Any suggestions? Export (0) Print
Expand All

Vendor-Specific Attributes in NPS

Applies To: Windows Server 2008

Vendor specific attributes

In addition to the RADIUS standard attributes, which are described in Request for Comments (RFC) 2865 and RFC 2866, you can configure vendor-specific attributes (VSAs) in Network Policy Server (NPS) network policy and connection request policy that are returned to RADIUS clients in RADIUS response messages.

VSAs allow RADIUS client vendors, such as the manufacturers of wireless access points, 802.1X authenticating switches, and devices that act as virtual private network (VPN) servers, to support their own proprietary RADIUS attributes that are not included in the RFCs. NPS includes VSAs from a number of vendors in its dictionary; however, the NPS dictionary does not include VSAs for all vendors.

Some network access server (NAS) manufacturers use VSAs to provide functionality that is not supported in RADIUS standard attributes. NPS enables you to create or edit VSAs to take advantage of proprietary functionality supported by some NAS vendors.

For more information about vendor-specific functionality and the VSAs that you can configure, see your access server documentation.

Before adding a VSA, check the list of attributes in the NPS dictionary. If the required VSA is present, use it. If not, you can add the VSA to the settings of the network policy.

VSA format

If you want to add VSAs to the settings of a network policy, you must first determine whether the VSA conforms to the format that is recommended in RFC 2865. The way in which you add the VSA to the network policy differs, depending on whether the VSA conforms to the RFC.

If the VSA format does conform to the RFC, you must specify:

  • A network access vendor by either name or vendor code.

  • A vendor-assigned attribute number.

  • The attribute format (that is, the type of data, such as string or hexadecimal).

  • The attribute value.

If the VSA format does not conform to the RFC, you must specify:

  • A network access vendor by either name or vendor code.

  • A hexadecimal attribute value that represents the attribute data.

See Also

Community Additions

© 2016 Microsoft