Table of Contents. Windows 2008 Network Policy Server can be used to authenticate and grant access to wireless domain member computers in a Windows Active Directory domain using. In this example, access is granted to members of the Domain Security Group MACAuth placing them on VLAN 500. For more information, please refer to our documentation on. Add the Gateway AP as a RADIUS client Please refer to our documentation on. Configure Users in AD.

Users need to be configured in Active Directory to match the MAC Address of the computers connecting over 802.1x. User name must match the MAC of the client exactly and must be all lowercase letters. Set the password for the user to the MAC address, again in all lowercase. Configuring a Connection Request Policy. From the Network Policy Server console navigate to NPS - Policies - Connection Request Policies. Right click Connection Request Policies and select New. On the Specify Connection Request Policy Name and Connection Type page create a Policy name and verify Unspecified is selected in the ' Type of network access server:' drop down.

Click Next. On the Specify Conditions page click Add the following condition:. NAS Port Type: Select Wireless – IEEE 802.11 and Wireless -Other.

Click OK and review the conditions then Click Next. Click Next on the Specify Connection Request Forwarding page. On the Specify Authentication Methods page click Next. Click Next on the Configure Settings page.

Review the Policy and click Finish. The Connection request policy should appear similar to the image below:. Right-click the policy created and select Move up, placing the policy above any existing deny policies. Configuring a Network Policy. From the Network Policy Server console navigate to NPS - Policies - Network Policies. Right click Network Policies and select New.

On the Specify Network Policy Name and Connection Type create a Policy name and verify Unspecified is selected in the ' Type of network access server:' drop down. Click Next. On Specify Conditions click Add and set the following conditions:. Windows Group: Choose Domain Users group from the Windows Active Directory domain. NAS Port Type: Select Wireless – IEEE 802.11 and Wireless -Other. On the Specify Access Permission page select Access granted and click Next. On the Configure Authentication Methods page make sure Unencrypted authentication (PAP,SPA) is the only method checked and click Next.

Click Next on the Configure Constraints page. ( optional to specify vlans) For Configure Settings in the Settings pane, choose RADIUS Attributes Standard. Click Add to select the following attributes used to assign VLAN information via a RADIUS Accept message. Tunnel-Medium-Type: Choose 802 (Includes all 802 media plus Ethernet canonical format) for the Attribute value Commonly used for 802.1X.

Tunnel-Pvt-Group-ID: Choose String and enter 500. This string will specify the VLAN ID 500. Tunnel-Type: Choose Attribute value Commonly used for 802.1X and select Virtual LANs (VLANs). Once the correct RADIUS attributes are selected click Next. Review the policy settings and click Finish.

Disable NAP Enforcement. Open the Properties of the Policy created. Click the Settings tab. Choose NAP Enforcement from the Settings pane. For Auto Remediation un-check the box Enable auto remediation on client computers and click OK. The network policy should look similar to the image below:. Right-click the policy created and select Move up, placing the policy above any existing deny policies.

Test From the Dashboard. Set up you SSID as shown in the image at the bottom of this page. Fill in your server’s IP address:.

Nps Condition Mac Address

Use the test button to test your MAC address. Now clients with that MAC address can connect to your SSID using MAC-based RADIUS Authentication.