Configure NPS for VLANs
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
By using VLAN-aware network access servers and NPS in Windows Server 2008, you can provide groups of users with access only to the network resources that are appropriate for their security permissions. For example, you can provide visitors with wireless access to the Internet without allowing them access to your organization network.
In addition, VLANs allow you to logically group network resources that exist in different physical locations or on different physical subnets. For example, members of your sales department and their network resources, such as client computers, servers, and printers, might be located in several different buildings at your organization, but you can place all of these resources on one VLAN using the same IP address range. The VLAN then functions, from the end-user perspective, as a single subnet.
You can also use VLANs when you want to segregate a network between different groups of users. After you have determined how you want to define your groups, you can create security groups in the Active Directory Users and Computers snap-in, and then add members to the groups.
Use the following procedure to configure a network policy using VLANs: