We currently have a 802.1x wireless solution that has been working great using NPS with tunnel-id's to assist with placing specific AD groups into their respective VLANs. I'm not necessarily looking to be as granular on the wire, but would like to only activate switch ports on a specific VLAN called 'Data' for users that are part of the 'Staff' group.
From what I've researched, I have the proper configuration on our Juniper EX4200 switch chassis', but I'm not successful with communicating to NPS. I'm also not getting a definite answer from Juniper if I need a Vendor Specific code or not, but I believe its only required if I wanted to dynamically place users into different VLANs.
As far as the client side configuration we have an internal CA with our own certificate that is pushed to all devices, however I need to configure "wired zero config" and have not looked into that yet. Sounds like wired zero config is similar to the GPO I configured for setting up the wireless profile for our AD devices.
So in short: Juniper config looks good, but is not talking to NPS and client device configuration requirements are unknown.
Does anyone have experience with Juniper EX4200 802.1x on the wire?