Meraki Community

PMH

I'm facing in IOS mobile device blocking. In this case, some ios devices can be blocked and other ios devices do not block from ssid policy. How can I resolved this, pls support for this ASAP.

I already tested as per cisco documentation but still cannot solve above issue.

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Applying_Policies_by_Device_Type#...

SamerAl

Hi@PMH,

As mentioned in the documentation you linked, the access point will use the User-Agent string field of an HTTP GET request packet to determine the operating system of the client when it first associates, and allow or deny access accordingly.

Some clients may misidentify themselves when specifying the User-Agent string field of an HTTP GET request.

did you try to take a packet capture while one of those devices/Clients are trying to connect to the WIFI ?

Can you see if the devices are misidentifying themselves?

you can check what sort of device has been misidentified by looking at the pcket capture and filtering by http to check the http Get request.

If this device is misidentifying itself as another operating system not IOS. then the device type policy enforcement is done on a best-effort basis, dependent upon the information that the client provides.

When needing to enforce security-focused policies based on device type, please leverage solutions such as Meraki Systems Manager, or Cisco ISE.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution " so that others can benefit from it.

PhilipDAth

This feature is not 100% reliable. Sometimes, it can take a while before Meraki can recognise what kind of client it is (so they may be allowed access for 10 minutes and then blocked).

Meraki Community

Meraki AP IOS device block issue from Dashboard

Meraki AP IOS device block issue from Dashboard