Assign group policies by device type question?

SOLVED
nmemmert
Here to help

Assign group policies by device type question?

So I am working on and SSID that I want to only have certain devices on. I want to use the "Assign group policies by device type" under Wireless - Configure - Access Control. My question is...if I use the windows block will it block Xbox one's and Xbox 360's?

 

Screen Shot 2019-05-31 at 10.24.56 AM.png

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

When assigning group policies using this method the Meraki kit watches http (and only http) traffic to identify what the client says it is using.

 

Typically group policies applied in this way can be slow to apply as a lot of web traffic is https based and being encrypted it can't see what the client it says it is.  It has to wait till it sees that http request.

 

This method doesn't tend to be very reliable.  So don't use it for strict enforcement.  Use it where it would be nice if it detected the OS correctly but not a big issue if it doesn't.

View solution in original post

5 REPLIES 5
SoCalRacer
Kind of a big deal

I don't have any but I am pretty sure it won't because there is a device type for Xbox and it isn't listed in the groups to filter. Meraki uses LLDP to identify devices some its not always correct.

 

The way I would check would be just change the Group Policy for Windows devices to a blank group policy that does nothing except defaults. Then go track the Xbox device down in the dashboard, check the device type it is listed as and what group policy is applied to it. If none then I would say you are safe to change the blocked policy on Windows device types.

PhilipDAth
Kind of a big deal
Kind of a big deal

When assigning group policies using this method the Meraki kit watches http (and only http) traffic to identify what the client says it is using.

 

Typically group policies applied in this way can be slow to apply as a lot of web traffic is https based and being encrypted it can't see what the client it says it is.  It has to wait till it sees that http request.

 

This method doesn't tend to be very reliable.  So don't use it for strict enforcement.  Use it where it would be nice if it detected the OS correctly but not a big issue if it doesn't.

Is there a better way to accomplish this?
PhilipDAth
Kind of a big deal
Kind of a big deal

In my opinion, there is no good way to accomplish this.  This is about as good as it gets.

nmemmert
Here to help

I was able to get ahold of a xbox one. I was able to determine that it does see it as if it was a windows 10 Computer. So I had to unblock it and apply a group policy. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels