I've set up a gest SSID using WLC 4400. Everything works as expected, but my costumer requested to block access to this SSID to corporate laptops.
I guess it could only be done by MAC Address filtering, but this is not a very good solution because:
- WLC works with a permit MAC policy (can one create a deny MAC policy so I can list and deny all the corporate MACs under the Guest SSID?);
- If I apply a MAC list to the Guest SSID the only the allowed MAC will be able to see the Web Authentication page (that has been set up with instructions to call our Service Desk for the creation of a valid account).
Are there any other solutions? I also thought that maybe if there is an Active Directory rule to block an SSID, but I haven't checked it out yet. I guess this should only work if every corporate computer uses the Windows Wireless Services but I'm not sure.
Any other ideas?