How To Prioritize Devices On Your Network

Managing network devices is top of mind these days. In this post, Ruchi Sharma explains how you can let guest devices on your network while still ensuring they don’t stray from where they belong or hog more bandwidth than they should.

In today’s wireless-driven world, most companies issue laptops to their employees and have them connect to Wi-Fi in-and-around their campus. Conference rooms are setup with Wi-Fi which connects Apple TVs, projectors, and printers along with all the user devices.

Along with all this comes the question of bandwidth. Can your network support so many devices with good user experience? If somebody is streaming Netflix on a personal device, will it hijack your bandwidth?

Today’s reality is that every employee brings a smartphone, and maybe a tablet, into work along with the laptop. Once an employee knows how to login to the wireless, they can use the same method to connect all their other devices.

That unfortunately makes the network more vulnerable.

Many companies go through great lengths to separate out company-owned laptops while preventing personal devices from connecting. Some companies go through the hassle of manually approving MAC addresses in order to maintain “network integrity”.

A typical 802.1x setup allows all clients to connect, and network admins go to various lengths to prevent non-company issued devices to connect. That can be a lot of work, but there is a very simple workaround in Aerohive environments.

A simple way to do this for smaller organizations is using client classification in HiveManager. Simply identify all non-company deployed devices and push them to the Guest User profile. The Guest network can be setup to have lower priority on the network, and can be assigned specific firewall rules. An ideal setup would be to allow non-company owned devices to only access the internet, while blocking them from internal resources.

Here’s how to do it yourself:

Step 1: Identify Mobile devices

In Hivemanager, browse to your Employee SSID. Scroll down to the User Profile, and check the box, “Apply a different User Profile to various clients and user groups”


Then click the “+” to add a set of new rules. The following screen comes up. Select Guest user profile. This will be the profile assigned to devices which fall under the rules which are set up next.



Next the rules need to be created. Click on the “+” sign pointed in the screen shot below:



The next screen allows us to pick the classification rules to group devices. Name the “User Profile Assignment as “Mobile devices.” Then click on the “+” sign which brings up a list of ways to select devices. Choose Client OS Type.



Select the Mobile OSes: Android and iOS. Windows Phones and Blackberry are other available choices. If there is a need to distinguish between iPhone and iPad, select the HTTP agent and make that selection.



Once this is selected, the final selection should appear in the main configuration screen as below:



Once this configuration is updated to the devices, the mobile devices will receive the Guest user profiles, and will be subject to the same restrictions as all other devices connected to the Guest network SSID. This will happen in the background, unknown to the end user.

I hope this is a helpful tip for all of you in an age where managing devices is becoming more challenging by the day. If you are looking for tips on securing the network, please tweet us and ask.

Ruchi has designed, deployed, and managed wired and wireless networks for more than a decade, with most of her experience in the Education space. She recently achieved CWNA status and has been a Systems Engineer (SE) at Aerohive for the past four years.

Leave a Reply

Your email address will not be published. Required fields are marked *