We have an SSID configured with 802.1x using a Client Classification Policy so unknown devices cannot access the network. Is there a way to redirect the unknown devices to a page with a message stating that it is an unauthorized device or is there a way to redirect to another SSID?
I would achieve this if I had to by placing the client in to a different VLAN in which the default gateway, that gets assigned to clients via DHCP, would NAT back to a Web server where you can provide such a notification.
The overarching issue here is, of course, why such clients are able to get on the network in the first place. I assume that you have already considered this.
Yes, we have considered that. When we implemented aerohive we didn't lock it down as well as we could have. So we now have personal devices that should be one our Guest SSID and company devices such as cell phones that should be on our company devices SSID. So my fear now is if we flip the switch and start using Client Classification policies a lot of people are going to loose connection resulting in a lot of help desk calls.