Share via

Difference between Connection Request Polices and Network Policies in NPS

Janus Bariñan 1,126 Reputation points
2021-01-19T07:06:41.97+00:00

Hi,

What is the difference between Connection Request Polices and Network Policies in NPS? It seems that you can specify the same set of policies in them. Could I put all policies on CRP or spread some to NP?

How are policies evaluated? Does it check the CRP section first before going to NP section?

Thanks!

Windows for business Windows Server Devices and deployment Set up, install, or upgrade

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-01-19T09:09:47.133+00:00

    Hi ,

    Connection request policies allow you to designate whether connection requests are processed locally or forwarded to remote RADIUS servers.

    A network policy is a set of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect.

    Network policies can be viewed as rules. Each rule has a set of conditions and settings. NPS compares the conditions of the rule to the properties of connection requests. If a match occurs between the rule and the connection request, the settings defined in the rule are applied to the connection.

    For example ,in network policies' access permission, you can configure the policy to either grant or deny access to users if the conditions and constraints of the network policy are matched by the connection request.

    For more details about Connection request policies and Network Policies, you can refer to the following articles:

    Connection Request Policies

    Network Policies

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Janus Bariñan 1,126 Reputation points
    2021-01-30T13:56:07.783+00:00

    I have 1 connection requests policy and 2 network policies.

    CRP condition is for wireless 802.11. No other settings on the settings tab.

    Network Policy 1 (Processing Order 1) for Wireless Access Controllers:
    Condition is NAS IPv4 Address of Wireless Access Controllers (ethernet connection)
    with authentication method PAP, SPAP

    Network Policy 2 (Processing Order 2):
    Condition is for a windows security group
    w/ EAP method Microsoft: Protected EAP (PEAP)

    Question:
    Wireless controller is connected via ethernet, so no CRP match. But there is a Network policy match. AAA authentication test in the wireless controller is successful.
    Wireless machine can also authenticate successfully
    So CRP not necessary?

    When NP1 is set to Processing Order 2 the wireless controller fails AAA authentication test.
    While wireless device can authenticate successfully.
    Does processing order matter?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.