Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Block Andriod Devices

Hello Freinds ,

is there any way that i can block andriod devices to connect to a specific SSID on wlan controllers.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Block Andriod Devices

Hi Faisal.

For sure, the WLC does not have a solution for this.

However, there is another simple approach using DHCP-Fingerprint.

DHCP as per RFC 2132 is setup with multiple vendor specific options.

Use of DHCP options is vendor-, device-, and OS-dependent, which creates significant differences in the DHCP packets generated by various devices and thus constitutes a DHCP Fingerprint.

If you have a Stateful Firewall that can do a deep packet inspection, then the Android devices can easily be identified and blocked.

Regards

Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****
7 REPLIES
VIP Purple

Block Andriod Devices

HI Faisal,

I dont think Controller has ability to identify the client as mobile device and block the wifi. It just considers that as a client seekign conenctivity.

Cisco Identity Services Engine(ISE) with either Wireless or Advanced license set, enable profiling, and tie in the device profile into the authorization policy.

I would strongly suggest using AD, LDAP or some kind of external identity store to verify user identity, however, on top of the device profile.

Regards

Dont forget to rate helpful posts

Silver

Re: Block Andriod Devices

Cisco ISE is  a very good solution for profiling and posturing and can provide you greater control on the network

Re: Block Andriod Devices

Hi Faisal.

For sure, the WLC does not have a solution for this.

However, there is another simple approach using DHCP-Fingerprint.

DHCP as per RFC 2132 is setup with multiple vendor specific options.

Use of DHCP options is vendor-, device-, and OS-dependent, which creates significant differences in the DHCP packets generated by various devices and thus constitutes a DHCP Fingerprint.

If you have a Stateful Firewall that can do a deep packet inspection, then the Android devices can easily be identified and blocked.

Regards

Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****
New Member

Re: Block Andriod Devices

Thanks Victor for your reply, your solutions sems to be more easy and doable in current situation howevre i need to know more about it if you provide me any document and you ever implemented it please share with me it wiil be big support for me. Thanks

Regards,

Re: Block Andriod Devices

Hi Faisal,

Sorry .. I have not implemented this so far.

You may need to do find out a device that understand "DHCP Fingerprint" to do this job.

AFAIK, Infoblox can do this.

I'll search for any doc on my HDD..If I get more information, i'll attach it for you.

Regards
Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****
Hall of Fame Super Gold

Block Andriod Devices

If you want Device Fingerprinting, then talk to InfoBlox.

DHCP Fingerprinting starting with NXOS 6.7.X.

New Member

Re: Block Andriod Devices

Not sure if this will work for you, haven't tested myself. In 7.5 and newer code you can now do dhcp/http profiling on wlc. You can also build local policies as well

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/NativeProfiling75.html



Sent from Cisco Technical Support iPhone App

656
Views
10
Helpful
7
Replies
CreatePlease to create content