https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451596#M145308 <P>I have a WLC 2504 with (2) 3702 AP's. I have successfully set up a SSID (Internal Laptops) &nbsp;for the internal users to connect to the local LAN. I am now trying to create a SSID (Public) &nbsp;for the employees and guest to use their BYOD's. The issue I am having is attempting to block the company laptops from the Public SSID. I have attempted using my W2K3 server IAS and setting up the radius info in the WLAN I created for this SSID. I just cant seem to get anything to work. I have searched everywhere for answers but not had any luck. Has anyone ever done this? Thanks in Advance.</P> Mon, 05 Jul 2021 07:47:26 GMT jimmyfoddrell 2021-07-05T07:47:26Z https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451596#M145308 <P>I have a WLC 2504 with (2) 3702 AP's. I have successfully set up a SSID (Internal Laptops) &nbsp;for the internal users to connect to the local LAN. I am now trying to create a SSID (Public) &nbsp;for the employees and guest to use their BYOD's. The issue I am having is attempting to block the company laptops from the Public SSID. I have attempted using my W2K3 server IAS and setting up the radius info in the WLAN I created for this SSID. I just cant seem to get anything to work. I have searched everywhere for answers but not had any luck. Has anyone ever done this? Thanks in Advance.</P> Mon, 05 Jul 2021 07:47:26 GMT https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451596#M145308 jimmyfoddrell 2021-07-05T07:47:26Z https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451597#M145309 <P>What you need is a mechanism to deal with "client missassocation"</P><P>A WiPS engine can identify clients by MAC address and de-auth them based on the SSID policy.</P><P>If the client joins "Guest" &nbsp;they are knocked off. &nbsp;They are not knocked if they join "corp" &nbsp;</P><P>Motorola AirDefense and AirTight &nbsp;WiPS both provide such functionality. &nbsp;One of my customers used it very effectively in conjunction with a CUWN infrastructure.</P><P>Eric</P><P>Please rate if this was helpful</P> Thu, 08 May 2014 13:43:16 GMT https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451597#M145309 ericgarnel 2014-05-08T13:43:16Z https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451598#M145310 <P>Thanks Eric for your reply. I was able to get it working via IAS. It is a little more administration involved, but it does what I needed. Thanks/</P> Thu, 08 May 2014 14:04:45 GMT https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451598#M145310 jimmyfoddrell 2014-05-08T14:04:45Z https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451599#M145311 <P>Jim,</P><P>Excellent! &nbsp;And thank you for the rating!</P><P>By Chance, would you be able to share your steps? &nbsp;I have a few customers who could use the same functionality with their IAS</P><P>Eric</P> Tue, 20 May 2014 13:27:12 GMT https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451599#M145311 ericgarnel 2014-05-20T13:27:12Z https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451600#M145312 <P>I thought it was working, but it was very inconsistent. I ended up using the DHCP DENY rules on the Windows 2008 DHCP server.</P> Tue, 20 May 2014 15:29:22 GMT https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451600#M145312 jimmyfoddrell 2014-05-20T15:29:22Z https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451601#M145313 <P>Hi Jimmy,&nbsp; If you are running Windows based laptops in an Active Directory environment,&nbsp; I added the Guest SSID to the Group policy as a "Disabled" SSID.&nbsp;&nbsp; Then none of our corporate Windows laptops can access the Guest SSID.&nbsp; Works a Treat!</P><P>Matthew</P> Thu, 29 May 2014 00:28:18 GMT https://community.cisco.com/t5/wireless/ssid-to-allow-byod-s-and-not-allow-company-pc-s-accee/m-p/2451601#M145313 Matthew Knott 2014-05-29T00:28:18Z