Thank you all for the suggestions. What we are trying to do is deny all access (LAN, internet, etc) to unknown devices unless they are associated through vpn or access point as those have built-in authentication measures. What we want to prevent is a random person from going into an office & plugging into the network while allowing known assets to associate at that same location. We were hoping to use the MX to define a network-wide rule vs doing it at the switch level. Our IT staff is small so simplicity is key. From the sounds of it that will not be possible. Is that accurate?
... View more