Has anyone tested this scenario?
The idea is the following: Users connect via Wireless connection to the network and are certified by the NAC appliance, after certification they are switched out of Band. This will grant them access to basic network resources. To get access to more secure resources the users will have to establish a VPN connection over the already established Wireless connection. After succesfull VPN connection they will need to go through a second NAC appliance connected in-band to the VPN endpoint for extra security checks.
My question is, how will these users be treated by the NAC appliance since their user credentials are already logged by the NAC manager because of the succesfull Wifi Login.
I have looked into the Max users sessions option, but this only works per role. And since Wifi and VPN users will have different roles I suspect that that option will not work for my purpose