- NPS PEAP authentication setup: On the NPS, create a new policy by clicking NPS(local) and then select RADIUS server for 802.1X wireless or Wired Connections and then proceed to click configure 802.1x which will open a wizard that will guide you to create an NPS policy.
- On February 6, 2017, the Microsoft Azure AD team announced the public preview of Azure MFA cloud based protection for on-premises VPNs. This is facilitated via a downloadable extension that integrates directly with the Windows Server Network Policy Server (NPS) role.
- All switches that that need to authenticate connecting devices must be added as RADIUS clients on in NPS. Below are the steps to add the switches as RADIUS clients. 1) Open the NPS Server Console by going to Start Programs Administrative Tools Network Policy Server. 2) In the Left pane, expand the RADIUS Clients and Servers option.
title | description | manager | ms.prod | ms.technology | ms.topic | ms.assetid | ms.author | author |
---|---|---|---|---|---|---|---|---|
You can use this topic to configure the ports that Network Policy Server (NPS) uses for Remote Authentication Dial-In User Service (RADIUS) authentication and accounting traffic in Windows Server 2016. | windows-server | article | pashort |
Configure RADIUS server for VPN. After NPS is installed, you should have a basic configuration, set a friendly name, the IP address and a shared secret with the virtual private network (VPN) client. Open the Network Policy Server console, from server manager or by typing NPS.MSC at an elevated command prompt. Once the proxy is up and running, you need to configure your RADIUS clients to use it for authentication. In your clients' settings, set the RADIUS server IP to the IP address of your authentication proxy, the RADIUS server port to 1812, and the RADIUS secret to the appropriate secret you configured in the radiusserverauto section.
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016
You can use the following procedure to configure the ports that Network Policy Server (NPS) uses for Remote Authentication Dial-In User Service (RADIUS) authentication and accounting traffic.
By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both Internet Protocol version 6 (IPv6) and IPv4 for all installed network adapters.
[!NOTE]If you uninstall either IPv4 or IPv6 on a network adapter, NPS does not monitor RADIUS traffic for the uninstalled protocol.
The port values of 1812 for authentication and 1813 for accounting are RADIUS standard ports defined by the Internet Engineering Task Force (IETF) in RFCs 2865 and 2866. However, by default, many access servers use ports 1645 for authentication requests and 1646 for accounting requests. No matter which port numbers you decide to use, make sure that NPS and your access server are configured to use the same ones.
[IMPORTANT]If you do not use the RADIUS default port numbers, you must configure exceptions on the firewall for the local computer to allow RADIUS traffic on the new ports. For more information, see Configure Firewalls for RADIUS Traffic.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
To configure NPS UDP port information
- Open the NPS console.
- Right-click Network Policy Server, and then click Properties.
- Click the Ports tab, and then examine the settings for ports. If your RADIUS authentication and RADIUS accounting UDP ports vary from the default values provided (1812 and 1645 for authentication, and 1813 and 1646 for accounting), type your port settings in Authentication and Accounting.
- To use multiple port settings for authentication or accounting requests, separate the port numbers with commas.
For more information about managing NPS, see Manage Network Policy Server.
Radius Ports 1812 And 1813
For more information about NPS, see Network Policy Server (NPS).