Security

I'm trying to apply a user rule to our primary SSID to put Windows XP devices into a limited role. I was testing with moving a specific mac address into a new role and I can see the number of hits incrementing but the set role is never applied.

Here is where I am applying it to the AAA profile:

It seems that I'm missing something and I was hoping for a nudge in the right direction.

Thanks,

Rosie

what role did it get applied ?

The role it gets is from the radius server rules passed by NPS.

Do you know if I can create an NPS rule to set role based on a dhcp fingerprint? I account for all login cases via the VSA so it sounds like user deravations wouldn't work at all then.

Thanks,

Eric

I don't believe NPS can profile a device or use DHCP fingerprints.

Does this SSID serve only corp assets or BYOD as well? 

If they're all domain joined, you can script the creation of a group with all the xp machines in it and use that group in your policy. 

@cappalli wrote:

I don't believe NPS can profile a device or use DHCP fingerprints.

 

Does this SSID serve only corp assets or BYOD as well? 

 

If they're all domain joined, you can script the creation of a group with all the xp machines in it and use that group in your policy. 

---

The SSID serves all users and none of the machines should be joined to the domain anymore. Most of them are BYOD.

take a look here:

---

@SethFiermonti wrote:

take a look here:

 

---

Thanks for the visual!