Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Allowing Smart TVs/devices on network

This thread has been viewed 9 times

  • 1.  Allowing Smart TVs/devices on network

    Posted Oct 02, 2018 10:36 AM

    I am fairly new to networking and Aruba and was wondering what the best way to set up a smart TV on our wifi.  Currently on our campus we have three SSID all requireing the same encryption, We have employee and student, which require users to enter their domain user name and password.  We also have a vistitor SSID that we assign a user name and password for access.  Somebody recently bought smart TVs that are wifi only.  What do I need to do in order to get them on the network without them being able to log in with user name password/encryption.  The TV seems to connect to the visitor wifi, even though it doesn't prompt for a user name or password and it does not seem to have internet access.  We have a 7210 controller but do not have Clearpass. 



  • 2.  RE: Allowing Smart TVs/devices on network

    Posted Oct 02, 2018 11:24 AM

    The smart TVs we have on our network don't support 802.1x and so wouldn't work on any of your networks. We've connected them using a preshared key.



  • 3.  RE: Allowing Smart TVs/devices on network

    Posted Oct 02, 2018 03:19 PM

    It let me connect to my visitor wifi, but it did not prompt me for username or password.  It's pulling an IP address, but no internet access.  

     

    Any suggestions?



  • 4.  RE: Allowing Smart TVs/devices on network

    EMPLOYEE
    Posted Oct 02, 2018 07:42 PM

    Without ClearPass, the administrative burden is more on you to keep up with. In your case, you could add Mac Authentication to your visitor SSID. The Smart TV would be registered within the controller’s internal database so that connections from the TV are placed directly into the Visitor’s post-Auth role...bypassing the captive portal.

     

    The downside to doing this without ClearPass is two fold. First, you have to maintain the database of authorized SmartTVs yourself, vs offloading device registration to the users. Second, there is no mitigation for Mac cloning. Anyone cloning their MAC address to a known working Smart TV will have access to the Visitor SSID without accessing the portal. However, it will allow your SmartTV to share the visitor network without getting stuck in the captive portal role.



  • 5.  RE: Allowing Smart TVs/devices on network

    Posted Oct 03, 2018 10:33 AM

    Sounds like what I need.  How to I go about adding MAC authentication to the SSID on the controller?



  • 6.  RE: Allowing Smart TVs/devices on network

    EMPLOYEE
    Posted Oct 04, 2018 01:45 PM

    You manually add mac addresses to the internal user database on the controller. The username and password will be identical - they will both be the mac address of the smart tv.

     

    On the WLAN's aaa profile, you'll enable mac authentication and configure it to use the internal user database. A successful mac authentication should put the client device into the post-authentication role that is typically returned by the captive portal.