The documentation repeatedly says that "Because the Certified Devices List is based on client MAC addresses, the Certified Devices List never applies to users in L3 deployments".
What will happen with Nessus scanning in this case? Suppose we have a L3 In-band deployment with multiple PCs behind a router and *no* NAC Agent (or Web Agent) installed. Will the 1st PC be scanned only (because the router MAC is added to the Certified Devices list)? Will all the PCs be scanned? Will none of the PCs be scanned because the scanning cannot be used in L3 deployment? Should I add the router MAC to the floating devices list as "never certified" for all PCs to be scanned? Will something change if users have NAC Agent (or Web Agent) installed?