Here in this short technote I’ll show how to restrict the guest access from the corporate devices that are meant to connect to corporate dot1x wireless instead. This is a common requirement for organisation to restrict access for the corporate devices to connect to their guest WiFi network.
The main process in this solution is to add an attribute to the endpoint database in ClearPass for the corporate devices, when they connect to the dot1x wireless network for the first time. Then you can build an enforcement policy for guest service in ClearPass to block access for devices that have that endpoint database attribute.
Hope you’ll find it useful and as always please send through your feedbacks to improve it.