Is there a way of restricting the type of device that is allowed to connect to an SSID? One of our customers has an SSID that is enabled for Radius authentication and unless you have a laptop that is part of the domain it will not be allowed to connect, which is what they want. However the exception to this is if a user has a mobile device such as an android or apple device they are able to download a certificate once they authenticate with their domain credentials and connect. Is there a way of stopping the mobile devices connecting?
Customer comments below:
From what I can tell with the wifi, is that - with or without a Radius policy (if its not a domain joined laptop) you can’t seem to logon with staff or student credentials which is fine. However with Andrio\IOS tested on ipad and phone, you can log onto "staff_SSID" with staff or student credentials and also, even before you get to smoothwall to sign in, Apps will update such as Facebook.
Ideally Id like to lock down the Staff to work effectively without mobile and apple devices being able to connect.
Ipad asks to trust the school DC Cert and then lets you in. Android lets you straight in.
They currently have a v9 wireless controller without NAC.