This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 85%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Currently I have one NPS RADIUS server setup for multiple forests (two-way trust). There is one VPN server connecting to the RADIUS server to authenticate users from both forests. So far this is working good with the below network policy conditions:
However, I have a request to add in the evaluation on user client IPv4 address. So I went to add in the Client Access IPv4 Address conditions but after that users failed to authenticate. Modified policy as below:
The user machine network segment is 192.168.1.x. Therefore I added this segment into the network policy but its not working. When I removed this condition, users can authenticate without any issue. Error from event logs is as below:
Hi ,
I have tested in my lab with following results:
If we configure client's IP in Access Client IPv4 Address , NPS will deny it.
If we use Calling Station ID , then it will work.
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Candy,
Thanks a lot, this fixed my issue.
You are welcome. :)
Hi ,
I would suspect it is related with syntax. If you want to specify a range of IP addresses that begin with 192.168.1, the syntax is: 192\.168\.1\..+
For your reference:
Examples for network policy attributes
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @Candy Luo ,
Does the syntax pattern applies to all other conditions as well from Connection Request Policy/Network Policy ?
From official document ,you can use Regular Expressions syntax to specify the conditions of network policy attributes and RADIUS realms. Have you tried the syntax of 192\.168\.1\..+ in Access Client IPv4 Address condition? Could it be work?
Hi Candy,
I've tried to change the syntax but still not able to authenticate with the same error logged in NPS event log.
Might check the NPS log to see whether the Client's IP address shows up as Calling Station ID.
Here is a similar thread, check if it is helpful with you:
Network Policy Condition "Access Client IPv4 Address" does not work