With BYOD Onboarding, you can restrict access for new wireless clients until you have approved the client. For example, users may bring their personal smart phone, laptop, or tablet from home and attempt to connect to your wireless network.
You can redirect these restricted clients to a web page portal while all other network access for these clients is blocked. You will need to host the web page that describes to wireless clients why access is restricted and who to contact for access approval. In the BYOD Onboarding configuration, you can define this redirect URL where you send restricted clients.
To grant access to a client, you must manually classify the wireless client as an Authorized client.
To change the WIPS classification category for a wireless client:
- In Manage, select Monitoring > Security > Clients.
- Select the location of the client.
- Select the check box for the client whose classification you want to change.
- Click the icon on the toolbar.
- Select Authorized.
Before you enable BYOD Onboarding, you must configure these WIPS settings to take actions on clients:
- Open Manage.
- Select Configuration > WIPS.
- Select Client Auto-classification.
- In the Initial Client Classification section, select the Automatically classify newly discovered Clients at this location as check box, then from the drop-down list, select External.
- Go to Configuration > WIPS > Intrusion Prevention.
- In the Unauthorized Associations to Authorized APs section, enable the Clients other than Authorized connecting to Authorized APs check box.
- In the Client Prevention section, expand Special Handling for Smart Devices.
- Select the Enable Special Handling for Unapproved Smart Devices check box.
- Select an option based on your security requirements:
- Allow connection to Guest AP, but not Authorized AP
- Do not allow connection to Guest AP and Authorized AP
- Go to Configuration > WIPS > Intrusion Prevention Activation.
- Select the location to enable Intrusion Prevention.
- Select the Activate Intrusion Prevention for Location 'Locations' check box.
- Click Save.
Configure BYOD Onboarding
To configure BYOD Onboarding:
- Select Configuration > Device Configuration > SSID Profiles.
- Select an SSID Profile.
- Expand the BYOD - Device Onboarding section.
- Select the Enable BYOD - Device Onboarding check box.
- Select Smartphones/Tablets Only if you want onboarding to be enabled for unapproved smart clients only, and not for other wireless clients, such as laptops. Select All Clients if you want to enable this option for all types of unapproved wireless clients.
- Specify the URL of your web page in the Redirect to URL text box. New wireless clients are redirected to this URL when they attempt a web request.
Make sure that this web page describes why the client's access is restricted and who they can contact to gain access.
You must add the IP address or hostname of the web page host to the Walled Garden settings for the redirection to work.
Select Enable HTTPS Redirection to securely redirect a user to the web page when the user tries to access an HTTPS site. If HTTPS Redirection is not enabled, the client is not redirected to the portal if they browse to an HTTPS site. Type the organization details (Common Name, Organization, and Organization Unit) to use for HTTPS redirection purposes.
- Click Add or Remove to manage IP addresses or hostnames in the Walled Garden settings.
You can add any hostname or IP address that you want client's to access while being restricted from other sites. Make sure you add the host name of your server that hosts the URL where restricted clients will be redirected.
- Click Save.