Previously introduced the RADIUS wireless authentication scheme based on Windows2012 NPS, article: http://blog.51cto.com/hubuxcg/1636719?cid=702921#702921 today, based on the Windows NPS RADIUS Configuration Dynamic vlan!
For the initial configuration section of NPS, refer to the previous article, which is only described in connection with VLAN configuration.
1. In the NPS policy, add the connection policy, select Secure Wired (Ethernet) connection
2. Add the network device name, IP address, and authentication password that you need to call raids, and then configure the network settings later.
3. Select the authentication method: PEAP
4. Select an existing certificate
5, add the user, here need to change the user Configuration VLAN, so we select the configured group: VLAN100
6, configure the transport control, open the configuration:
7, Tunnel-type:vlan
8, tunnel-medium-type:802
9. tunnel-pvt-group-id:100 (VLAN ID on switch)
10, the above three configuration completion point completed.
11. After the configuration is complete, the results are as follows:
12, repeat the above operation, add the user group that need to configure \vlan corresponding configuration:
13, confirm the exit, to this Windows side of the RADIUS configuration is complete, the following is the authentication configuration of the Cisco switch: Enable radius\ configuration on the switch Raidus server information:
AAA New-model
AAA Authentication dot1x Default Group radius
AAA Authorization Network Default group RADIUS
Radius-server Host 192.168.1.2 Key 123456
Radius-server VSA Send Authentication
14. Port configuration on the switch vlan\ enable PAE authentication
Switchport mode access
Authentication Port-control Auto
DOT1X PAE Authenticator
Spanning-tree Portfast
15, Configuration Complete!
RADIUS dynamic VLAN based on Windows2012 NPS