User Profiles and VLAN's

  • 1
  • Question
  • Updated 3 years ago
  • Answered

So I've been going through setting up NPS and multiple User Profiles, and I had a fun idea for unsupported devices.
I've created a separate User Profile and VLAN and called it Black Hole. It's got a VLAN ID that doesn't exist on the network, and it not configured on the switch ports.
Any unsupported device for specific profiles (Android, Windows Phone, iPhone) gets dropped into the Black Hole profile and goes.... NOWHERE! Hahahahahaha...
Anyway, I thought that was a little bit of a clever idea for unsupported devices.
Photo of James Dodds

James Dodds

  • 13 Posts
  • 2 Reply Likes

Posted 3 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 967 Posts
  • 270 Reply Likes
You can also create a schedule that can't be met (00:00 to 00:01 on the first of January 1980, for example) and assign it to the "Black Hole" user profile.  When the user is assigned to the "Black Hole" user profile they will automatically disassociate to the wireless network (the default response to a wireless client being assigned to a user profile outside that user profile's schedule times).
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2487 Posts
  • 449 Reply Likes
Yup, the method that Crowdie describes is the one that should be used because of the disassociation that occurs.

Using a black holed VLAN just leaves clients trying to acquire an IP via DHCP, all the while staying associated.

Clients can still typically talk to each other in a black holed VLAN too.
Photo of James Dodds

James Dodds

  • 13 Posts
  • 2 Reply Likes
Thanks for that gents.
Incorporated the changes and it does work much better.
Poor, poor users.