Remote Access tag VLAN and NPS (Radius)


#1

Hello gurus. I’ve been trying to configure my remote user access (L2TP) using Radius. The peplink is sitting on the untagged VLAN, same network where the NPS server is. When testing from a VPN client, the connection is successful. But I need to Isolate the users by sitting them in a different VLAN. DHCP server is not controlled by the peplink router, but on windows 2016 where the NPS server is. We currently have 5 different vlans properly configured and 100% operational. I setup NPS to tag the traffic coming from the peplink just to try to get an IP from the VLAN I want remote users to be located. This has been impossible. I created a VLAN on the peplink, with the same number as my layer3 switch, and when try to connect, the windows client just rejects the connection. I can see that on the NPS logs, the connection is trying to be established but and IP from vlan (40) is not delivered to the remote connection. anything I need to create on the peplink as an extra config?


#2

@mmogollon, if I understand correctly, you are looking for “Assigning L2TP/IPsec Client to a tagged VLAN”. This is supported by firmware 7.0 onwards (sample screen capture below).

If you are running firmware 7.0 or newer but couldn’t get it working, you may want to submit a ticket for us to take a closer look. If you could include a network diagram when submitting the support ticket, that will be much appreciated. :wink: