none
NPS network policy Conditions

    Question

  • Hi,

    We have a few Network conditions under the network poilcy and one of them called NAS Identifier.

    The field of NAS Identifier is full so that I cannot add more network devices to be authenticated by this policy anymore. Can i add one more NAS identifier in the same network policy or i have to create another network policy which is the same policy but for other devices in the future?

    I added 2nd NAS Identifier but it seems not working. Please see below:

    Thank you.

    Thursday, July 12, 2018 6:52 PM

All replies

  • Hi,

    Thanks for your question.

    Based on my experience, we can add one more NAS ID in the same network policy. Meanwhile, I suggest you should add called-station ID to specify different devices for clients connection with different NAS types under your situations.

    NAS ID: The NAS-ID is sent to the RADIUS server by the controller through an authentication request to classify users to different groups so that the RADIUS server can send a customized authentication response. The NAS-identifier is a RADIUS attribute that the client uses to identify itself to a RADIUS server. The NAS-Identifier, as defined in Section 5.32 of RFC 2865, can be used instead of an IP address to identify the client. The NAS-identifier consists of one or more octets and must be unique in the scope of the RADIUS server. It should be unique to the NAS within the scope of the RADIUS server. For example, a fully qualified domain name would be suitable as a NAS-Identifier.

    Called Station ID: For IEEE 802.1X Authenticators, this attribute is used to store the bridge or Access Point MAC address in ASCII format (upper case only), with octet values separated by a "-". Example: "00-10-A4-23-19-C0".  In IEEE 802.11, where the SSID is known, it should be appended to the Access Point MAC address, separated from the MAC address with a ":". Example "00-10-A4-23-19-C0:AP1"


    Here’s an article refer to this topic, it may be helpful.

    https://blogs.technet.microsoft.com/netgeeks/2017/05/02/how-to-authenticate-multiple-wifi-ssids-on-a-single-nps-server-radius/

    Hope this helps. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, July 13, 2018 5:12 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, July 16, 2018 6:25 AM