Does anyone have further thoughts about the following scenario: I have 2
DHCP servers running. I want my unauthenticated users to get an IP address
from DHCP-Server-1 and my PEAP-authenticated users to get an IP address from
DHCP-Server-2. Is there a way (Group Policy?, DCHP scope settings?, etc.?)
to accomplish this?

andy@bst wrote the following on 16-Aug-2004 1:47 PM:

> Does anyone have further thoughts about the following scenario: I have 2
> DHCP servers running. I want my unauthenticated users to get an IP address
> from DHCP-Server-1 and my PEAP-authenticated users to get an IP address from
> DHCP-Server-2. Is there a way (Group Policy?, DCHP scope settings?, etc.?)
> to accomplish this?

DHCP precedes logon or application of group policy. I assume you want
them on different subnets, in which case you need to use VLAN features,
if you have them, on your Ethernet switches. Not sure if any switches
use PEAP, but 802.1x is an option to discriminate between two VLANs.
Once the VLAN is assigned, DHCP will proceed normally and you can assign
addresses for each VLAN separately, from the same server.

Cisco Catalyst switches can do these functions and assign DHCP as well.

Note that DHCP is a per-machine function, not a per-user function. I
know of no way to switch IP addresses during the logon process, although
some vendor may have invented some funky way to do this.

--
Kent W. England, Microsoft MVP for Windows Security