Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3004
Views
10
Helpful
7
Replies

Block Andriod Devices

Go to solution
Faisal Shabbir
Level 1
Level 1

‎02-19-2014 03:36 AM - edited ‎07-05-2021 12:13 AM

Hello Freinds ,

is there any way that i can block andriod devices to connect to a specific SSID on wlan controllers.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Victor Vasantha Kumar
Level 1
Level 1

‎02-19-2014 06:56 AM

Hi Faisal.

For sure, the WLC does not have a solution for this.

However, there is another simple approach using DHCP-Fingerprint.

DHCP as per RFC 2132 is setup with multiple vendor specific options.

Use of DHCP options is vendor-, device-, and OS-dependent, which creates significant differences in the DHCP packets generated by various devices and thus constitutes a DHCP Fingerprint.

If you have a Stateful Firewall that can do a deep packet inspection, then the Android devices can easily be identified and blocked.

Regards

Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****

View solution in original post

7 Replies 7

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-19-2014 03:49 AM

HI Faisal,

I dont think Controller has ability to identify the client as mobile device and block the wifi. It just considers that as a client seekign conenctivity.

Cisco Identity Services Engine(ISE) with either Wireless or Advanced license set, enable profiling, and tie in the device profile into the authorization policy.

I would strongly suggest using AD, LDAP or some kind of external identity store to verify user identity, however, on top of the device profile.

Regards

Dont forget to rate helpful posts

0 Helpful

Go to solution
kaaftab
Level 4
Level 4

‎02-19-2014 06:08 AM

Cisco ISE is  a very good solution for profiling and posturing and can provide you greater control on the network

0 Helpful

Go to solution
Victor Vasantha Kumar
Level 1
Level 1

‎02-19-2014 06:56 AM

Hi Faisal.

For sure, the WLC does not have a solution for this.

However, there is another simple approach using DHCP-Fingerprint.

DHCP as per RFC 2132 is setup with multiple vendor specific options.

Use of DHCP options is vendor-, device-, and OS-dependent, which creates significant differences in the DHCP packets generated by various devices and thus constitutes a DHCP Fingerprint.

If you have a Stateful Firewall that can do a deep packet inspection, then the Android devices can easily be identified and blocked.

Regards

Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****

Go to solution
Faisal Shabbir
Level 1
Level 1
In response to Victor Vasantha Kumar

‎02-19-2014 07:01 AM

Thanks Victor for your reply, your solutions sems to be more easy and doable in current situation howevre i need to know more about it if you provide me any document and you ever implemented it please share with me it wiil be big support for me. Thanks

Regards,

0 Helpful

Go to solution
Victor Vasantha Kumar
Level 1
Level 1
In response to Faisal Shabbir

‎02-19-2014 07:07 AM

Hi Faisal,

Sorry .. I have not implemented this so far.

You may need to do find out a device that understand "DHCP Fingerprint" to do this job.

AFAIK, Infoblox can do this.

I'll search for any doc on my HDD..If I get more information, i'll attach it for you.

Regards
Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Faisal Shabbir

‎02-19-2014 01:29 PM

If you want Device Fingerprinting, then talk to InfoBlox.

DHCP Fingerprinting starting with NXOS 6.7.X.

Go to solution
Trent Hurt
Level 1
Level 1

‎02-26-2014 07:49 PM

Not sure if this will work for you, haven't tested myself. In 7.5 and newer code you can now do dhcp/http profiling on wlc. You can also build local policies as well

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/NativeProfiling75.html



Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card