Set up RADIUS Clients by IP Address Range

Updated: February 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Use this procedure to configure two or more network access servers as RADIUS clients in NPS by using an IP address range. If you are running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter, you can configure RADIUS clients in NPS by IP address range. This allows you to add a large number of RADIUS clients (such as wireless access points) to the NPS console at one time, rather than adding each RADIUS client individually.

You cannot configure RADIUS clients by IP address range if you are running NPS on Windows Server 2008 Standard.

Use this procedure to add a group of network access servers (NASs) as RADIUS clients that are all configured with IP addresses from the same IP address range.

All of the RADIUS clients in the range must use the same configuration and shared secret.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

  1. On the NPS server, click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.

  2. In the NPS console, double-click RADIUS Clients and Servers. Right-click RADIUS Clients, and then click New RADIUS Client.

  3. In New RADIUS Client, in Friendly name type a display name for the collection of NASs.

  4. In New RADIUS Client, in Address (IP or DNS), type the IP address range for the RADIUS clients by using Classless Inter-Domain Routing (CIDR) notation. For example, if the IP address range for the NASs is 10.10.0.0, type 10.10.0.0/16.

  5. In New RADIUS Client, in Vendor, specify the NAS manufacturer name. If you are not sure of the NAS manufacturer name, or if you have NASs from multiple vendors, select RADIUS Standard.

  6. In New RADIUS Client, in Shared secret, do one of the following:

    • Ensure that Manual is selected, and then in Shared secret, type the strong password that is also configured on all of the NASs. Retype the shared secret in Confirm shared secret.

    • Select Generate, and then click Generate to automatically generate a shared secret. Save the generated shared secret for configuration on the NASs so that they can communicate with the NPS server.

  7. In New RADIUS Client, in Additional Options, if you are using any authentication methods other than EAP and PEAP, and if all of your NASs support use of the message authenticator attribute, select Access Request messages must contain the Message Authenticator attribute.

  8. In New RADIUS Client, in Additional Options, if you plan on deploying Network Access Protection (NAP) and all of your NASs support NAP, select RADIUS client is NAP-capable.

  9. Click OK. Your NASs appears in the list of RADIUS clients configured on the NPS server.

Community Additions

ADD
Show: