How Configure NPS and Active Directory For Dynamic Radius based Vlan assignment
==================================================================
This document is to describe the steps to configure NPS(network policy servicer)server with below use case
- Vlans need to be assigned based on different Radius group i.e Sales group to Vlan 10
Account group to Vlan 20.
Steps:-
- Open Active directory Users and Computers. Right click on Users .Create a new group.
- Give group name Vlan10(User is free to use any name)
3. Like these create as many groups required.
Make the group part of Domain Users by clicking on Member of tab and then click on add.
4. Add AD user. Click on Users and right click. Select New users. Give name xyz(User chosen)
5. Give Username as xyz and click on OK
6.
Click on properties of the created user xyz and click on Dial In tab.
Select Allow access and then press OK.
7.
Click on Member Of tab.
Add domain users and the radius group by clicking on Add button
Adding group
Adding domain users
8.Press Ok . Now the user is part of the domain user and group .
Configuring NPS server
==================================
9.Click on Network Policy and click on New
10. Give policy name such as Vlan10_policy.Click on Next
11. Click on Add button.
12. Select User Groups and click on Add.
13. Adding user group .Click on Add Groups
14.
Click on Add Groups and add the configured AD group , in this example Vlan10.Click on OK
15.
Add another condition in Network policy that is Nas port type
16. Select Nas port type and then add. Select Wireless –IEEE 802.11
17. Now Both the conditions are added.
19. Click on constraints and select EAP methods that you want to be supported.
20. Now click on Settings tab
20. Click on Add button.Add three attributes
Select Tunnel-Pvt-Group-ID,Tunnel-Medium-Type,Tunnel-Type
Select Tunnel-Pvt-Group-ID
21.
Click on Add . Then click on Add
22. Select String radio button under “Enter the attribute value in ”.Configure the vlan ID that you want to configure and click OK.
23. This way add Tunnel-Medium-Type and Tunnel-Type attributes
as 802(includes all 802 media plus Ethernet Calonical Format) and Tunnel-Type as Vlan