Hi Javier, All,
Yes, it exists. I use the deviceTypeGroupPolicies API.
Since Device Type policies are applied to the SSID and not the network, you must repeat this process for every SSID on your network:
PUT https://n490.meraki.com/api/v1/networks/L_YOURNETWORKidHERE/wireless/ssids/SSIDidHERE/deviceTypeGrou...
I use that API with this JSON configuration:
{
'enabled': True,
'deviceTypePolicies': [
{'deviceType': 'Android', 'devicePolicy': 'blocked'},
{'deviceType': 'BlackBerry', 'devicePolicy': 'blocked'},
{'deviceType': 'Chrome OS', 'devicePolicy': 'blocked'},
{'deviceType': 'iPad', 'devicePolicy': 'blocked'},
{'deviceType': 'iPhone', 'devicePolicy': 'blocked'},
{'deviceType': 'iPod', 'devicePolicy': 'blocked'},
{'deviceType': 'B&N Nook', 'devicePolicy': 'blocked'},
{'deviceType': 'Mac OS X', 'devicePolicy': 'blocked'},
{'deviceType': 'Other OS', 'devicePolicy': 'allowed'},
{'deviceType': 'Windows', 'devicePolicy': 'allowed'},
{'deviceType': 'Windows Phone', 'devicePolicy': 'blocked'}
]
}
You may adjust it with your own policy.
I saw other comments claiming that this feature doesn’t work at all. I agree it’s not perfect; however, I think you have to understand how it works first before using it.
In this case, maybe you noticed that I allow access to Windows and Other OS devices.I have to allow Other OS since the process to determine the OS is a best-effort. In some cases, Windows machines may be blocked because there isn’t enough information to decide it is a Windows device, and the access is denied because it was detected as Other when the Other OS device type was blocked. Later, with more network traffic, it will decide that the device is Windows, changing the device type from Other OS to Windows.
However, if Other OS device type is blocked, the device type will never change from Other OS to Windows.
As I said before, it's not perfect, but it's better than nothing.
Regards,
/Christian
