I'm deploying always-on IKEv2 to eliminate Wi-Fi passwords (clients will connect to an open wireless network and VPN-in from there) and to have a seamless transition in and out of Wi-Fi. Like in most RADIUS-backed networks, there's VLAN assignment for the clients too and I'd like to keep it but grant instead the assignment over the IKEv2 IPsec tunnel instead of the regular 802-point-something.I've been trying combination in the RADIUS attributes hoping to guess the correct one, if any, but really I'm not sure if it's possible at all.
Is it? Perhaps setting different policies with matching requests? I had to relax quite a bit the network policy so it would allow me to make the connection from the intranet to begin with, so I'm a little wary about continuing trying or right away start
redesigning the whole network around the this. I saw the option to change attribute Tunnel-Type 802.1x to ESP, this gives me high hopes.
Anyway, I'd really appreciate any advice you have on this. Thanks!
I bet you think this post is about you. Don't you…don't you. ♪