RADIUS Config

Configuring RADIUS with Microsoft NPS

Radius setup with Microsoft NPS

Install the NPS role on Microsoft Server. 

Under RADIUS clients and Servers, right click on RADIUS Clients and select New

Enter Friendly Name, IP and Shared Secret (make sure this Shared Secret matches on the RADIUS client config)

Click the Policies drop down

Select Network Policies

Right Click and select New

Enter Policy Name

Leave ‘Type of network access server’ set to unspecified, Click Next

Select a condition on the next screen, it can be by various types of criteria more commonly Windows Groups

Select Next on Access Granted

For Authentication Methods, some devices may require you to use PAP ‘unencrypted authentication’. So typically I select this per the vendor instructions. Click Next

Leave contstraints blank.

EXAMPLE config for Cisco Switch

aaa new-model

!

aaa group server radius RAD_SERVER

 server name RAD_SERVER

 server name RAD_SERVER

!

aaa authentication login default local group RAD_SERVER_GROUP

aaa authorization exec default local group RAD_SERVER_GROUP

aaa authentication enable default enable

!

radius server RAD_SERVER_1

 address ipv4 172.16.250.4 auth-port 1813 acct-port 1814

 key SecretK3y

!

radius server RAD_SERVER_2

 address ipv4 172.16.250.8 auth-port 1645 acct-port 1646

 key SecretK3y

!