posted Jan 19, 2012 10:00 AM

    I'm pretty sure that Amigopod can do it all for you.

     

    Think I recently saw new topics on this on the board, in addition to some very good VRD's you should check.

     

    http://arubanetworks.com/vrd

     

    * Amigopod and ArubaOS Integration

    * ArubaOS DHCP Fingerprinting

     

    ..John



  • 3.  RE: Help with AmigoPod

    Posted Jan 19, 2012 10:09 AM

    John,

     

    Thanks for replying. The problem is with these documents that they ALL reference guest access, or guest accounts, or something to do with guests.

     

    It does not specifically say that valid, authenticated, non-guest users on a domain can use the AmigoPod to logon to the internal LAN.

     

    I understand that this is a Visitor management solution, but for my client's situation, I need it to be able to work for both guests and non-guests.

     

    I'll look through the links you sent to see if it mentions anything about what I am trying to do. Even if it doesn't it looks like these will come in quite handy.

     

    Thanks again for your reply :)

     

    Cheers!

     

    Alan



  • 4.  RE: Help with AmigoPod

    EMPLOYEE
    Posted Jan 19, 2012 10:13 AM

    Amigopod can absolutely handle non-guest logins as well. You can have the non-guest accounts locally on Amigopod or point Amigopod to a RADIUS or LDAP server. It is extremely versatile.



  • 5.  RE: Help with AmigoPod

    Posted Jan 19, 2012 10:15 AM

    Excellent!!

     

    Thanks Zach!!

     

    Alan



  • 6.  RE: Help with AmigoPod

    EMPLOYEE
    Posted Jan 19, 2012 10:20 AM

    See page 87, External Authentication Servers, in the Amigopod Deployment Guide, http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=6851



  • 7.  RE: Help with AmigoPod

    Posted Jan 19, 2012 10:25 AM

    Ahhh....yes...i see....

     

    Thank you!



  • 8.  RE: Help with AmigoPod

    Posted Jan 19, 2012 10:30 AM

    Zach,

     

    Just one more question. So my non-guests' devices will also be able to "self-register" onto the appropriate SSID correct?

     

    Self-register meaning grab a certificate and then be redirected onto the "correct" SSID that has access to the internal resources.

     

    Alan

     



  • 9.  RE: Help with AmigoPod

    EMPLOYEE
    Posted Jan 19, 2012 11:13 AM

    I believe you are talking about EAP-TLS. It was my understanding that this is the case. I thought there was documentation on how to set this up, but I can't seem to find it.

     

    I know I've set it up for iPads in the past as a test (last year), so that our domain users could get a cert for their device, and connect their iPad to an EAP-TLS ssid. Then you can revoke the cert, if the iPad gets stolen.



  • 10.  RE: Help with AmigoPod

    Posted Jan 19, 2012 12:12 PM

    Zac is correct in saying that Amigopod supports a BYOD function called Mobile Device Provisioning Service (MDPS) and as of today this is design to support the enrollment and provisioning of Apple iOS devices leveraging the Apple Over-the-Air Provisioning API and SCEP based certificate enrollment. This allows a unique device client certificate to be pushed transparently to each device and this credential is then used for all future authentication and authorization transactions on your secure network.

     

    This can be all tightly integrated into your Active Directory environment with the contents of the client certificate being leverage to differentiate users in your AD. For example, you could have an iPad enrolled by an executive get a completely different firewall role and bandwidth contract than a regular employee on their iPhone whilst connecting to the secure network.

     

    And what about devices other than Apple iOS I hear you ask . . . . great question and watch this space. More news on this topic coming very soon.