Windows 2012 NPS server configuration

江伟 章 61 Reputation points
2022-04-02T04:41:08.373+00:00

I built a windows2012 NPs server for radius authentication, and successfully authenticated the MAC certificate of the access terminal through this server. Now you want to attach some authentication conditions, such as the SSID of the wireless network. In the authentication information of the client, you can see the field "called station identifier", which contains the information of "AP MAC: SSID" accessed by the user. How to add the judgment of user access SSID to the network policy conditions of NPs.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,511 Reputation points
    2022-04-06T21:34:41.61+00:00

    Hi,

    The 'Call Station ID' is one of the RADIUS attributes that we can use for our SSID matching logic in our policy. From my experience of a number of wireless vendors, this seems to be the RADIUS attribute that is most commonly sent by an EAP authenticator (i.e. AP or WLC) that contains SSID information that we can use to pattern match.

    The actual attribute contains the MAC address of the client, together with the text of the SSID name in a format similar to this:

    00-00-bb-cc-dd-ee:<SSID_Name>

    In the attribute value that we specify in our policy to match our SSID, we are actually specifying a regular expression to match the end of the Call Station ID string (i.e. our SSID). For instance, if our SSID name is "Staff_Net", then to match it in our policy, we simply put a dollar symbol ($) at the end of the string we want to match. In this case, we simply put the value: "Staff_Net$"

    Here's more information regarding NPS security:

    https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure

    I hope this answers your question.

    -------------

    --If the reply is helpful, please Upvote and Accept as answer--


0 additional answers

Sort by: Most helpful