locked
Server 2008 NPS RADIUS RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    We have an enterprise network of around 700 Cisco switches and 15 routers. I want to deploy a new Windows Server 2008 NPS as a RADIUS. Is there any way that I can auto-enroll switches and routers instead of adding all 700 switches and 15 routers one by one. The configurations I already have on my switches and routers are,

    aaa new-model
    aaa authentication login default group radius local-case
    aaa authorization exec default group radius local
    radius-server host x.x.x.x auth-port 1645 acct-port 1646
    radius-server key xxxxxxx

    Thanks in advance.

    Really appreciate your help in this regards

    Saturday, July 10, 2010 7:48 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Muddi,

    The only network devices permitted to perform RADIUS authentication attempts to the RADIUS server are the clients set up in NPS. So you need to set up your clients in NPS.

    I'm not too familiar with cisco's switch range, however if your deploying a wireless solution, you can centeralize your radius auth attempts through a wireless lan controller such as the 5500 series. Then you only need to set up the wireless lan controller in NPS as a client and point your wireless AP's to the lan controller. I'm not sure if theres something in the Cisco switch range that does something like this; but this is Cisco product specific and nothing to do with Microsoft or the 802.1x protocol. Therefor I suggest talking to the Cisco guru's over in the Cisco forums.

    Cheers!

    Tuesday, July 13, 2010 1:52 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Muddi,

    The only network devices permitted to perform RADIUS authentication attempts to the RADIUS server are the clients set up in NPS. So you need to set up your clients in NPS.

    I'm not too familiar with cisco's switch range, however if your deploying a wireless solution, you can centeralize your radius auth attempts through a wireless lan controller such as the 5500 series. Then you only need to set up the wireless lan controller in NPS as a client and point your wireless AP's to the lan controller. I'm not sure if theres something in the Cisco switch range that does something like this; but this is Cisco product specific and nothing to do with Microsoft or the 802.1x protocol. Therefor I suggest talking to the Cisco guru's over in the Cisco forums.

    Cheers!

    Tuesday, July 13, 2010 1:52 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

     

    I'm just now playing with NPS.  In 2k3 IAS you could use wildcards and other expressions -  that way you could put one entry in for your devices - say your routers all end in .1.  Instead of creating a new client for each router, you could have one single entry to cover them all - eg: 192.168.[2-29].1, or 192.168.*.1

    It looks like the expressions may have changed for NPS, but you may want to check into that - http://technet.microsoft.com/en-us/library/cc755272(WS.10).aspx

     

     

     

    Friday, July 23, 2010 4:20 PM