Block Android devices in one SSID

  • 2
  • Question
  • Updated 4 years ago
Hi, I have a 1100 Zonedirector with 10 7772 APs with WPA security.

I want to block only the Android devices, but When I make a new "Device Access Policy" in Configure-> Access Control menu: I created new policy with this optións:

Default Action if no rule is matched: Allow all by default
Order Description OS/Type Type Uplink Downlink VLAN Action
1 Android Deny DISABLE DISABLE

And now I go to configure->WLAN and choosing the SSID and in advanced option I active the Device Policy called "Block Andoid Devices".

I can see that the Android Devices are Blocked: Authorized (Blocked), but not only Android devices, this is the problem. There are many other devices With Windows 7 that are blocked. (The zonedirector can ́t read the Operatim System od the the device, it ́s blank).

PD: The 1100 Zonedirector is in 9.6 firmware. Thanks.

Photo of Juan

Juan

  • 6 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 2
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes
In order for fingerprinting to work, the devices must be getting their IP addresses via DHCP. If they are set up that way, then please open a support case for further troubleshooting.
Photo of Juan

Juan

  • 6 Posts
  • 0 Reply Likes
Yes, I have the DHCP Server of my Zonedirector disabled, but I have other one activated in a Linux Firewall.

Android devices get the IP with the DHCP of the Firewall, but I think this Android devices is blocked. The problem is with the Windows 7 computers that are also blocked with static IPs. And I only want to block Androids.

How could I do that?

Thanks.
PD: I think that the DHCP server of Ruckus is not the best way to give dynamic IPs.
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes
It sounds like the WIndows 7 machines have static IP? If yes, then if you make them DHCP clients you should be able to get this working.

Ruckus doesn't have to be the DHCP server for client fingerprinting, but we do rely on DHCP snooping to detect the client information.
Photo of Juan

Juan

  • 6 Posts
  • 0 Reply Likes
Thank you, I understand. I think is not possible to assign to all my Windows 7 DHCP, Then, is not possible to block in the same network Android devices or any DHCP devices mixed with Statics?
Photo of Jennifer Rogers

Jennifer Rogers

  • 3 Posts
  • 0 Reply Likes
This is very cumbersome issue. I am running into the same issue trying to use access control but we have a group of scanners and printers that are static ips. I have found that if they join the wireless once as dhcp then set it back to static, the dhcp information is in zone director and then the rules apply.

How hard is it to make the rule "Default Action if no rule is matched: Allow all by default " allow items with no information to connect.
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes
If we did that, then it would be trivial to avoid the block by simply assigning your own device a static IP.

I think a better solution is to have your DHCP server assign reserved IP addresses vs statically assigning the devices themselves. This gives you the best of both worlds and centralizes IP management as well.