I have a small - ish network / server deployment in my home office that is primarily for lab testing and learning new technologies before using them in the real world. I have been trying to figure this one out, but I'm kinda stumped now. Most of the articles I read about this reference Windows server 2008. I mean come on people its 2015! Anyway here is the crux of the matter:
MS AD with NPS running as Radius Server. Works great for all network devices, 802.1x WiFi devices and even VPN authentication. But when I take it offline or I have to reboot it to make a change (it has several HyperV VM's running on it, I lose access to my WiFi, network devices,etc. I have a second Domain Controller (also 2012r2) on a VM on VMSphere 6.0. I added NPS to it, copied all the policies from the original NPS to it, and the only thing I changed was the certificates because it complained of the certs not being valid on the box. I added the 2nd entry to all the clients (except for the individual workstations which get their info from a Cisco 2504 WLC).
If the primary DC goes down and I am not wired in, within minutes, I lose my WiFi as it connot authenticate and I cannot access and network devices or ASDM or VPN.
So, here are my possible solutions, in no particular order.....
1. Buy a cheap server that I can setup as the AD DC and put nothing but AD services and NPS on it.
2. Convert the existing AD DC to a secondary controller and remove NPS, then re-add NPS and use it strictly as a Proxy setting all the clients to point to it
3. Remove the NPS from the current Secondary controller and then re-add is strictly as an NPS server and use it as a Proxy.
Seems very expensive for a lab, but I cannot affect people who are in on line classes at the home office while I am "playing".
I have a (licensed) copy of Cisco ACS. But only 1 so I would be in the same situation. Any thoughts? Help? Please?