I'm using AD authentication for VPN so that users can enter their AD credential to connect to VPN. I also have 3 VLANs on my network, VLANs 2,3,4. VLAN 2 can access everything, VLAN 4 can access everything except VLAN 3. The problem is that when users connect to VPN, they can access all VLANs. I was wondering if I follow the steps below, if a member of VLAN 4 connects to VPN, they will only have access to VLAN 4 rules (access everything except for VLAN 3)?
I haven't tried this yet, but would this only work for WiFi, or would this also work for VPN? I have my RADIUS client on the NPS as VLAN 2 (172.16.0.1), if I add the VLAN 4 (172.16.128.1) as a RADIUS client, would it work also?