Hi Sohaa,
Based on my understanding, you want to block unauthorized users from accessing LAN. Here are three methods could solve your problem: NAP enforcement for 802.1X, NAP enforcements for DHCP and NAP enforcement for IPsec communication. Each of the three methods
has its feature.
802.1X enforcement provides strong network restriction for all computers accessing the network through 802.1X-capable network access servers. However, it needs an 802.1X authenticating switch or an 802.1X compliant wireless access point to
place noncompliant 802.1X client on a remediation network.
Using DHCP enforcement, DHCP serves and NPS enforce health policy when a computer attempts to lease or renew an Ipv4 address. However, if the client configured with a static IP address or configured to circumvent DHCP, this enforcement method
is not effective.
IPsec enforcement for Windows firewall is deployed with a health certificate server. It provides the strongest implementation of NAP. However, you have to make clients to be IPsec enforcement clients.
If you want to learn more about the above three methods, you may click the following link:
NAP Enforcement for 802.1X:
https://technet.microsoft.com/en-us/library/cc770861%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
NAP Enforcement for DHCP:
https://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
NAP Enforcement for IPsec Communications:
https://technet.microsoft.com/en-us/library/cc771899(v=ws.10).aspx
Best Regards,
Anne