09-14-2015 03:51 AM - edited 07-05-2021 03:55 AM
i have a WLC 2504 installed at the client site. i have applied the deny android device , but still some android devices are getting IP and getting connected.
please suggest any suggestion if helpful for this issue. i am facing this issue for a long time.
09-20-2015 11:00 PM
Hi,
Make sure you are configuring the policies correctly..
Please follow the below document.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/NativeProfiling75.html
09-21-2015 04:19 AM
Profiling and policy enforcement allows profiling of mobile devices and basic onboarding of the profiled devices to a specific VLAN assigns ACL and QOS, or configures session timeout. It can be configured as two separate components. The configuration on the WLC is based on defined parameters specific to clients joining the network. The policy attributes which are of interest are:
a. Role – Defines the user type or the user group the user belongs to, for example, student or employee.
b. Device – Defines the type of device, for example, Windows machine, Smart phone, Apple device such as iPad, iPhone and so on.
c. Location – Defines where the end point is connected on the network. Location represents AP group. APs can be divided or grouped according to the location and policy can be applied per AP group.
d. Time of day – Allows configuration to be defined at what time of the day end-points are allowed on the network.
e. EAP Type - Checks what EAP method the client is getting connected to.
The above parameters are configurable as policy match attributes. Once WLC has a match corresponding to the above parameters per end-point, policy enforcement comes into picture. Policy enforcement allows basic device on-boarding of mobile devices based on session attributes such as:
e. Sleeping Client–Timeout duration for a specific sleeping client (in hours)
The user can configure these policies and enforce end-points with specified policies. The wireless clients will be profiled based on MAC OUI, DHCP, HTTP user agent (valid Internet is required for successful HTTP profiling). The WLC uses these attributes and predefined classification profiles to identify devices.
02-01-2016 01:48 AM
Hello Mohanak.,
Thanks for your suggestion.
We have found another way to block the android devices by naming the MAC addresses of PCs and disabling the rest android devices and hence save our network from android phone usage.Other phones are allowed as they are in limited numbers.
The main problem behind this use of android policy comes when the windows workstations are getting detected as android devices and not getting access. we have tried it to solve with TAC, but it took a lot of time with no solution.
Thanks,
Anurag Giri
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide