Isn't this the whole point of 802.1x? I.e If a client doesn't authenticate it doesn't get an IP/Connection? Therefore devices which can't authenticate via a wired connection regardless if it's a printer/laptop/pc won't get internet connection
Only somewhat inexpensive option I can think of then would be to get a small Meraki switch so you can go back to MAC authentication. Otherwise 802.1x is the only other feasible option but far more complex.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.
Looks like I forgot to hit post on this yesterday. There is a easy way to do this, but requires a bit of setup.
Create group policies for your network based on client needs. This is found under Network Wide > Configure > Group Policies
Navigate to Security Appliance > Configure > Firewall
In the Outbound Rules area under Layer 3, create a rule to Deny Any traffic from Any Source to Any Destination.
Now that you've done all this, for any client you want to allow Internet access, just assign them a group policy. If someone tries to plug into the MX device and they do not have a group policy assigned to them, they will not get Internet access. If you know the MAC address of the device prior to them connecting, you can add it under the clients page and assign a policy so that they will have access right away.
Found this helpful? Give me some Kudos! (click on the little up-arrow below)