I am configuring our Cisco devices to authenticate logins against a RADIUS server. For this I am using Windows Network Protection Server (formally IAS).
I have a configured a Network Policy that works successfully against one router. I want to apply the same policy to a number of devices (30+) but I can not see a logical way of doing this.
At the moment I have the following settings;
Client Friendly Name Router1
User Groups CiscoAdmin_Lvl15
Access Permission Grant Access
I thought I would be able to add multiple RADIUS Clients to the server, and then add the RADIUS Client names to the 'Client friendly Name' condition. But as soon as I add an extra client name the exisiting policy stops working, and I can not login to the router.
Does anyone know of a way to get around this? Is there a RADIUS parameter that can be sent to the RADIUS server at the time of login that can be used as part of a Network Policy condition?
I want to avoid having to create a unique network policy for each individual router/switch.
I've got this working against multiple devices now, details below if anyone's interested.
When you create the RADIUS Clients on the NPS Server, give them all the same prefix, for example;
Name Switches SW-switchhostname
Name Routers RT-routerhostname
When you add the Client Friendly Name condition to the Network Policy, enter the name as SW-? for switches. or RT-? for routers. This makes the policy check for devices that have a 'Client Friendly Name' with a prefix of SW- or RT-.