RADIUS (Remote Authentication Dial-In User Service) is a security protocol which is used for centralized network access control for computers to connect and use network devices and services. RADIUS uses a client/server system where the RADIUS client will run on the networking devices (in our case it is Cisco router) and send the authentication request to the central RADIUS server (in our case it is NPS) that contain all the user authentication and network service access information.
Refer Figure1 to see how the RADIUS works. AAA (Authentication, Authorization, and Accounting) is a network security service where you can set up access control on your router or access servers. AAA uses protocols such as RADIUS, TACACS+, or Kerberos to administer its security functions.
Microsoft NPS (Network Policy Server) is a feature in Windows Server 2008 that centrally manage and enforce the network access policies that determine whether the user can or cannot access the network. The NPS is using the RADIUS protocol to communicate with the servers and network devices for authentication. This service is mainly used for the Remote user who connect with VPN or wireless access points to access the network resources.
Using an NPS server you can create network policies centrally and can be used in all the networking devices in your network.
KB ID 0000688 Problem Last week I was configuring some 2008 authentication, for authenticating remote clients to a Cisco Firewall. I will say that is a LOT easier to configure, so you might want to check that first.
Solution Step 1 Configure the ASA for AAA RADIUS Authentication 1.Configuration Remote Access. Local Users Server Groups. In the Server group section Add. Give the group a name and accept the defaults OK. Now (with the group selected) In the bottom (Server) section Add. Specify the address, and a shared secret that the will use with the 2008 R2 Server performing OK.
Press Install to start the installation of the role: Press Close to exit from the wizard: Procced with the configuration of the Radius server selecting NAP, then right-click on the server name and press Network Policy Server. Windows Server 2008 (Operating System) windows 2008 windows 2008 radius radius windows 2008 windows 2008 aaa ad radius active directory radius nps windows windows nps Windows 2012 - Radius server installation. HP Switch - RADIUS authentication (JE009A).
![802.1x 802.1x](/uploads/1/2/5/4/125420606/453873624.png)
Configure AAA RADIUS from command line. Aaa-server PNL-RADIUS protocol radius aaa-server PNL-RADIUS (inside) host 172.16.254.223 key 123456 radius-common-pw 123456 exit Step 2 Configure Windows 2012 Server to allow RADIUS 7. On the Windows 2008 Server Launch Server Manager Roles Add Role. If you get a welcome page Next Select Network Policy and Access Server Next Next. Select ‘Network Policy Server’ Next Install.
Close, when complete. Whilst still in Server Manager Network Policy and Access Server NPS (Local). Register Server in Active Directory OK OK. Expand Clients and Servers Right click Clients New. Give the firewall a friendly name, (take note of what this is, you will need it again) Specify its Enter the shared secret you setup above (number 5) OK. Expand policies right click ‘Connection Request Policies’ New Give the policy a name Next.
Add a condition Set the condition to ‘Client Friendly Name’ Add. Specify the name you set up above (number 14) OK Next Next Next. Change the attribute to User-Name Next Finish. Now right click ‘Network Policies’ New Give the policy a name Next. Add a condition User Groups Add. Add in the security group you want to allow access to OK Next Next.
Select ‘ Unencrypted Authentication ” Next No Next Next Finish. Step 3 Test RADIUS Authentication 23.
Back at the, in the same page you were in previously, select your server and then click ‘Test’. Change the selection to Authentication Enter your domain credentials OK.
You are looking for a successful outcome. Note: if it fails check there is physical connectivity between the two devices, the shared secrets match.
Also ensure ports 1645 and 1646 are not being blocked. To Test AAA RADIUS Authentication from Command Line.