Saturday, 13 October 2018

Configuring NPS Policy for Wireless Radius Authentication.

Be the first to comment!

Configure NPS Policy for Wireless Radius Authentication.


Configure Network Policy for EAP Authentication

If you are planning to use an SSL certificate that is not self-signed, make sure it is installed on the server before continuing to the rest of this section.

Follow the below steps to  Install the NPS Role.

1.Click on Server Manager> Add Roles and Features > Select Network and Policy Access Services. 
2. Select Network Policy Server and Click on Next to Continue.
3. Click on Install to start the installation and then Click on Close to complete.

Configuring NPS Policies:

NPS policies determine how devices and users may connect and gain network access. There are several different types of policies:

Connection Request policies - Describe who/what/how a NAS client may connect.
Network policies - Sets conditions and requirements for wireless devices and/or users before network access is granted.
Health policies - Determines whether/how a client passes health check.
If a client fails the first policy, it tries the next and so on until all policies have been tried. The first match wins, even if there are other policies that could match. Make sure your policies are placed in the correct order!

Configuration Steps:

Go to Tools> Network Policy Server.
Under Standard configuration> Select 802.1X Wireless and Click Configure 802.1x to Continue.

Give the policy a name, I’ll call it “Wireless”. Leave the type of network access server as Unspecified,Click Next to continue.

Next you’ll be prompted with below screen to add Radius Client, Click Add to continue.

You can add your Wi-Fi Controller details here, Enter a friendly name (You can also use the hostname of WLC) and the IP address of the WLC. Enter a password in the Shared secret field. We’ll need to make a note of this  password  later you’ll need this to  configure the wireless LAN controller.
Click on OK and Next to continue.

Now You’ll be presented with below screen, Select EAP(PEAP) and Click Next to continue.

Now you need to define some group for authorized users, Hear I’m adding all my Domain Users to have access but it is recommended to define a separate group for authorized users and add them to hear.

You will be presented with below screen, Where you have an option to define Traffic Control.
Click on Next to Continue.

Click on Next
to Continue.

You can verify your configurations and click on Finish to complete the configuration.

Post completion you’ll be able to find  able to find WLC added to Radius Client and both  Connection request Policy and Network Policies created in the name of “Wireless” . Now the most important part is you need to Register NPS to Active directory to ensure the user credentials are validated with your AD Server.

Do a right mouse click on NPS > Register server in Active Directory.

And you’ll be prompted with a notification that is has been registered, click OK to continue.

NPS is now installed and permitted to interact with Active Directory. Your  NPS server will validate the Authentications request with your AD Server.
You are all set with NPS and Policies, Now let’s configure WLC with AAA Server.

Create Wireless Controller to use Radius Authentication.

Setting up Wireless Controller with isn’t a difficult process, First we have to link our Wireless controller with Radius server and the next step is to configure WLAN Profile to use WPA2-Enterprise Mode.

Click no Configure> Navigate to AAA Server.
You can hit Create New and add new Authentication server. I’ve already created one in the name of “WiFiTest”
Here you need to enter the IP address and the shared secret (password) that you created when you configured the RADIUS client in NPS, let the Port numbers generated be default.
Click Apply to continue.  

You have Successfully Linked WLC with your Radius Server, Lets validate the connectivity using a test account created in AD.

Connectivity successfully validated, Lets now Create a WLAN for Wireless devices to connect.

Configure a WLAN:

Create a WLAN in the name of “Test-Radius” by mapping the Authentication Server as “WiFiTest” to Validate the connections request with Radius Server.

That’s all you have to configure on the Wireless LAN Controller. Since we have already validated the  connectivity to the RADIUS server from the WLC , We can move on and test wireless client to connectivity to our wireless network.

Validating the Connectivity on Wireless Client(Windows 8.1)

Look for the wireless icon in the taskbar, select the wireless network Test-Radius which we’ve created earlier and click on Connect.

You will see a pop-up that asks for your Credentials.Enter the username and password that you configured in Active Directory and click on OK.

The RADIUS server will present a certificate to the wireless users so that they can verify if they are talking to the correct RADIUS server. You can view the Certificate by clicking on Show Certificate details.

Click on Connect to Continue. 

And you will see that you are now connected to Test-Radius

Congratulations! You just authenticated a user through PEAP. Hope this document will help you setup 802.1x Radius Authentication in your Network.

Fahim Raza(Author)

Hi there! my name is Fahim Raza. I am a professional blogger. I like music(Linkin Park), playing games(football) and blogging...

No comments:

Post a Comment