Wireless Access

We have a SSID for non 802 devices like gaming consoles on campus.  We use ClearPass portal for users to register these devices via MAC.  We have found that many are registering their 802 devices as well and would like to prevent any 802 device from connecting to this SSID.  Suggestion on how to accomplish this would be appreciated.

If you know Device Types of those non 802.1X Devices, you could use the Profiler to get rid of all the other Device Types like Smartphones, etc.

Another thing could be that you place Sponsored Registration, where a Sponsor must allow registered Devices before they can gain access to the network.

Can you show me how I would do the first part?  Do not want to get someone bogged down with having to do that all day.

THANKS!

Another possibility is to create an Enforcement Profile where all disallowed Device Types get a "Deny Access Profile".

You can set the rule the way you like with allow or disallow of Device Types.

Can you send me a link on how to do this - just might work.  Thank you

Have you seen the attachment of my Reply?

There is a picture which shows how to configure.

When a device authenticates successfully using dot1x, you flag it by setting an attribute in the Endpoint Repository (e.g. Dot1xEnabled = True)

Then in your MAC Auth service for the non-dot1x SSID, you check that this attribute does not exist.

Other than that I don't see how you can do it, since your non-dot1x service is not capable of detecting dot1x devices (by definition).