Restricting access to Nondomain devices

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Hi everyone,

Followed this article to restrict access to non-domain devices.

But I want to assign a different role to non-domain devices other than placeholder rule. Is it possible?
Photo of Karthik


  • 450 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
The Placeholder rule is just a temporary rule that will be assigned to all 802.1X devices. this would be your non-domain devices. However, when a device first comes in, we do not know if it is a domain or non-domain device, until we do the reverse DNS lookup, so everything gets put into this rule. Later, once we know that it is a domain device, we will reauthenticate the device and it will run through the ruleset and get the earlier rule for Domain Computers or Domain Users.
This only applies to 802.1X devices. if you also use MAC authentication you will need additional rules to handle that.