Is where you tell the system to put the client in your choice of VLAN. This must be done for LAN & W-LAN Separately.
Configure your AGDLP Domain Local Security Groups and place the child – Security Groups in their respective NPS_VLAN_020X_CLIENT Group. Do not use separate WLAN & LAN Domain Local Security groups, because you’ll probably get conflicts in your network.
Install-WindowsFeature –name napas-policy-server –includemangementtools
Server 2016 / 2019
Install-WindowsFeature -Name npas –includemanagementtools
NPS Powershell Installation
Configure all of your Network Equipment to use an Pre-Shared Key for communicating with your NPS Radius Server.
Create an NPS Shared Secret
Add all of your Network Devices to the List of Radius Client, include AP's, but not PoE Switches, you'll be tagging those in their configuration.
Next Configure the Policies
Select Configure 802.1X which will bring up the installation for Wired / Wireless
I'll show you some basics now, and at the end it should be configured completely by yourself.
What I do, is at least perform a check on the Wired and Wireless connection, in case someone attempts to make a connection.
In that case, I will not have the noise when I look up certain clients in the log.
Note: this is an empty group.
Leave the defaults.
Remove Certificate Authentication, remove mschapv2 selections and select only pap, spap
Do the same for Wired and Guest VLAN 500, but I'll show you next what to adjust
Next: Configure a Client VLAN, (you do all)
This one, Wired and Wireless seperately
And for WLAN
Do this for VLAN200 to VLAN204
Enabling the Guest VLAN
Same proces, but here's what's different.
Now when all enabled you can reorder the sequence in which the NPS Radius server responds to clients.
Don't forget to also set the Connection Request Policy's in the right order. You cannot program that.
# NPS Policy Re-Order configuration
# cmd, RunAs
netsh nps set np name="NPS_VLAN_0200_CLIENTS_WLAN" processingorder ="10"
netsh nps set np name="NPS_VLAN_0200_CLIENTS_LAN" processingorder ="11"
netsh nps set np name="Secure Wired (Ethernet) Connections - GUEST VLAN" processingorder ="250"
And if you filled the rest, this is applicable.
netsh nps set np name="NPS_VLAN_0201_CLIENTS_WLAN" processingorder ="12"
netsh nps set np name="NPS_VLAN_0201_CLIENTS_LAN" processingorder ="13"
netsh nps set np name="NPS_VLAN_0202_CLIENTS_WLAN" processingorder ="14"
netsh nps set np name="NPS_VLAN_0202_CLIENTS_LAN" processingorder ="15"
netsh nps set np name="NPS_VLAN_0203_CLIENTS_WLAN" processingorder ="16"
netsh nps set np name="NPS_VLAN_0203_CLIENTS_LAN" processingorder ="17"
netsh nps set np name="NPS_VLAN_0204_CLIENTS_WLAN" processingorder ="18"
netsh nps set np name="NPS_VLAN_0204_CLIENTS_LAN" processingorder ="19"
netsh nps set np name="Connections to Microsoft Routing and Remote Access server" processingorder ="100003"
netsh nps set np name="Connections to other access servers" processingorder ="100004"