Restringer connection Android and IPhone WLC5508 in specific SSID

Alex Ribas · ‎09-18-2021

Hi all

I would like to know if exist the possibility that create one SSID Example: WMOBILITY and in this SSID restrict connection only for users that use. IPhone or Android?

I'm using WLC 5508 (without ISE Authentication to users)

5508 --> The users connection are --> via 802.1x (Radius) -> NPS Microsoft.

I appreciate your help.

Thank you

Alex

Arshad Safrulla · ‎09-18-2021

You can do it by using local profiling. Make sure that you have enabled http and dhcp local profiling. But you need to run firmware 8.X.X.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/per_wlan_wireless_settings.html

Then you need to create ACL's as per your access control requirement and then go to Security==>Local Policies create the policies as required and associate the correct ACL's. Finally go to WLAN and polciy-mapping and set the policies you created. This way you can achieve your requirement, but please note that the other devices trying to connect to the WLAN will not be informed why they cannot connect.

My preferred way is to use an advanced Radius server like ISE, Clearpass etc. and do device profiling. Based on the outcome of the profiling allow access and who gets denied will be redirected to a splash page which says why there access was rejected.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla