I currently have a few HP Procurve switches setup with 802.1x authentication on the access ports and are managing the authentication with a 2008R2 server with the NPS role.
Now i would also like to use this same radius server to authenticate the manager login on the switches (telnet/ssh/https) to be able to login with certain domain accounts on the switches.
I'm just not understanding how to separate the policies on the NPS server. Right now for example we have a specified that a certain group (for example the group NET-USERS) of users are given access when they attempt to connect to a 802.1x port with their AD credentials.
Now if i enable RADIUS authentication for the switch management, if a user with membership of NET-USERS tries to login, they will also be given access to the switches. I want to be able to allow NET-USERS to only connect through 802.1x port authentication, and only a certain NET-ADMIN group to be able to authenticate for the switch management.
I hope someone understands my issue, and have a sollution :-)