Showing results for 
Search instead for 
Did you mean: 

Wireless ISE device OS restrictions

James Smith
Level 1
Level 1

G'day All,

Can anyone tell me if it is possible to restrict wireless devices network access based on their OS version? I am building a wireless ISE deployment that will service iOS devices and Android using CWA and the guest portal and I'd like to prevent devices of older OS version from access, for example, only allow iOS version 5 and up, and Android OS version 4 and up to connect to the wireless network.

I am pretty sure it would be done as a profile condition, but I am just not sure how to configure the condition.

Thanks and regards,


3 Replies 3

Tarik Admani
VIP Alumni
VIP Alumni

There might be a way to look at the http string that is sent at times they ios version is embedded but I havent had a chance to verify if it accuratley reflects the version or not. If you take some captures (safe) or trust a website (can search google for "whats my user agent" that will tell you what your user agent is, you can set those as profiling conditions and then policies and reference those in your authorization policies.

I just went online and check my user agent and it says Android 4.2.2 and verfied that my OS version is 4.2.2.

Hope that helps,


Tarik Admani
*Please rate helpful posts*

G'day Tarik,

Thanks for the prompt response. I had figured that the user agent would be the go. When I look at the configuration for the profile condition for the user agent string, when you select the operator to use, there are 5 options:






I am assuming that I would use the GREATTHAN operator. I am going to test this in a few hours so I will report back the outcome.

Thanks again for the response.

Tarik Admani
VIP Alumni
VIP Alumni

I think contains would be your bet the greater than value is pretty generic and dont think it works with strings. Give it a shot but dont spend too much time on it.

Sent from Cisco Technical Support Android App