diff --git a/machines/nixos/vault01/k-radius/default.nix b/machines/nixos/vault01/k-radius/default.nix
index 0c27125..6def108 100644
--- a/machines/nixos/vault01/k-radius/default.nix
+++ b/machines/nixos/vault01/k-radius/default.nix
@@ -2,8 +2,10 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-{ config, ... }:
-
+{ config, lib, ... }:
+let
+  inherit (lib) genList;
+in
 {
   imports = [ ./module.nix ];
 
@@ -40,13 +42,10 @@
       radius_required_groups = [ "radius_access@sso.dgnum.eu" ];
 
       # A mapping between Kanidm groups and VLANS
-      radius_groups = map (
-        { vlan, ... }:
-        {
-          inherit vlan;
-          spn = "vlan_${toString vlan}@sso.dgnum.eu";
-        }
-      ) config.networking.vlans-info;
+      radius_groups = genList (id: rec {
+        vlan = 4094 - id;
+        spn = "vlan_${toString vlan}@sso.dgnum.eu";
+      }) 850;
     };
 
     authTokenFile = config.age.secrets."radius-auth_token_file".path;