If a network admin is using group policies in Dashboard or wants to block/whitelist certain types of devices, MR access points support applying custom policies per device type on an individual SSID. This article outlines how to block, whitelist, or apply custom policies to wireless clients based on the device type.
To configure policies by device type:
The following sections outline some additional considerations to be kept in mind when assigning group policies by device type.
The access point will use the User-Agent string field of an HTTP GET request packet to determine the operating system of the client when it first associates, and allow or deny access accordingly. This can be observed in a packet capture, and may be helpful to gather for troubleshooting if a client doesn't appear to have the appropriate policy applied. In the image below, the User-Agent string shows the client is using Windows NT 6.1 as its OS. As such, any policy applied to Windows would affect this client:
When a client first associates to the SSID, if its device type matches one configured with a policy, the policy will be applied directly to the client's entry in Dashboard. This will cause the policy to apply automatically whenever they associate with that SSID.
To remove an automatically-assigned policy from a client, navigate to the Client Details page for that device, and change the Policy options as needed.
Note: If the SSID remains configured to apply a policy to that device type, then the policy will automatically re-apply when the client next associates to the SSID.