Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1080
Views
0
Helpful
5
Replies

Cisco WLC only allow PC/MAC OS connect?

cherrykit
Level 1
Level 1

‎02-29-2012 06:58 AM - edited ‎07-03-2021 09:41 PM

Dear All,

Is there any way to config the WLC only allow PC or MAC OS to connect to WLC? So many IPhone/Android/IPad....etc are using out network and we would like to disconnect all mobile device in one go, other than MAC filtering, any idea? Thanks!

Frankie

Labels:
0 Helpful
5 Replies 5

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎02-29-2012 07:01 AM

You would need something that can 'fingerprint' a device to know what it is, and allow/disallow on the device type.

take a look at the Cisco ISE offering.

http://www.cisco.com/en/US/customer/products/ps11640/index.html

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

cherrykit
Level 1
Level 1
In response to Stephen Rodriguez

‎02-29-2012 07:18 AM

Thanks for your reply

Is it only this way to do? Any MAC address pattern that I can follow and set it into the MAC filtering?

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to cherrykit

‎02-29-2012 07:29 AM

No.  The OUI portion of the MAC address will just identify the manufacturor, not the device.

For example, just looking at the OUI you can't differentiate a Mac Book from an iPad, as both OUI would just show Apple Inc.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to Stephen Rodriguez

‎02-29-2012 09:10 AM

As Steve points out ISE is the way to go.

ISE uses "probes"

Radius

DHCP Finger Print

HTTP

From these probes it can ID what the device is and then depending on your needs shuffle the devices around.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Ven Taylor
Level 4
Level 4

‎02-29-2012 11:54 AM

What kind of authentication are you using?  If you're using web auth or open auth, you may be stuck.

You could use something clunky like machine certificates.  This way, you control who gets on the network.

However, it becomes a nightmare for the helpdesk when people have to change their passwords.  The certs stop working on Mac.  My old company had it like this and they hated it, but it kept mobile devices off.

If you really want to control your mobile device access, you're going to have to spend some cash.

Just out of curiosity, why do you want to keep mobile devices off your wireless? 

Ven

Ven Taylor
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card