02-19-2014 03:36 AM - edited 07-05-2021 12:13 AM
Hello Freinds ,
is there any way that i can block andriod devices to connect to a specific SSID on wlan controllers.
Solved! Go to Solution.
02-19-2014 06:56 AM
Hi Faisal.
For sure, the WLC does not have a solution for this.
However, there is another simple approach using DHCP-Fingerprint.
DHCP as per RFC 2132 is setup with multiple vendor specific options.
Use of DHCP options is vendor-, device-, and OS-dependent, which creates significant differences in the DHCP packets generated by various devices and thus constitutes a DHCP Fingerprint.
If you have a Stateful Firewall that can do a deep packet inspection, then the Android devices can easily be identified and blocked.
Regards
Victor V
*****Help out other by using the rating system and marking answered questions as *****Answered"*****
02-19-2014 03:49 AM
HI Faisal,
I dont think Controller has ability to identify the client as mobile device and block the wifi. It just considers that as a client seekign conenctivity.
Cisco Identity Services Engine(ISE) with either Wireless or Advanced license set, enable profiling, and tie in the device profile into the authorization policy.
I would strongly suggest using AD, LDAP or some kind of external identity store to verify user identity, however, on top of the device profile.
Regards
Dont forget to rate helpful posts
02-19-2014 06:08 AM
Cisco ISE is a very good solution for profiling and posturing and can provide you greater control on the network
02-19-2014 06:56 AM
Hi Faisal.
For sure, the WLC does not have a solution for this.
However, there is another simple approach using DHCP-Fingerprint.
DHCP as per RFC 2132 is setup with multiple vendor specific options.
Use of DHCP options is vendor-, device-, and OS-dependent, which creates significant differences in the DHCP packets generated by various devices and thus constitutes a DHCP Fingerprint.
If you have a Stateful Firewall that can do a deep packet inspection, then the Android devices can easily be identified and blocked.
Regards
Victor V
*****Help out other by using the rating system and marking answered questions as *****Answered"*****
02-19-2014 07:01 AM
Thanks Victor for your reply, your solutions sems to be more easy and doable in current situation howevre i need to know more about it if you provide me any document and you ever implemented it please share with me it wiil be big support for me. Thanks
Regards,
02-19-2014 07:07 AM
Hi Faisal,
Sorry .. I have not implemented this so far.
You may need to do find out a device that understand "DHCP Fingerprint" to do this job.
AFAIK, Infoblox can do this.
I'll search for any doc on my HDD..If I get more information, i'll attach it for you.
Regards
Victor V
*****Help out other by using the rating system and marking answered questions as *****Answered"*****
02-19-2014 01:29 PM
If you want Device Fingerprinting, then talk to InfoBlox.
DHCP Fingerprinting starting with NXOS 6.7.X.
02-26-2014 07:49 PM
Not sure if this will work for you, haven't tested myself. In 7.5 and newer code you can now do dhcp/http profiling on wlc. You can also build local policies as well
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/NativeProfiling75.html
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: