Hoping BudMan can help me out!
I have a client who's network is divided (with VLANs) by floor in their building. With dot1x authentication enabled all users are leasing an IP address from the first DHCP pool regardless of how the port is tagged.
So for instance, VLAN 700 is the 2nd floor VLAN. A user on the 3rd floor connects to a port tagged for VLAN 720, they authenticate through NPS and then receive an IP address from 700. (DHCP is installed on the NPS server)
Everything I have found online about 802.1x VLAN assignment suggests that you can assign a VLAN during authentication, but I haven't found anything that would help me tell the server which DHCP scope to lease addresses from based on how the port is already tagged on the switch. If there is a way to do this I would appreciate a nudge in the right direction.
The environment is all Cisco 3750X switches with Server 2012 R2 for NPS and DHCP. I'm thinking the way they have this network set up is not a supported way to accomplish this, but I need to know for sure. They are talking about using sticky-mac if they can't figure this out and I cringe at the thought of all the help desk issues that is going to cause.