Extreme Networks

You can also handle this based on the domain with the users are trying to logon, You have to define access to both domain controllers as Radius server and the make rule matrix entries where you are asking for the domain of the user, for example if the username contains "@extremenetworks.com" sent this requests to Radius server 1 if the username contains "@test.com" sent the requests to radius server 2. I have implemented such a solution once at one customer.

you shouldn't need to change anything on your DHCP server. And you should be allowed to have more than one IP helper per address. this is how DHCP redundancy is performed, with multiple DHCP servers. a single DHCP server is arguably a bad idea, as it is a single point of failure in your network. if your DHCP server goes down, no one will be able to receive an IP on joining/connecting. That said, 2 separate domains do not need separate DHCP servers, because IP space is independent of user auth domains. Adding NAC as an additional DHCP server will just snoop and listen in on the requests to gain the MAC-to-IP binding as well as hostname and device profiling information. NAC will NOT respond and offer DHCP leases.

Matthew Thank You again,

One last question ? DHCP Microsoft server in the above common network with two domains, should not require any special configuration? IP helper can only point to one dhcp server per interface.

Common network model architects want only a single DHCP server for both domains that don't trust/see each other.