Can I have multiple Radius servers for one 802.1x but different user profile?

  • 1
  • Question
  • Updated 8 months ago
I have one 802.1x SSID with two user profiles:
A - goes with Radius NPS server 192.168.1.1 this one is working fine
can I add
B - goes to AD authentication on remote site 10.10.10.1 

I dont see a way to achieve that. 
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes

Posted 8 months ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Why not let NPS pass thru to AD?
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Authentication takes place first, then the user profile assignment. You can have different user profiles assigned based on attributes returned back from the authentication server, but not the other way around.

You can use different Radius servers due to device classifications though. For example, in Location A you can use server 10.0.1.100 and in Location B you can use server 10.0.2.100.

Hope this helps.
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
Perhaps you will need a separate network policy, a similarly named SSID, pointing to your other AAA server. I don't think you can point to two separate servers on the same SSID without it being a primary/backup setup.