NPS cannot distinguish authentications over two different network

Namless Shelter 231 Reputation points
2023-06-07T08:15:09.64+00:00

Dear Friends,

I got an issue with my NPS policy. Now I have set up 2 different Wifi network on Aruba IAP. One 802.1x network A is for only windows trusted devices, another 802.1x network B is for user to connect their personal devices by using their ad username and password...

Now, both networks are authenticating and connecting successfully, however, my goal is to restrict Network A for only domain trusted device, users cannot connect by their username and password to Network A. But Seems network A always can connect by username and password..

On NPS policy part, I put two policies from top to bottom, it does not give me the if else condition, it only does multiple options "switch A & B" top to bottom condition, So How can I implement "if else" to two different SSID by NPS?

Thanks a lot, Namless

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,364 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,421 Reputation points
    2023-06-08T10:39:07.1833333+00:00

    Hello there,

    There are two ways to restrict access for VPN clients. One is to use NAP with remediation server groups. The other method can be used with NAP or without it and involves configuring IP filters.

    All you need to do is add an IP filter to the network policy that is matched by your VPN client when they enter the network. You can set the filter to allow access to a certain network, or to deny access to a certain network. Below is an example of how to deny access to the entire 10.0.0.0/8 network. You do not need NAP for this.

    To make these determinations, NPS uses network policies that are configured in the NPS console. NPS also examines the dial-in properties of the user account in Active Directory® Domain Services (AD DS) to perform authorization.

    https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-overview

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.