Hello, i am currently using Windows 2008 NAP server to assing a single VLAN to a device connected to a port of switch. This is equal to set a port to access mode and a specific vlan. Assignment is done by group membership in AD. The device therefore presents its certificate.
Now, i wondering if there is a way toset a port to trunk mode and assign multiple vlans the same way.
You can use UAC infranet controller for layer 2 802.1x authentication with radius return attribute policy. Assigning static VLANs , opene port and VLAN radius attributes are configurable in IC admin UI under network access.
Its up to to switch to decide assigning VLAN based on the return attributes from IC ( radius server)
Sorry, I don't understand how your request would even work. The communication chain is between the switch and the associated access port based on the users starting up an 802.1x conversation. How would the trunk ports ever get into the mix and why would you want to dynamically assign VLAN's to trunk ports based on NAP settings?
I dont think you should be able to enable dot1x on a trunk port!
What is the make of the switch that you are using?
Does your switch allow you to configure dot1x onto a trunk port?
If you are looking to assign auth-reject/guest/voice/MAB(Bypass) vlan for a access port, then it is a switch side configuration.
What is your use-case? Can you explain?