Meraki

Community

Assign group policies by device type question?

Solved
nmemmert
Here to help
‎May 31 2019 7:25 AM
‎May 31 2019 7:25 AM

Assign group policies by device type question?

So I am working on and SSID that I want to only have certain devices on. I want to use the "Assign group policies by device type" under Wireless - Configure - Access Control. My question is...if I use the windows block will it block Xbox one's and Xbox 360's?

 

Screen Shot 2019-05-31 at 10.24.56 AM.png

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 31 2019 7:13 PM
‎May 31 2019 7:13 PM

When assigning group policies using this method the Meraki kit watches http (and only http) traffic to identify what the client says it is using.

 

Typically group policies applied in this way can be slow to apply as a lot of web traffic is https based and being encrypted it can't see what the client it says it is.  It has to wait till it sees that http request.

 

This method doesn't tend to be very reliable.  So don't use it for strict enforcement.  Use it where it would be nice if it detected the OS correctly but not a big issue if it doesn't.

View solution in original post

5 Replies 5
SoCalRacer
Kind of a big deal
‎May 31 2019 8:01 AM
‎May 31 2019 8:01 AM

I don't have any but I am pretty sure it won't because there is a device type for Xbox and it isn't listed in the groups to filter. Meraki uses LLDP to identify devices some its not always correct.

 

The way I would check would be just change the Group Policy for Windows devices to a blank group policy that does nothing except defaults. Then go track the Xbox device down in the dashboard, check the device type it is listed as and what group policy is applied to it. If none then I would say you are safe to change the blocked policy on Windows device types.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 31 2019 7:13 PM
‎May 31 2019 7:13 PM

When assigning group policies using this method the Meraki kit watches http (and only http) traffic to identify what the client says it is using.

 

Typically group policies applied in this way can be slow to apply as a lot of web traffic is https based and being encrypted it can't see what the client it says it is.  It has to wait till it sees that http request.

 

This method doesn't tend to be very reliable.  So don't use it for strict enforcement.  Use it where it would be nice if it detected the OS correctly but not a big issue if it doesn't.

In response to PhilipDAth
nmemmert
Here to help
‎May 31 2019 7:17 PM
‎May 31 2019 7:17 PM

Is there a better way to accomplish this?
0 Kudos
In response to nmemmert
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 31 2019 7:24 PM
‎May 31 2019 7:24 PM

In my opinion, there is no good way to accomplish this.  This is about as good as it gets.

0 Kudos
nmemmert
Here to help
‎Jun 6 2019 11:56 AM
‎Jun 6 2019 11:56 AM

I was able to get ahold of a xbox one. I was able to determine that it does see it as if it was a windows 10 Computer. So I had to unblock it and apply a group policy. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.