Hi all,
do you have any solution to be set in the NPS policy to distinguish a request coming from a smartphone or tablet?
my actual configuration is made by a single SSID (for both smartphones and computers) that send the request to the NPS Radius, secured by certificate authentication issued by internal CA.
actually the only way I have found to assign a different vlan on a smartphone then a computer is only to:
- create in AD a specific account for every smartphone, and to that user assign a memebership of a specific AD group. In the NPS, in the conditions, i have added the membership of that AD Group. I have a rule that will assign the vlan (DMZ) for smartphone/tablet if matched the condition.
- for computers (will not match the rule above) will assign the "client" vlan
my question is...how can i avoid to create an AD users for every single device? i would like the NPS to automatically recognize the device (by the conditions rules or any other way), and using only the user account certificate assigning the vlan for smartphone to smartphones and the vlan for clients to computers.
I hope is clear.
thanks in advance for any advice.
Rudy