cancel
Showing results for 
Search instead for 
Did you mean: 

XIQ-C Policy

XIQ-C Policy

Christopher_Tay
Contributor

I am trying to block Apple Watches on my wireless network but having difficulty getting it working.

I have followed the steps in the guide.

I have created a group based on the hostname "Watch"

Christopher_Tay_0-1747410024225.png

This puts the device in to the group

Christopher_Tay_1-1747410225282.png

I have created a rule with an accept policy of "Deny Access"Christopher_Tay_2-1747410353989.png

I have configured my "Deny Access" role to Deny for default action.  I have also tried a L2 rule that denies traffic to any MAC.  The role is associated with the device group that includes the AP I am testing on.

Christopher_Tay_3-1747410519240.png

I have also tried testing with the system Blacklist group and rule and that doesn't block traffic to my test device either.

What is it that I'm missing?

Thanks for your help

 

 

 

 

1 REPLY 1

iDavidHere
New Contributor

Hey, your setup looks close but the main issue is usually that Apple Watches don’t consistently match hostname-based rules like “Watch,” so the group may not catch them every time. On top of that, they often use randomized MAC addresses which can bypass simple L2 or MAC-based blocking attempts. You might get better results using device fingerprinting or OUI-based matching instead of relying on hostname. Also make sure the deny role is being applied after auth, otherwise the device can still slip through with default access.

John David
GTM-P2G8KFN