Wireless Access

I want to allow one andriod to access the internet， other andriods are not allowed to access to  Internet .

Is it not possible to use  the role-derivation on the anriod ? how to do it ? I need your help , thank you!

 

platform  ：

aruba os 6.1.x

 

method :

dhcp fingerprint

 

 

 

my english is so poor . 

If you want to give different permissions to different androids you need clearpass

 

If you use fingerprint the rule will apply to all the androids..

 

Cheers

Carlos

---

@lmxc001 wrote:

I want to allow one andriod to access the internet， other andriods are not allowed to access to  Internet .

Is it not possible to use  the role-derivation on the anriod ? how to do it ? I need your help , thank you!

 

platform  ：

aruba os 6.1.x

 

method :

dhcp fingerprint

 

 

 

my english is so poor . 

---

If you want only a single device to go to the internet, maybe you can do a user derivation rule which places a device that begins with that mac address in a specific role.

 

I  have used this to deny my andriods with  dhcpfingerprint，but I want to allow to someone to access to the internet。There I have tried to create rules with mac-address to allow my andriod to access to internet ,at the same time , the other devices are allowed to access to internet ,too.This is what I don't  want to see.   I don't known you can understand my words. 

 

policies :

ip access-list session mdac
user any udp 68 deny log
user any svc-icmp permit

user any svc-dns permit

 

aaa derivation-rules user devices
set role condition macaddr equals "84:74:2a:f9:ee:af" set-value authenticated description "myandriod"
set role condition dhcp-option equals "0c616E64726F69645F" set-value devices-ctrl description "andriod 2.3"
set role condition dhcp-option equals "3c6468637063642034" set-value devices-ctrl description "andriod 2"
set role condition dhcp-option equals "37010f03062c2e2f1f217" set-value devices-ctrl description "unkown1"
set role condition dhcp-option equals "37012103060f1c333a3b" set-value devices-ctrl description "andriod4.x"

 

my device's derivation-rules is devices ,but it can't access to internet.

What criteria do you want to use to determine who can go to the internet? Is it username? Is it MAC address? Is it operating system? With user rules, you can only use one criteria to determine what role a device gets. All of the other criteria are ignored.

Maybe it's mac-address . mac authentication can solve my problem,but it's complex to collect the macs. 

Well,

 

How many devices do you need to make this exception for?

 

Some people is guest ，I can't identify them when they access to internet 。It's hard to limit  the guest。

At the moment you have how many broadcasted SSID

 

It is possible for you create a SSID just specially for Guest or visitor? Then create or assign a VLAN to the guest and just only allow go to internet, don't have access right to access your office network.