I will be using Network Policy Server (NPS) with a RADIUS server to assign each user to a VLAN when they successfully authenticate to the network using 802.1x. In Active Directory Directory Services (AD) there will be users that are members of multiple AD groups. I'm assuming (correct me if I'm wrong here) that a single VLAN can be assigned to an AD group. So, if I have a user that belongs to multiple AD groups, when that user authenticates with the network using NPS, RADIUS, and 802.1x can the user be assigned to multiple VLANs? Or, is the user only able to be assigned to a single VLAN, regardless of how may AD group they belong to?
Asked
Active
Viewed 446 times
0
-
The NPS server has an order for rules. First match should win. – Esa Jokinen Nov 05 '19 at 05:46
-
@Esa Jokinen - So if I configured a user in NPS with three VLANs, the first VLAN in the list of VLANs would be returned to RADIUS? – Bill Vallance Nov 05 '19 at 19:19