Hello,
We have some access points (Colubris MAP-320R), that authenticate customers to a Windows Server 2008R2 network policy server.
At the AP side:
802.1X
Radius WEP encryption
MSCHAPv2
At Network Policy Server side:
Windows Server 2008R2
Member of domain
Network Policy Server
Requested Doman Controller and Domain Controller Authentication certificates from CA Server – Status Available
Two different Network Policies in the Network Policy Server
Policy1 that authenticates members of Active Directory Security group Group1
Policy2 that authenticates members of Active Directory Security group Group2
Other Servers:
Windows Server 2008R2 DC/DHCP/Certification Authority
Users use their domain account to authenticate trough the access point.
When that happens I see that in Event Viewer in Network Policy and Access Services.
The events state that users from Group 1 are authenticated with Network Policy Name: Policy 1
The goal I am trying to achieve: Users from Group1 to be given IP Addresses from one DHCP Pool, and users from Group2 to be given IP Addresses from another DHCP Pool.
At the moment, the access points are connected to the network at the same place as the NIC of the DHCP server. The DHCP server has two DHCP Pools (on 1 NIC). When the users log in, regardless they are using different security policy, they get IP address from the first DHCP Pool.
Do I have to use DHCP Network Policy and redirect connections from different Network Access policies to the appropriate DHCP pool.
Or I can achieve that with two DHCP servers?
Or I can set the Standard and Vendor Specific RADIUS Attributes on Policy 1 and 2 for some VLAN/Tunneling and then set another policies for the two DHCP Pools with the same VLAN/Tunneling?
Also, my APs support Discovery protocol (advertises information about the AP to any device that supports CDP), IP routes, VLANs (802.1q)