Thank you for the information. The reason why I am inquring is because I am trying to utilize airgroups to allow isolation of devices on a per user basis using CPPM. Hwoever there is a limitation to AirGroups since the custom protocol I need is not available on there.
Another method I was thinking would work is if there is a way to completely isolate devices that users register on the Clearpass Guest Portal. Ideally, a user will register the mac-address of their devices, and once connected to the network, only have access to the Internet and the other devices that they registered.
Is this something that can be done with the "Deny Inter-User" configuration?