Create Date: Apr 11 2012 8:07AM
I'm trying to implement wired 802.1x on our network. Having tested this briefly and got it to work its not the way I'd like it to be.
Were using a 2008 NPS Server as our Radius Box, a default connection policy is setup and a network policy is also setup. The network policy is set so that this determines which VLAN authenticated clients have access to (Using the VSAs etc). However in our environment we have numerous VLANs and it would seem that a policy is needed for every VLAN?(VSA?) Not to mention the amount of authenticators (Switches)we have, which you cant specify what points to what network policy etc.
This seems quite a bit of work and time to implement plus a potential nightmare to upkeep. I'd rather the Radius Server didnt determine the authenticated vlan but the switch(authenticators) themselves did, and I would assume I would need some sort of script to do this?
Does anyone else have experience of this issue? Or is there a completely different and easier way to do this?
Thanks in advance