Is there any way to block Windows 7 from accessing the network?

Solved
CodeMercenary
Here to help

Is there any way to block Windows 7 from accessing the network?

I hope this isn't a dumb question but I'm not a network expert, I'm just in charge of taking care of our network. We have a MX64, MS220-8P and MR33. With the looming loss of support for Windows 7 I've been wondering if it would be possible to cut all Win 7 clients off from the internet or possibly from the whole network. I'm working to make sure any machines that actually need to be used are replaced or upgraded but just in case someone brings in a laptop from home or there's one lurking around here it would be nice to block it. Even better would be to block everything prior to Win 7 as well.

 

I see that the Meraki dashboard knows if a client is Windows 7, 8 or 10. Seems like it might theoretically be possible to do what I want, even if it wasn't perfect. False negatives would be preferred over false positives - in other words, I'd rather let a Win 7 machine touch the web occasionally than block a Win 10 machine.

 

FYI, I work in a very small office so I'm not in danger of a major riot if this goes badly. I'd just like some technical prevention to back up my requests to leave Win 7 devices off the network.

1 Accepted Solution
pjc
A model citizen

@CodeMercenary  So under the MR dashboard under clients, you can see in the dashboard that they have previously connected (last 30 days) and/or are currently connected.  Now that you have them listed in dashboard (under OS they are indentified as Windows 7 - you can search for just windows 7 etc), if you select each one and then apply to a policy you have created that either limits what they can access or block them entirely using the default 'block' action

 

Capture.JPG

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Practically, no.

GIdenJoe
Kind of a big deal
Kind of a big deal

You would need a full solution like Cisco ISE to profile your clients before letting them onto the network.
It at least merits investigation if you can completely profile clients on OS version.

pjc
A model citizen

@CodeMercenary  So under the MR dashboard under clients, you can see in the dashboard that they have previously connected (last 30 days) and/or are currently connected.  Now that you have them listed in dashboard (under OS they are indentified as Windows 7 - you can search for just windows 7 etc), if you select each one and then apply to a policy you have created that either limits what they can access or block them entirely using the default 'block' action

 

Capture.JPG

CodeMercenary
Here to help

I'm a little torn on what to mark as a solution. All three answers are correct. There isn't really a way to do what I want in the way I suggested so Phillip's answer is technically correct. Meanwhile Joe's answer would lead me to be able to do what I want but with different hardware. Then there's pjc's answer that seems to be a viable workaround using the hardware I have. Thank you everyone for answering my question from every direction.
Get notified when there are additional replies to this discussion.