Hello
I need your opinion:
I'm starting configuring my 802.1x infratsructure, this is my config:
-EAP TLS certicates user and machine account
-Microsoft NPS as radius servers
-authorzied: User VLAN 10 , Machine VLAN 20
-DHCP failover cluster Windows 2012 ( pool for users VLAN10 ( 192.168.10.0/24) and pool for computers VLAN20 (192.168.20.0/24)
-SRX router as relay agent for DHCP packets
-GPO settings: Authenticaiod mode:User or Computer, Single Sign on - Perform immediately before user logon, this network uses different vlan for authentication with machine and user credentials.
the problem is with DHCP NAK reply, because computer starts and got ip from subnet 192.168.20/24 when users log on dhcp clients sends DHCP REQUEST message with old RequestedIPAddress , after send DHCPDISCOVER
on my log's on DHCP I'see many DHCP NAK messages
I'm waiting for yours comments and suggestion, maybe do you have better IDEA,or some best practise to use 802.1x in multiple vlan Windows Client scennario.