This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

iDentiFi 802.1x using NAC. deny all devices that are non-domain

iDentiFi 802.1x using NAC. deny all devices that are non-domain

Marlon
New Contributor III

‎06-16-2016 03:39 AM

how to configure 802.1x in NAC to deny all devices that are not member of the domain?
0 Kudos
3 REPLIES 3

Marlon
New Contributor III

‎06-28-2016 01:20 PM

Thanks Ronald!
0 Kudos

Ronald_Dvorak
Honored Contributor

‎06-16-2016 05:06 AM

Here a example if you want to create a explicit rule for NOT in AD group X.

A user with..
- authentication 802.1X PEAP
- NOT in AD group Team (checkmark invert on the right)
- end system group WLAN_Team
- Location Zone Home & SSID Secure Access
will get a Deny Access Rule

So you set the "invert" to reverse the rule = NOT in this AD group

71e2aaaf60c349598171f40b80f1d055_RackMultipart20160616-58618-fu1ixo-NAC_rule_invert_inline.png


0 Kudos

Jeremy_Gibbs
Contributor

‎06-16-2016 04:12 AM

Just setup your NAC rule to do it. If the computer isn't in AD, let it fall through to a reject policy. Look at the documentation for filtering on computer name in domain. It's fairly easy.
0 Kudos
GTM-P2G8KFN