Assign VLAN ID based on client type

  • 1
  • Question
  • Updated 10 months ago
Hi,
I am configuring one SSID name, so I need to classify my devices based on device type or OS, for example if iPhone, Android smartphone connected will get IP address from specific VLAN, if Windows OS connect will get another VLAN ID. 
I follow this post "https://community.aerohive.com/aerohive/topics/dynamic-vlan-based-on-mac-address" but still I am getting the same VLAN ID. could you help on that


Thanks



Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like

Posted 11 months ago

  • 1
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
I see you have one client classification rule matching on both MAC Object and OS Object - try to match on OS Object only.

Also, add an additional rule for any OS Object that might apply:



And last: In Additional settings / Service settings / Management option, ensure that you have OS detection enabled, and at least via DHCP fingerprinting:



If this still doesn't do the job, ensure you have your devices upgraded to the latest available HiveOS.
Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like
Hi Carsten

thanks for your reply,

The setup is working with me perfectly for (Windows, Android), except for iPhone devices, I tried all the combinations that available but still i am getting the same IP adders.
could you extend you support. 

my hive manager ver: 6.8r2a
iPhone OS: 10.2.1


regards, 
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
So it works for most devices, but for some not. Can you try another iPhone as well, different model and/or iOS?

Anyway - it looks like you have to create a custom OS object.

Check your Monitor / Clients list and locate your iPhone. Make sure you have a column for "Client OS" displayed - does it read "unknown"?



If yes, click on "unknown". You now see the window where you can add a custom OS Object string. Give it a meaningful name (not just "iPhone", e.g. "iPhone iOS 10.2.1") and save - you should already see this string as Client OS for your device.

Now go to Configuration / Common objects / OS objects. Add a new object, give it a custom name, and choose the Client OS you had just created before.

For example:


You can now use this Object name in client classification rules.

See also these 3 threads:
https://community.aerohive.com/aerohive/topics/ios-9-breaks-client-classification
https://community.aerohive.com/aerohive/topics/wrong-client-os
https://community.aerohive.com/aerohive/topics/client_reassignment_for_android_clients

carsten
Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like

HI Carsten Buchenau 

many thanks for you, it's working vey fine.


regards,

Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Glad to hear!

And feel free to like one of my posts ;-)
Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like
Dear Carsten

could you extend your support and help on this new issue,

so, I am trying to profile my guest based on authentication, means if a guest authenticate himself using specific username/password AH will redirect him to special profile and can get different ip address based on VLAN profile.

regards,
Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like
Thanks again Carsten
my setup is very simple,

I have one ssid, and I have a classification policy said: if the client is Windows and from my domain then assign to my default profile,
else assign to Guest profile.
but I have another condition, if the client login by specific account he should be assign to default profile, so he/she can access my corporate network.

I am using 8.2.1x with windows radius server
regards,
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Ok... so everyone authenticates with an account against your Radius server, incl. guests. Correct?

So what you want is to assign user profiles based on attributes returned by your Radius server:



On the default tab you assign your Guests_Profile, and under Authentication the profiles that will be assigned on a specific condition. In this case we expect the matching attribute id inside the Filter-Id attribute.

What I do not know, to be honest, is the order of assignment when you combine this mechanism with Client classification as well. Guess you need to experiment with this a bit ;-)

Good luck!
Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like
Dear Carsten,
Thanks very much for your kind help, I follow your help and it works.
Once again thank you

Regards,
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Indeed, good find!
Photo of Amir Zakaria

Amir Zakaria

  • 9 Posts
  • 1 Reply Like
Dear Carsten,

Now I am trying to classify my clients based on domain, if the client is company then used corporate profile if guest then used guest profile.
I tried to used Client Classification Policy based on Device Domain Object but did not succeed.

I tried also  Assign RADIUS attribute, but I don't know also not succeed.

could you help me on this

Thanks