Because of a company reorganisation we have to redesign our NAC-setup. Some entities may not communicate with other entities etc. The AD will not spil, nor the server setup.
However network wise it will split. So I wanted to see what my options are here.
My first attempt was to use an extensionAttribute in the AD with a specific value per PC;
Then, in the CPPM, under authentication sources I added this attribute;
This should provide the link between the AD's attribute and CPPM, wright?
Next was to specify the enforcement policy;
I thought this would do the trick, but instead it falls back on the radius VLAN Enforcement profile (seen on line 3);
What am I missing here?
Or do I have to review my approach?
Please advice!