Skip to main content

6 Messages

 • 

130 Points

Mon, Mar 31, 2014 11:13 AM

Block Android devices in one SSID

Hi, I have a 1100 Zonedirector with 10 7772 APs with WPA security.

I want to block only the Android devices, but When I make a new "Device Access Policy" in Configure-> Access Control menu: I created new policy with this optións:

Default Action if no rule is matched: Allow all by default
Order Description OS/Type Type Uplink Downlink VLAN Action
1 Android Deny DISABLE DISABLE

And now I go to configure->WLAN and choosing the SSID and in advanced option I active the Device Policy called "Block Andoid Devices".

I can see that the Android Devices are Blocked: Authorized (Blocked), but not only Android devices, this is the problem. There are many other devices With Windows 7 that are blocked. (The zonedirector can ́t read the Operatim System od the the device, it ́s blank).

PD: The 1100 Zonedirector is in 9.6 firmware. Thanks.

Responses

683 Messages

 • 

11K Points

7 years ago

In order for fingerprinting to work, the devices must be getting their IP addresses via DHCP. If they are set up that way, then please open a support case for further troubleshooting.

6 Messages

 • 

130 Points

7 years ago

Yes, I have the DHCP Server of my Zonedirector disabled, but I have other one activated in a Linux Firewall.

Android devices get the IP with the DHCP of the Firewall, but I think this Android devices is blocked. The problem is with the Windows 7 computers that are also blocked with static IPs. And I only want to block Androids.

How could I do that?

Thanks.
PD: I think that the DHCP server of Ruckus is not the best way to give dynamic IPs.

683 Messages

 • 

11K Points

7 years ago

It sounds like the WIndows 7 machines have static IP? If yes, then if you make them DHCP clients you should be able to get this working.

Ruckus doesn't have to be the DHCP server for client fingerprinting, but we do rely on DHCP snooping to detect the client information.

6 Messages

 • 

130 Points

7 years ago

Thank you, I understand. I think is not possible to assign to all my Windows 7 DHCP, Then, is not possible to block in the same network Android devices or any DHCP devices mixed with Statics?

3 Messages

 • 

102 Points

7 years ago

This is very cumbersome issue. I am running into the same issue trying to use access control but we have a group of scanners and printers that are static ips. I have found that if they join the wireless once as dhcp then set it back to static, the dhcp information is in zone director and then the rules apply.

How hard is it to make the rule "Default Action if no rule is matched: Allow all by default " allow items with no information to connect.

683 Messages

 • 

11K Points

7 years ago

If we did that, then it would be trivial to avoid the block by simply assigning your own device a static IP.

I think a better solution is to have your DHCP server assign reserved IP addresses vs statically assigning the devices themselves. This gives you the best of both worlds and centralizes IP management as well.