https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211021#M551493 <P>Dear</P> <P>recently i created a condition of wireless dot1.X and below the&nbsp; attributes such as</P> <P>&nbsp;</P> <UL> <LI>windows AD particular manager group</LI> <LI>logical profiles contains ipad and iphone</LI> </UL> <P>but the problem is if the manager from the particular group gets his personal android he is able to authenticate and he gets the ip address,</P> <P>when i see the authorization policy it falls proper to which i created then why it is accepting from the android.</P> Sat, 04 Nov 2017 21:23:18 GMT adamgibs7 2017-11-04T21:23:18Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211009#M551487 <P>Dears</P> <P>i dont know what i am asking is correct but i am confused,</P> <P>I want to authenticate users via WPA2 pre-shared key on SSID but these should be only apple users and from windows AD particular group,</P> <P>Is it possible ??</P> Fri, 21 Feb 2020 18:37:59 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211009#M551487 adamgibs7 2020-02-21T18:37:59Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211011#M551488 <P>Hi,</P> <P>&nbsp;</P> <P>If you want to allow only users from an AD group then you will need to use WPA2 Enterprise NOT a pre-shared key. If you use a pre-shared key anyone on any device can type use thus without requiring to authenticate to the SSID,</P> <P>&nbsp;</P> <P>HTH</P> Sat, 04 Nov 2017 20:55:11 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211011#M551488 Rob Ingram 2017-11-04T20:55:11Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211013#M551489 <P>thanks for the reply,</P> <P>&nbsp;</P> <P>so you mean to say 802.1X authentication on AD ??? my goal is to separate apple IPAD users from&nbsp; iphone and android devices, how i can achieve that ,, what conditions i can choose to make IPAD unique, if it is difficult to separate ipad and iphone then no problem atleast i will deny android&nbsp; </P> Sat, 04 Nov 2017 21:11:23 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211013#M551489 adamgibs7 2017-11-04T21:11:23Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211014#M551490 <P>Yes, if you want to authenticate against AD you'd use 802.1x</P> Sat, 04 Nov 2017 21:08:08 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211014#M551490 Rob Ingram 2017-11-04T21:08:08Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211016#M551491 <P>thanks again for the quick reply</P> <P>&nbsp;</P> <P>my goal is to separate apple IPAD users from&nbsp; iphone and android devices, how i can achieve that ,, what conditions i can choose to make IPAD unique, if it is difficult to separate ipad and iphone then no problem atleast i will deny android</P> Sat, 04 Nov 2017 21:12:31 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211016#M551491 adamgibs7 2017-11-04T21:12:31Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211019#M551492 <P>You can use ISE profiling to determine the OS of the device - therefore determine if it's an apple iphone/ipad or android device. You can then create authorisation rules to permit/deny depending on the type of device</P> Sat, 04 Nov 2017 21:16:28 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211019#M551492 Rob Ingram 2017-11-04T21:16:28Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211021#M551493 <P>Dear</P> <P>recently i created a condition of wireless dot1.X and below the&nbsp; attributes such as</P> <P>&nbsp;</P> <UL> <LI>windows AD particular manager group</LI> <LI>logical profiles contains ipad and iphone</LI> </UL> <P>but the problem is if the manager from the particular group gets his personal android he is able to authenticate and he gets the ip address,</P> <P>when i see the authorization policy it falls proper to which i created then why it is accepting from the android.</P> Sat, 04 Nov 2017 21:23:18 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211021#M551493 adamgibs7 2017-11-04T21:23:18Z https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211798#M551494 Dear Expert,<BR />how i can troubleshoot such problem Mon, 06 Nov 2017 20:02:42 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-wpa2/m-p/3211798#M551494 adamgibs7 2017-11-06T20:02:42Z