Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

restrict non-domain computers

Does anyone know if it is possible to restrict access based on domain membership or an AD Group?

The purpose is to restrict non-domain computers even if the client has a legitimate domain credential to use for authentication.

2 REPLIES
New Member

Re: restrict non-domain computers

I believe you could put these PCs into a different subnet and create a policy based on the subnet.

I think so anyway.

-
Jason

New Member

Re: restrict non-domain computers

That is correct. The only way to restrict these computers would be to make a rule (above your auth group policies), that states the specific IPs / subnets are granted certain / no access.

As long as the rule is above all your auth rules, it will trigger first and take precedence. Be sure to disable WBRS for this rule as well, since there is a potential for +6 sites to be allowed.

326
Views
0
Helpful
2
Replies