When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place.
Since I allready had an w2k8R2 NPS running for my access points I thought I'd use that. Though there are plenty of examples to find, none of them worked for my specific setup (I think it is the R2). So what better place there is to put one but here at EE.
Here we go.
First, if you haven't allready done so, install NPS on your server:
-Start server manager, right-click roles and choose 'add role'.
-In the Server Roles screen, tick 'Network Policy and Access Server'
(Here it's allready installed)
-Now do the 'next', 'install', 'finish' part and presto! NPS is installed.
Now we need to configure the NPS so the switch(es) will be able to authenticate against it:
-Start NPS: Start->Admin Tools->Network Policy Server
-On the left side, go to: RADIUS Clients and Servers->RADIUS Clients
-Right click on 'RADIUS Clients' and select 'new'
-Under the settings tab, choose a friendly name for the client so you can identify it.
-Enter the ip address of the switch.
-Enter or generate a shared secret.
-Go to the Advanced tab and change the vendor name to 'Cisco'
-Click ok and the client is finished.
Connection Request Policy
-On the left …