topic RE: iDentiFi 802.1x using NAC. deny all devices that are non-domain in ExtremeWireless (Identifi) https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42784#M3317 Just setup your NAC rule to do it. If the computer isn't in AD, let it fall through to a reject policy. Look at the documentation for filtering on computer name in domain. It's fairly easy. Thu, 16 Jun 2016 11:12:00 GMT Jeremy_Gibbs 2016-06-16T11:12:00Z iDentiFi 802.1x using NAC. deny all devices that are non-domain https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42783#M3316 how to configure 802.1x in NAC to deny all devices that are not member of the domain?<BR /> Thu, 16 Jun 2016 10:39:00 GMT https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42783#M3316 Marlon 2016-06-16T10:39:00Z RE: iDentiFi 802.1x using NAC. deny all devices that are non-domain https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42784#M3317 Just setup your NAC rule to do it. If the computer isn't in AD, let it fall through to a reject policy. Look at the documentation for filtering on computer name in domain. It's fairly easy. Thu, 16 Jun 2016 11:12:00 GMT https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42784#M3317 Jeremy_Gibbs 2016-06-16T11:12:00Z RE: iDentiFi 802.1x using NAC. deny all devices that are non-domain https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42785#M3318 Here a example if you want to create a explicit rule for NOT in AD group X.<BR /> <BR /> A user with..<BR /> - authentication 802.1X PEAP<BR /> - NOT in AD group Team (checkmark invert on the right)<BR /> - end system group WLAN_Team<BR /> - Location Zone Home &amp; SSID Secure Access<BR /> will get a Deny Access Rule<BR /> <BR /> So you set the "invert" to reverse the rule = NOT in this AD group<BR /> <BR /> <P class="fancybox-image"><span class="lia-inline-image-display-wrapper" image-alt="71e2aaaf60c349598171f40b80f1d055_RackMultipart20160616-58618-fu1ixo-NAC_rule_invert_inline.png"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/5603i75B0464DC1B4265D/image-size/large?v=v2&amp;px=999" role="button" title="71e2aaaf60c349598171f40b80f1d055_RackMultipart20160616-58618-fu1ixo-NAC_rule_invert_inline.png" alt="71e2aaaf60c349598171f40b80f1d055_RackMultipart20160616-58618-fu1ixo-NAC_rule_invert_inline.png" /></span></P><BR /> Thu, 16 Jun 2016 12:06:00 GMT https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42785#M3318 Ronald_Dvorak 2016-06-16T12:06:00Z RE: iDentiFi 802.1x using NAC. deny all devices that are non-domain https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42786#M3319 Thanks Ronald!<BR /> Tue, 28 Jun 2016 20:20:00 GMT https://community.extremenetworks.com/t5/extremewireless-identifi/identifi-802-1x-using-nac-deny-all-devices-that-are-non-domain/m-p/42786#M3319 Marlon 2016-06-28T20:20:00Z