Wifi Devices filtering

  • 0
  • 1
  • Question
  • Updated 7 months ago
  • Answered
Hi. I'm a french wifi network administrator and I'm using VX900 and NX7510. I need to block iOS et Android device from my GUEST Wifi (this network should be used only for LAPTOP). I tried to configure fingerprint filtering but for every new devices model, there is new fingerprint. So the filtering need to be permanently updated/managed. Is there a filtering system a little more evolved?
Photo of Cedrik76

Cedrik76

  • 100 Points 100 badge 2x thumb

Posted 7 months ago

  • 0
  • 1
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
Hi,

you can do it the vice versa, only allow Windows. Or block iOS and Android. That are the only two options.
Photo of Cedrik76

Cedrik76

  • 100 Points 100 badge 2x thumb
Hi and thank you for your answer.
In my policies, I have not "windows" listed in client identity. Where do you find it?
Wich kind of parameters do you use to do this?
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
Configuration -> Security -> Device Fingerprinting -> Client Identity

If you create add a new, you can select "Predefined". Under this settings I can add Windows, Android, iOS...

Example:
client-identity Windows-10 dhcp 1 message-type request option 55 exact hexstring 01002710792c78
 dhcp 5 message-type request option 60 exact ascii "MSFT 5.0"
 dhcp-match-message-type request
!
client-identity Windows-7
 dhcp 2 message-type request option 55 exact hexstring 010f03062c2e2f1f2179f92b
 dhcp 9 message-type request option 60 exact ascii "MSFT 5.0"
 dhcp-match-message-type request
!
client-identity Windows-8
 dhcp 1 message-type request option 55 exact hexstring 010f03062c2e2f1f2179f9fc2b
 dhcp 5 message-type request option 60 exact ascii "MSFT 5.0"
 dhcp-match-message-type request
!
client-identity-group Group-ok client-identity Windows-8 precedence 1
 client-identity Windows-7 precedence 2
 client-identity Windows-10 precedence 3
 load default-fingerprints

To this "Group" ok you can add a allow all firewall and default is deny all. Or you test it the other way, create a rule for android and iOS with the deny rule and default is allow all.
Photo of Cedrik76

Cedrik76

  • 100 Points 100 badge 2x thumb
ho yes! I will try this!!

many thanks!
Photo of Cedrik76

Cedrik76

  • 100 Points 100 badge 2x thumb
I can apply Wireless Client Role Policy only on the profile (so on all SSID). I want to apply this rule on GUEST only.