Hi,
not sure if this is an approved way of doing things now, but you can assign a "legacy" role to devces by looking for specific strings in a fingerprint and then use this "legacy' role in your enforcement policy.
e.g. if you configure your mobility controller to send the user-agent-string to clearpass you can use the attached to create an enforcement policy to drop old devices into another van .. or wherever
The example below can also be modified to detect old versions of OSX and iPAD firmware
A
Original Message:
Sent: 4/26/2021 11:10:00 AM
From: BernP
Subject: Forbid iPad users to connect to internet
I'm looking for the best solution to block users who are using old models of iPad (we have around 1000 iPads that no longer update, but want to continue using without internet). I don't want them to use any WLAN availlable (corporate and guest WLAN). We are currently using Clearpass Policy manager and Aruba WLC 8.5.0.9 (Mobility master). I am new to using Clearpass and looking for the easiest way to do it. Should I prefer to block the Mac addresses in the WLC. I am looking for advice. thank you so much
------------------------------
Bernard Paquet
------------------------------