You are on page 1of 16

September 27

Unit-
602/02 2017
NPS, RADIUS
Unit-602 assesment-02 vaishali

Table of Contents
TASK-1 ........................................................................................................................................................... 3
TASK-2 ........................................................................................................................................................... 5
TASK-3 ....................................................................................................................................................... 8
TASK-4 ................................................................................................................................................. 16

2
Unit-602 assesment-02 vaishali

TASK-1
Network policy servers available to configure RADIUS implementation of Microsoft servers
used by Indigo.

RADIUS proxy is a device that forwards or routes RADIUS connection requests and
accounting messages between RADIUS clients (and RADIUS proxies) and RADIUS
servers (or RADIUS proxies). The RADIUS proxy uses information within the RADIUS
message, such as the User-Name or Called-Station-ID RADIUS attributes, to route the
RADIUS message to the appropriate RADIUS server.

A RADIUS server is a device that receives and processes connection requests or


accounting messages sent by RADIUS clients or RADIUS proxies. In the case of
connection requests, the RADIUS server processes the list of RADIUS attributes in the
connection request. Based on a set of rules and the information in the user account
database, the RADIUS server either authenticates and authorizes the connection and
sends back an Access-Accept message or sends back an Access-Reject message. The
Access-Accept message can contain connection restrictions that are implemented by
the access server for the duration of the connection.

User account databases

The user account database is the list of user accounts and their properties that can be
checked by a RADIUS server to verify authentication credentials and user account
properties containing authorization and connection parameter information.

The user account databases that NPS can use are the local Security Accounts Manager
(SAM), a Microsoft Windows NT 4.0 domain, or Active Directory® Domain Services (AD
DS). For AD DS, NPS can provide authentication and authorization for user or computer
accounts in the domain in which the NPS server is a member, two-way trusted domains,
and trusted forests with domain controllers running Windows Server® 2008; Windows
Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows
Server 2003, Datacenter Edition.

If the user accounts for authentication reside in a different type of database, NPS can
be configured as a RADIUS proxy to forward the authentication request to a RADIUS
server that does have access to the user account database. Different databases for AD
DS include untreated forests, untreated domains, or one-way trusted domains.

RADIUS protocol

A RADIUS client (typically a dial-up server, VPN server, 802.1X authenticating switch,
or wireless access point) sends user credentials and connection parameter information
3
Unit-602 assesment-02 vaishali

in the form of a RADIUS message to a RADIUS server. The RADIUS server


authenticates and authorizes the RADIUS client request, and sends back a RADIUS
message response. RADIUS clients also send RADIUS accounting messages to
RADIUS servers. Additionally, the RADIUS standards support the use of RADIUS
proxies. A RADIUS proxy is a computer that forwards RADIUS messages between
RADIUS-enabled computers

2. How do you design configure and implement such a policy server services by changing the current
RAS

There are three stages of remote access connections.

 Connection- make a physical connection between the two parties.


 encryption, protocols are decided.
 Authentication- it help to identify who they are. It checks username, password and certificates.
 Authorization- what they can access this is done through IP filters and NTFS permissions.

NAT

NAT is stand for network address translation. Te concept behind NAT is that many computers can
communicate with NAT devices. For example we have four computers and that connected with same
NAT devices and shared the one IP address it will help to connect easily. It does not required for Ipv6.It
support server only.

Internet connection sharing (ICS)-If we have a small business there we can use ICS it usually helps to
share connection from one computer to another computer. In this we can not connect many computers
at one time. In ICS computer must always be on. ICS helps to change network adapter setting.

Remote access service – remote access services provide two basic services for client first is dial up
services through which client can access RAS server through the modem generally the modem will be a
normal modem rather than standalone modem. The RAS server provides access to the production
network for the client to connect to that modem. It also provide VPN access nowadays VPN access is
become more common where anyone to use modem access when VPN is used the client create a tunnel
through the public internet access the RAS server it means the RAS server need to have the access o
internet for this reason the RAS server is normally a member server.

VPN protocols – RAS support VPN protocols first is PPTP which is point to point tunneling protocol which
is developed by Microsoft protocol. It supported by the most Microsoft operating systems. VPN protocol
also support the TCP/IP . There is 1723 TCP port. Moreover next protocol is L2TP which is known as
layer two tunneling protocol this protocol is an open standard so we can use to connect the non
Microsoft client L2TP also support multiple protocols not just TCP/IP. L2TP can use IPSec for encryption.
The down side of L2TP is that it is not supported by the older operating systems. It also supports Ipv6. It
is better protocol in a lot of ways.

3. hardware and software configuration of recommended solution.

Processor performance depends not only on the clock frequency of the processor also on the number pf
processor cores and the size of the processor cache.

Minimum -1.4 GHz 64-bit processor

4
Unit-602 assesment-02 vaishali

RAM- minimum ram required 512 MB. If we have a virtual machine with the minimum supported
hardware parameters (1 processor core and 512 mb RAM) and then attempt to install this release on the
virtual machine.

It will need Disk space requirement minimum is- 32GB

References

http://quatr.us/math/geometry/radius.htm

https://www.draytek.com

TASK-2
Plan , design and install network policy server (NPS) for indigo.

firstly we install NPS in our main server where we have adds dns, dhcp. we have to change the computer
name and we have give the ip address as "172.168.100.15", connect with the main domain as
"indigo.com", and change the country region and turn off the firewalls.

5
Unit-602 assesment-02 vaishali

successfully installed

go to tools open NPS

6
Unit-602 assesment-02 vaishali

after that open template management create shared key

7
Unit-602 assesment-02 vaishali

TASK-3
Configure RADIUS server and RADIUS clients.

after this we need to create new RADIUS client

8
Unit-602 assesment-02 vaishali

we given the friendly name here new rad

9
Unit-602 assesment-02 vaishali

After this go the radius client right click on radius client it will show which we created

after that we need to configure access rule allow for that open network access policy right click on that
select new and fill the policy name

here we gave name allow user

10
Unit-602 assesment-02 vaishali

after this short click on next button then select NPS port type and then add VPN in that following option

11
Unit-602 assesment-02 vaishali

RAS server in that server we need to install remote access.

12
Unit-602 assesment-02 vaishali

after installing remote access we need to configure remote access

13
Unit-602 assesment-02 vaishali

Configure remote access servers with necessary VPN protocols and access methods

14
Unit-602 assesment-02 vaishali

There is option for VPN and Dial up

After this we can see RAS has has been configured

15
Unit-602 assesment-02 vaishali

TASK-4
Conduct a research and evaluate the following tunneling protocols.

PPTP - RAS support VPN protocols first is PPTP which is point to point tunneling protocol which
is developed by Microsoft protocol. It supported by the most Microsoft operating systems.

L2TP - . Moreover next protocol is L2TP which is known as layer two tunneling protocol this
protocol is an open standard so we can use to connect the non Microsoft client L2TP also
support multiple protocols not just TCP/IP. L2TP can use IPSec for encryption. The down side of
L2TP is that it is not supported by the older operating systems.

16