Header Only - DO NOT REMOVE - Extreme Networks

IdentiFi device type access


Userlevel 6
Hello, all!

In controller we can see statistics by Operating Systems, Device Type, etc.
Can we restrict access for device type with rules?
(without NAC, only with Controller)

For example Android devices and Apple devices.

Thank you!

6 replies

Userlevel 5
Hi Alex

Good question....
If we can see it we should be able to use it....

But I do not believe this is possible, we will still require a NAC for this....
Let see what the official response looks like...
Userlevel 4
Hello ! The device type detection occurs after authentication via DHCP-Snooping. So during authentication process you will not have this information. To use this you need to detect the device type after successful authentication and move the device to another role with a triggered reauth. This can only be done via NAC (COA). br Volker
Userlevel 5
Hi Volker

NAC also utilizes DHCP-Snooping to identify the device type...
Only once NAC is able to resolve the IP does the Device Type appear.
This should be the same process....
Userlevel 6
NAC have possibility to access control based on the device type and client OS?
Can you show me screen-shots or web-link with images of this configuration in NAC?

Thank you!
Userlevel 7
Alexandr P wrote:

NAC have possibility to access control based on the device type and client OS?
Can you show me screen-shots or web-link with images of this configuration in NAC?

Thank you!

Here a example of the default groups....

Userlevel 7
just my 2 cents on the topic...

Device fingerprinting is done by the AP directly and not by the WLAN controller.

I've no idea how often this data is tx back to the controller but it could be that it's done together with statistics data which isn't that often.

In that case the controller doesn't has this device type data handy at the point of the authentication process.

-Ron

Reply