I have radius MAC authentication with dynamic VLAN setup on a WPA-PSK wireless network to easily put different IOT/VOIP devices on various networks that may not support our WPA-Enterprise network. Currently, we just add the devices' MAC into Active Directory and the NPS policy is a accept/deny then assign VLAN when accepted. Is it possible to have a catch all VLAN with NPS? For example, if the devices' MAC has an account in AD assign that device to the respective VLAN, but if a device joins and isn't in AD, then assign it to a catch all/isolated VLAN? This is more for as were provisioning devices since it's easier to find the right MAC from our DHCP server than the different settings on the device. I've tried a handful of different things and have had no luck. We have Unifi AP's and Switches and NPS running on Windows 2019.
Asked
Active
Viewed 287 times
