Hi,

I am configuring our Cisco devices to authenticate logins against a RADIUS server. For this I am using Windows Network Protection Server (formally IAS).

I have a configured a Network Policy that works successfully against one router. I want to apply the same policy to a number of devices (30+) but I can not see a logical way of doing this.

At the moment I have the following settings;

Conditions

Client Friendly Name  Router1

User Groups              CiscoAdmin_Lvl15

Settings

Cisco-AV-Pair          Shell:priv-lvl=15

Access Permission  Grant Access

Service-Type            Login

I thought I would be able to add multiple RADIUS Clients to the server, and then add the RADIUS Client names to the 'Client friendly Name' condition. But as soon as I add an extra client name the exisiting policy stops working, and I can not login to the router.

Does anyone know of a way to get around this? Is there a RADIUS parameter that can be sent to the RADIUS server at the time of login that can be used as part of a Network Policy condition?

I want to avoid having to create a unique network policy for each individual router/switch.

Thanks,

Paul