We have a Cisco ISE 2.0 and WLC 2400's. We have an SSID for all company PC's to join through AD authentication. That works great.
This authorization rule currently allows any device to connect, meaning mobile devices and tablets. We have a policy that only exec and company paid for devices can be on wireless.
To prohibit mobile devices from connecting, we added a new Rule for Profiled devices to connect only if in a particular AD group(MobileWirelessAccess), which is for execs and those approved to connect. We also changed the Rule for the company to be Workstations instead of Any. This was very flaky and did not work most of the time. Only when we have the Rule for the SSID set to ANY does it work correctly.
Im not sure if the rules are not correct or if we need to create a portal only for execs or what. We are not sure how to create a portal that would allow access for execs only. We already have an SSID for visitors and guests that is controlled by accounts on the WLC.
As you can see from the attachment, ywlan is the rule for everyone to connect currently set to ANY
Also, the employee attachment is set to monitor only which was created for the mobile device restriction.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.