Header Only - DO NOT REMOVE - Extreme Networks

iDentiFi 802.1x using NAC. deny all devices that are non-domain

Userlevel 2
how to configure 802.1x in NAC to deny all devices that are not member of the domain?

3 replies

Just setup your NAC rule to do it. If the computer isn't in AD, let it fall through to a reject policy. Look at the documentation for filtering on computer name in domain. It's fairly easy.
Userlevel 7
Here a example if you want to create a explicit rule for NOT in AD group X.

A user with..
- authentication 802.1X PEAP
- NOT in AD group Team (checkmark invert on the right)
- end system group WLAN_Team
- Location Zone Home & SSID Secure Access
will get a Deny Access Rule

So you set the "invert" to reverse the rule = NOT in this AD group

Userlevel 2
Thanks Ronald!