iDentiFi 802.1x using NAC. deny all devices that are non-domain

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
how to configure 802.1x in NAC to deny all devices that are not member of the domain?
Photo of Marlon

Marlon

  • 1,570 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Just setup your NAC rule to do it. If the computer isn't in AD, let it fall through to a reject policy. Look at the documentation for filtering on computer name in domain. It's fairly easy.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 46,958 Points 20k badge 2x thumb
Here a example if you want to create a explicit rule for NOT in AD group X.

A user with..
- authentication 802.1X PEAP
- NOT in AD group Team (checkmark invert on the right)
- end system group WLAN_Team
- Location Zone Home & SSID Secure Access
will get a Deny Access Rule

So you set the "invert" to reverse the rule = NOT in this AD group

Photo of Marlon

Marlon

  • 1,570 Points 1k badge 2x thumb
Thanks Ronald!