Security

last person joined: 6 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboarding Gaming Consoles

This thread has been viewed 4 times

  • 1.  Onboarding Gaming Consoles

    Posted Apr 08, 2014 04:57 PM

    Hello everyone,

     

    I'm very new to Aruba and enterprise wifi, as a whole. I've searched the boards and found a couple posts, but the information doesn't seem to match what we have going here.

     

    We are a smallish private liberal arts college. (Enrollment about 1300) Right now, I have a network running that is secure with 802.1x authentication against our Domain Controllers.

     

    I have a guest network that has captive portal with email registration.

     

    We are running Aruba 7220 conrollers, a mix of 105 and 135 APs, and Clearpass with Clearpass Guest. We also use AirWave for monitoring.

     

    I am looking to set up a 3rd SSID to handle "dumb" devices. This would include Chromecast devices, wireless webcams and video game consoles. Is it best to put that traffic on it's own SSID, or use roles to lump that in on the Guest? If the latter, does anyone have any guidance they can point me towards on how to modify my existing rules to allow that? If the prior, Is it just setting up another SSID in my controller?

     

    Thank you!


    #AP135
    #7220


  • 2.  RE: Onboarding Gaming Consoles

    EMPLOYEE
    Posted Apr 08, 2014 04:59 PM

    You would use an existing open or PSK network. A separate SSID is not necessary. ClearPass guest has a "Guest Device" (MACTrac) feature which allows you to manually register devices that are not 802.1X or browser capable. When those devices authenticate to the network via MAC-Auth, they bypass the captive portal and are assigned the appropriate role.



  • 3.  RE: Onboarding Gaming Consoles

    Posted Apr 08, 2014 05:00 PM

    I'm following this post: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Guide-Using-ClearPass-to-steer-users-to-secure-networks-mhc/m-p/144823

     

    But I've also come across where it was stated that current best practice is not levaraging more than 2 networks?



  • 4.  RE: Onboarding Gaming Consoles

    EMPLOYEE
    Posted Apr 08, 2014 05:01 PM

    You should design your networks based on encryption type/authentication type. (WPA2-Enterprise 802.1X, WPA2-PSK, open)

     

    All of the other magic can be done on the backend in ClearPass.

     

     



  • 5.  RE: Onboarding Gaming Consoles

    EMPLOYEE
    Posted Apr 08, 2014 05:08 PM

    These screenshots should help get you started:

     

    douggiefresh1.PNG

     

    douggiefresh2.PNG

     

    douggiefresh3.PNG



  • 6.  RE: Onboarding Gaming Consoles

    Posted Apr 08, 2014 05:31 PM

    Tim, thanks for the great info! One quick question. The screenshots show a Game Console Role.

     

    What do your conditions on that role look like?



  • 7.  RE: Onboarding Gaming Consoles

    EMPLOYEE
    Posted Apr 08, 2014 05:33 PM

    It simply returns the user role "GAME-CONSOLE" to the controller. You can then create firewall rules in that role on the controller (or the controller can download them from ClearPass)