Restricting access to Nondomain devices


Userlevel 1
Hi everyone,

Followed this article to restrict access to non-domain devices.
https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Restricting-access-for-nondomain-devices/

But I want to assign a different role to non-domain devices other than placeholder rule. Is it possible?

1 reply

Userlevel 3
The Placeholder rule is just a temporary rule that will be assigned to all 802.1X devices. this would be your non-domain devices. However, when a device first comes in, we do not know if it is a domain or non-domain device, until we do the reverse DNS lookup, so everything gets put into this rule. Later, once we know that it is a domain device, we will reauthenticate the device and it will run through the ruleset and get the earlier rule for Domain Computers or Domain Users. This only applies to 802.1X devices. if you also use MAC authentication you will need additional rules to handle that.

Reply