Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group Policies do not apply to IOS devices

Jriv
Comes here often
‎Jul 13 2023 12:54 PM
‎Jul 13 2023 12:54 PM

Group Policies do not apply to IOS devices

I am trying to make a rule that sends all IOS devices to a seperate VLAN On my corporate network. The problem is when I assign "Group Policies by Device Type" the Meraki does not seem to be able to recognize and apply policy to IOS devices.

 

So lets just say I wanted to block iPhones from connecting to an SSID all together. I can't even do that right now. 
Is there any timeline as to when this may be fixed?

Labels:
0 Kudos
Subscribe
8 Replies 8
UKDanJones
Building a reputation
‎Jul 13 2023 1:14 PM
‎Jul 13 2023 1:14 PM

the device type thing doesn’t work… don’t rely on it. If you want a specific device on a specific VLAN use the iPSK function. You could also use another SSID but don’t use too many or you’ll cause other issues. 

Please feel free to hit that kudos button
0 Kudos
Subscribe
In response to UKDanJones
Jriv
Comes here often
‎Jul 13 2023 3:24 PM
‎Jul 13 2023 3:24 PM

it is looking like I got this to work by just switching back to the old dashboard view and saving again,

 

i will try to replicate in another environment and reply back with my results!

0 Kudos
Subscribe
In response to UKDanJones
Jriv
Comes here often
‎Jul 17 2023 11:56 AM
‎Jul 17 2023 11:56 AM

NVM, It was just working Intermittently. Is the IPSK function the way to go here? Probably need Cisco ISE. Weird they offer the whole "Policy by Device Type" portion if it really does not work at all

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 1:17 PM
‎Jul 13 2023 1:17 PM

Some clients may misidentify themselves when specifying the User-Agent string field of an HTTP GET request. Device type policy enforcement is done on a best-effort basis, dependent upon the information that the client provides. When needing to enforce security-focused policies based on device type, please leverage solutions such as Meraki Systems Manager, or Cisco ISE. 

 

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Applying_Policies_by_Device_Type#....

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Jriv
Comes here often
‎Jul 13 2023 3:25 PM
‎Jul 13 2023 3:25 PM

 

I think I got this to work just by switching back to the old dashboard view and saving again,

 

i will try to replicate in another environment and reply back with my results!

0 Kudos
Subscribe
In response to alemabrahao
Jriv
Comes here often
‎Jul 17 2023 12:01 PM
‎Jul 17 2023 12:01 PM

I just got lucky when it worked a couple times. It does not work consistently 😞

 

I do have Meraki SM, but wouldn't I need an agent on all devices that came into the building? I want to block all iPhone's from corp WIFI, these are personal devices so I couldn't put an agent on them. With Meraki SM can I do this?

 

I feel like what I am trying to accomplish may only be possible with ISE.

 

Does Meraki have any intention of making "Group Policies by Device Type" actually work? I guess that would go against their own dollar doing that.

0 Kudos
Subscribe
In response to Jriv
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 17 2023 12:35 PM
‎Jul 17 2023 12:35 PM

Yes, to use SM you need to install the agent on each device.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Jriv
Comes here often
‎Jul 13 2023 3:25 PM
‎Jul 13 2023 3:25 PM

Nvm. I think this works now I switched back to old dashboard view. Will circle back once I have replicated this in multiple environments 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.