Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
5
Helpful
5
Replies

SSID to allow BYOD's and not allow Company PC's accee

Go to solution
jimmyfoddrell
Level 1
Level 1

‎05-07-2014 11:54 AM - edited ‎07-05-2021 12:47 AM

I have a WLC 2504 with (2) 3702 AP's. I have successfully set up a SSID (Internal Laptops)  for the internal users to connect to the local LAN. I am now trying to create a SSID (Public)  for the employees and guest to use their BYOD's. The issue I am having is attempting to block the company laptops from the Public SSID. I have attempted using my W2K3 server IAS and setting up the radius info in the WLAN I created for this SSID. I just cant seem to get anything to work. I have searched everywhere for answers but not had any luck. Has anyone ever done this? Thanks in Advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ericgarnel
Level 7
Level 7

‎05-08-2014 06:43 AM

What you need is a mechanism to deal with "client missassocation"

A WiPS engine can identify clients by MAC address and de-auth them based on the SSID policy.

If the client joins "Guest"  they are knocked off.  They are not knocked if they join "corp"  

Motorola AirDefense and AirTight  WiPS both provide such functionality.  One of my customers used it very effectively in conjunction with a CUWN infrastructure.

Eric

Please rate if this was helpful

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ericgarnel
Level 7
Level 7

‎05-08-2014 06:43 AM

What you need is a mechanism to deal with "client missassocation"

A WiPS engine can identify clients by MAC address and de-auth them based on the SSID policy.

If the client joins "Guest"  they are knocked off.  They are not knocked if they join "corp"  

Motorola AirDefense and AirTight  WiPS both provide such functionality.  One of my customers used it very effectively in conjunction with a CUWN infrastructure.

Eric

Please rate if this was helpful

0 Helpful

Go to solution
jimmyfoddrell
Level 1
Level 1

‎05-08-2014 07:04 AM

Thanks Eric for your reply. I was able to get it working via IAS. It is a little more administration involved, but it does what I needed. Thanks/

0 Helpful

Go to solution
ericgarnel
Level 7
Level 7
In response to jimmyfoddrell

‎05-20-2014 06:27 AM

Jim,

Excellent!  And thank you for the rating!

By Chance, would you be able to share your steps?  I have a few customers who could use the same functionality with their IAS

Eric

Go to solution
jimmyfoddrell
Level 1
Level 1

‎05-20-2014 08:29 AM

I thought it was working, but it was very inconsistent. I ended up using the DHCP DENY rules on the Windows 2008 DHCP server.

0 Helpful

Go to solution
Matthew Knott
Level 1
Level 1

‎05-28-2014 05:28 PM

Hi Jimmy,  If you are running Windows based laptops in an Active Directory environment,  I added the Guest SSID to the Group policy as a "Disabled" SSID.   Then none of our corporate Windows laptops can access the Guest SSID.  Works a Treat!

Matthew

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card