cancel
Showing results for 
Search instead for 
Did you mean: 

Set per-SSID device policies through API

Highlighted
Conversationalist

Set per-SSID device policies through API

I have both an "Employee" and "Guest" SSID in all our branches.  The "Employee" SSID does RADIUS auth for access, whereas the Guest SSID just redirects to a splash page.  Management would like to prohibit all corporate-owned laptops and mobile phones from joining the Guest network.  In the dashboard, I can just set per-SSID policies and deny access to the Guest, but I can't seem to find a way to do that in the API.  I'm trying to write a script that will grab the wireless MACs from our inventory and MDM system and push them into all the wireless networks out there.

3 REPLIES
Building a reputation

Re: Set per-SSID device policies through API

Only option I see via API is to update group policy assigned to a single device on a specific network.

{{baseUrl}}/networks/{{networkId}}/clients/{{clientMac}}/policy?timespan=2592000

{
"devicePolicy": "group",
"groupPolicyId": 102
}

I honestly think it would be easier to do this via the dashboard. Show only the corp SSID for the past 30 days, and just select all the corp devices on the client list view and change the policy to different policies by SSID and block them from guest.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Kind of a big deal

Re: Set per-SSID device policies through API

Definately do this via the dashboard.

 

First bring up a list of all the clients on the employee SSID, and select them all.

 

Screenshot from 2018-11-09 12-57-42.png

Then apply a group policy noting to block access to your guest SSID.

Screenshot from 2018-11-09 12-58-20.png

 

You should be finished in about half a dozen mouse clicks.

Conversationalist

Re: Set per-SSID device policies through API

Yeah that's what I'm coming up with.  I can get the MAC addresses easy enough, but there are 16 wireless networks (one per branch) and doing the copy-paste routine every time we add a laptop or mobile will get old quickly Smiley Happy

 

At least I can use my script to gather the list of MAC addresses, and cut down on that bit of information gathering.