다음을 통해 공유

NAS Port type condition and NPS

  • 아티클

Network Policy Sever (NPS) has a wizard that can create connection request policies and network policies for you.

  • Connection request policies are used to authenticate (verify the identity) of a user.
  • Network Policies are used to authorize (set access permissions) of a user.

When you use the wizard to create connection request policies and network policies for wired and wireless access, a condition is added to the policy to help match access requests by an 802.1X supplicant. This condition is:

NAS Port Type: Ethernet

This condition causes a problem with some network access devices, particularly newer Cisco devices. The network access server (NAS) section from an NPS event log for this type of device is shown below.

NAS:
**    NAS IPv4 Address:        192.168.10.2
    NAS IPv6 Address:        -
    NAS Identifier:                ap
    NAS Port-Type:              Async
    NAS Port:                         -

**As you can see, the NAS Port-Type is reported as Async, not Ethernet. Async is typically a media type for VPN.

To repair this problem and allow the 802.1X supplicant to correctly match your policy, remove the NAS Port Type condition from connection request policy and network policy, or change the condition from Ethernet to Async.