I have radius MAC authentication with dynamic VLAN setup on a WPA-PSK wireless network to easily put different IOT/VOIP devices on various networks that may not support our WPA-Enterprise network. Currently, we just add the devices' MAC into Active Directory and the NPS policy is a accept/deny then assign VLAN when accepted. Is it possible to have a catch all VLAN with NPS? For example, if the devices' MAC has an account in AD assign that device to the respective VLAN, but if a device joins and isn't in AD, then assign it to a catch all/isolated VLAN? This is more for as were provisioning devices since it's easier to find the right MAC from our DHCP server than the different settings on the device. I've tried a handful of different things and have had no luck. We have Unifi AP's and Switches and NPS running on Windows 2019.
Asked
Active
Viewed 36 times
1
-
Natively? Probably not. Or not reliably/cleanly/sanely or missing something. Even the "Enterprise" stuff it isn't uncommon for it to be not very useful in this regard. This is something you may find is better handled as as part of an audit/remediation sweep for foreign devices. Good idea though. – Greg Askew Aug 03 '23 at 19:01