You could enable both wired and wireless 802.1x authentication and have those machines authenticate with their AD machine accounts (or you could use users' accounts instead). You can authenticate against Microsoft NPS (RADIUS built into Windows server - no extra cost). You can also push a VLAN to dynamically move users into a new VLAN. Here is an example of how to set it up on a Meraki switch. https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)
... View more
