Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

802.1x authentication block access based on device operating system

This thread has been viewed 5 times

  • 1.  802.1x authentication block access based on device operating system

    Posted Nov 05, 2012 01:53 AM

    Can 802.1x authentication block access based on device operating system such as android and Apple IOS or windows?

     

     



  • 2.  RE: 802.1x authentication block access based on device operating system

    Posted Nov 05, 2012 02:39 AM

    use DHCP finger-printing

     

    and to block such things you need to have PEF license.

     

    refer to this document: http://www.arubanetworks.com/wp-content/uploads/AOS-DHCP-FingerPrint-AppNote.pdf



  • 3.  RE: 802.1x authentication block access based on device operating system

    Posted Dec 10, 2012 06:20 AM
      |   view attached

    I have create User Rules as attached screen capture. But those Apple iOS and Android user still get the "Authenticated" role instead of "BYOD_Deny" role. Which iOS and Android device still "Authenticated" role from 802.1x Authentication Default Role.

     

    I already define the User Derivation Rules under "AAA Profile". 

     

    Please advise. 



  • 4.  RE: 802.1x authentication block access based on device operating system

    EMPLOYEE
    Posted Dec 10, 2012 06:36 AM
    @jordontin wrote:

    I have create User Rules as attached screen capture. But those Apple iOS and Android user still get the "Authenticated" role instead of "BYOD_Deny" role. Which iOS and Android device still "Authenticated" role from 802.1x Authentication Default Role.

     

    I already define the User Derivation Rules under "AAA Profile". 

     

    Please advise. 

    Are you sure you have it attached to the correct AAA profile?

     



  • 5.  RE: 802.1x authentication block access based on device operating system

    Posted Dec 10, 2012 07:02 AM

    Yes, it was attach to correct AAA profile. Because for windows laptop it can get the role for "User Derivation Rules" but for Apples iOS and Android device was not.



  • 6.  RE: 802.1x authentication block access based on device operating system

    EMPLOYEE
    Posted Dec 10, 2012 07:04 AM
    Did you enable dhcp debugging to see if the users match the dhcp fingerprint or not?


  • 7.  RE: 802.1x authentication block access based on device operating system

    Posted Dec 10, 2012 07:10 AM

    Ok. later i will try on that and will update the status.



  • 8.  RE: 802.1x authentication block access based on device operating system

    Posted Dec 11, 2012 08:24 PM

    Manage to block base on OS type by adding some Android DHCP fingerprinting as below website link:

     

    http://www.educause.edu/discuss/networking-and-emerging-technologies/wireless-local-area-networking-constituent-group/aruba-dhcp-fingerprinting