@Tom.christensen@nordialog.no wrote:
I have a costumer that uses iPAD’s in production. They want to allow iPAD’s but disallow iPHONES (and all other smart devices) to the network. They do not want to use MAC-authentication. I have looked into BYOD and it looks as iPhones and iPads are sending the same DHCP fingerprint. But the controller sees the difference (client à device types). Do anyone know how to use User Rules for this?
You are correct; the DHCP signature for an iPad and iPhone are the same. You can only use the DHCP fingerprint for a user derivation rule. The controller sees the difference in devices by inspecting the browser string, but we cannot create a user derivation rule based on a browser string. Browser strings are unreliable and can be faked, anyway, so that would not be a reliable method to disallow access.
What are the iPads using for access to the network, currently?