I have looked all over and have yet to locate a way to prohibit a mac device from connecting. Is there a way to prevent a user from using the wireless after they have already received the pass phrase?
create a Quarantine role that meets your needs, and then use mac auth to assign that mac to the new role.
you can knock an active user off, and then the new auth should catch his/her next association.
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Nick