I have a VGVA configured on our corp network to terminate L2 VPN tunnels from EIQ AP’s used by staff working from home. This has worked well with PSK SSID’s. The user plugs in the AP, connects it via an Ethernet cable to their home router and off we go. The AP establishes an L2 tunnel to the VGVA at corp. then when the user devices connect to our SSID’s running on the AP their traffic is tunneled back to our corp network.
The problem I am having is understanding how to get SSID’s with 802.1x auth to work. I have .1x SSID’s on the internal network, but there AP’s and NPS serves are all on the internal corp network and it is straight forward. With this VGVA L2 setup the AP is on the end users’ home network. Do a have to setup a second VPN tunnel for the AP, or is there a way to let an interface on the AP pickup an IP from internal DHCP then let it use that to communicate over the L2 tunnel to the NPS servers on the internal corp network?
I am kind of at a loss on this one…