I am currently testing 802.1x dynamic vlan. So far all work great, except for remote dekstop connection. Look like RDP and dynamic vlan doesn't make a good fit, or I may not be doing it correctly. I currently do first computer authentification at bootup and then once user is logging in, user authentication is done and switch's port move to the right vlan. Look like no matter which user logged in a desktop, it's the "computer account/vlan" that has priority over the user's account/vlan. Therefore if user was already logged in his system, then decide later to do an RDP session, the system will switch to "computers" vlan subnet, which cause disconnection/dns update/replication time issues.
How do you manage remote desktop and dynamic vlan within your environement? Any hint/clues on how to achieve this?
Ok, so the 802.1x auth works as expected. I'm not clear what the switch can do in this case if the computer sends computer credentials (machine cert or something?) instead of user credentials for authentication. Am I missing something?
However I wan wondering people do deal with remote dekstop and 802.1x authentication within other compagnies! We have a need to secure network access, but at the sametime users do need to remote desktop to their own computer when working remotely.
So unless I set a static vlan base on computer authentification, I don't see how to deal with that situation.