Score:1

NPS Dynamic VLAN Catch-All

cn flag

I have radius MAC authentication with dynamic VLAN setup on a WPA-PSK wireless network to easily put different IOT/VOIP devices on various networks that may not support our WPA-Enterprise network. Currently, we just add the devices' MAC into Active Directory and the NPS policy is a accept/deny then assign VLAN when accepted. Is it possible to have a catch all VLAN with NPS? For example, if the devices' MAC has an account in AD assign that device to the respective VLAN, but if a device joins and isn't in AD, then assign it to a catch all/isolated VLAN? This is more for as were provisioning devices since it's easier to find the right MAC from our DHCP server than the different settings on the device. I've tried a handful of different things and have had no luck. We have Unifi AP's and Switches and NPS running on Windows 2019.

cn flag
Natively? Probably not. Or not reliably/cleanly/sanely or missing something. Even the "Enterprise" stuff it isn't uncommon for it to be not very useful in this regard. This is something you may find is better handled as as part of an audit/remediation sweep for foreign devices. Good idea though.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.