Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wireless Access control policy not blocking OS

TEAM-ind
Getting noticed
‎Jul 25 2024 6:37 AM
‎Jul 25 2024 6:37 AM

Wireless Access control policy not blocking OS

I have configured an SSID with an access control policy to block iPhone and Android operating systems.  This used to work quite well to keep mobile devices off this SSID.  However, it does not seem to work at all for iPhones anymore, and is not very effective for Android devices either.  

 

Does anyone else use this feature, and if so, do you have any success?

 

This is what it looks like:

 

TEAMind_0-1721914601739.png

 

Labels:
0 Kudos
Subscribe
5 Replies 5
ConnorL
Meraki Employee
Meraki Employee
‎Jul 25 2024 7:13 AM
‎Jul 25 2024 7:13 AM

Hey @TEAM-ind ,

 

As per the KB "Applying Policies by Device Type"

 

Note: Some clients may misidentify themselves when specifying the User-Agent string field of an HTTP GET request. Device type policy enforcement is done on a best-effort basis, dependent upon the information that the client provides. When needing to enforce security-focused policies based on device type, please leverage solutions such as Meraki Systems Manager, or Cisco ISE. 

 

You'd be better off limiting the PSK or credentials to prevent mobile users from connecting to the required SSID in the first place, as group policy by device type is not 100% bullet proof.

Subscribe
In response to ConnorL
TEAM-ind
Getting noticed
‎Jul 25 2024 8:27 AM
‎Jul 25 2024 8:27 AM

Sure.  I'm just thinking this feature should "kinda" work.

 

I'd be encouraged by 50%, really.  But with the iphone devices, it seems to be approaching 0%.

0 Kudos
Subscribe
In response to TEAM-ind
ConnorL
Meraki Employee
Meraki Employee
‎Jul 25 2024 8:59 AM
‎Jul 25 2024 8:59 AM

I'd recommend opening a support ticket in that case, as they should be able to identify the USER-AGENT the device presents to ensure it's what we'd expect for an iOS / Android device.

0 Kudos
Subscribe
In response to ConnorL
TEAM-ind
Getting noticed
a month ago
a month ago

OK.  Just to be clear: the Meraki is correctly identifying the client as an Apple iphone, it's even getting the OS version, correct.  But the policy applied to the SSID is not blocking the device.  

0 Kudos
Subscribe
In response to TEAM-ind
ConnorL
Meraki Employee
Meraki Employee
a month ago
a month ago

Hey @TEAM-ind, in that case a Support ticket would be your best bet. Feel free to drop me a DM with a link to the specific client you're testing with and I'll take a peek.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.