I would like my switch management port to be segregated from the production network so that all RADIUS traffic is confined to a internal VLAN with no outside access. The NPS is located within the same VLAN as the switch management port. NPS is set to all ethernet types for the CRP and EAP-TLS with computer certificate for NRP.
If NPS has no access to a DC (since NPS is segregated to a quarantined VLAN) will this process still work? The PKI enviroment is solid and all machines have certs and trust store is good to go.
Main question:
Does the NPS RADIUS server REQUIRE access to the AD/DC when using EAP-TLS with computer certificates?
Thank you!!!