Score:0

WIFI : distinguishing client by OS

us flag

We have differents wifi clients Some of them on Android/Apple phones, others on PC Windows. Wifi is authenticated by NPS and we have a DHCP in wwindows server.

We do not trust phone. We want to put Windows PCs on a network and Phones on other network. Is it possible to distinguish each others? with NPS or with a DHCP options? Thanks.

FRALEWHALE avatar
cn flag
Do you have a wireless LAN controller (WLC)?
Alex Lum avatar
us flag
Yes, i have a controler Aruba mobility Controler
Score:2
cn flag

I have not used Aruba gear for networking in actual enterprise applications (only dabbled on GNS3 and other virtualization platforms), but you might be able to do it with your Aruba WLC or AP's. That is assuming you are using Aruba APs.

I use a Cisco WLC in my current environment and it is able to detect mobile devices and then you should be able to segregate them from there. Again, this is on Cisco and not Aruba but I would venture a guess and say that Aruba has the same functionality.

I found this guide which appears to provide some insight on what you are looking for.

From the guide -

  • You can move all smartphone/mobile devices based on fingerprinting.

  • DHCP fingerprinting allows you to identify the OS of the device and then a role can be assigned to the device based on the OS.

    • Apples iOS - DHCP Option 55 - 370103060F77FC
    • Android - DHCP Option 60 - 3C64686370636420342E302E3135

Hope this helps.

Alex Lum avatar
us flag
Thanks but not working because device will have an ip in the wrong vlan then will be attribute to other vlan but will not re DHCP.
Score:-2
us flag

Thank you FRALEWHALE. I ve been able to do that using NPS For domain computers, i use a network policy which attribute a vlan. http://www.hospitableit.com/howto/wireless-802-1x-for-machine-auth-only-using-nps/ https://blog.naglis.no/?p=3816 https://aventistech.com/2020/03/23/setup-nps-with-eap-tls-for-aruba-wifi/ I've deployed computer certificates and a GPO to pilote WIFI connection.

For all others, there is a new NPS rule, phones have to use users credentials. In the future, we will deploy user certificates on phones and linux. Thanks for help

Alex Lum avatar
us flag
Is it possible to know why my answer have been downvoted? I know it is not the best solution but i have tested FRALEWHALE option on my aruba and couldnt setup that. With NPS, i can do what i want.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.