>I would have to create another Network Policy on the RADIUS server in order to assign different network access "rights" via another Group Policy on the MX. That is correct.
... View more
Yes correct. I've done that here with two switchports. They are set as access ports tagging VLAN 500. As you can see, no L3 interface for that VLAN exists on the switch (or anywhere else in the network in this circumstance)
... View more
