This setup is a guidance for LAN and WiFi segmentation.
You need to proceed in this order.
- At First you need an working environment already to fall back on if your changes did not succeeded.
- The method needed for that is basic access to the network and internet.
- In case of misconfiguration / not being able to retrieve an certificate, you need an VLAN whereas remediation can take place. In the current setup, that would be your default VLAN1
- Standby with an preconfigured command, to execute on a certain port for your client on that particular switchport so that they are not in the limited guest vlan with no access to the servers.
Is the environment this guide is intended for. I see no reason why other Windows Server OS’s would deviate from this process.