Unit-
602/02 2017
NPS, RADIUS
Unit-602 assesment-02 vaishali
Table of Contents
TASK-1 ........................................................................................................................................................... 3
TASK-2 ........................................................................................................................................................... 5
TASK-3 ....................................................................................................................................................... 8
TASK-4 ................................................................................................................................................. 16
2
Unit-602 assesment-02 vaishali
TASK-1
Network policy servers available to configure RADIUS implementation of Microsoft servers
used by Indigo.
RADIUS proxy is a device that forwards or routes RADIUS connection requests and
accounting messages between RADIUS clients (and RADIUS proxies) and RADIUS
servers (or RADIUS proxies). The RADIUS proxy uses information within the RADIUS
message, such as the User-Name or Called-Station-ID RADIUS attributes, to route the
RADIUS message to the appropriate RADIUS server.
The user account database is the list of user accounts and their properties that can be
checked by a RADIUS server to verify authentication credentials and user account
properties containing authorization and connection parameter information.
The user account databases that NPS can use are the local Security Accounts Manager
(SAM), a Microsoft Windows NT 4.0 domain, or Active Directory® Domain Services (AD
DS). For AD DS, NPS can provide authentication and authorization for user or computer
accounts in the domain in which the NPS server is a member, two-way trusted domains,
and trusted forests with domain controllers running Windows Server® 2008; Windows
Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows
Server 2003, Datacenter Edition.
If the user accounts for authentication reside in a different type of database, NPS can
be configured as a RADIUS proxy to forward the authentication request to a RADIUS
server that does have access to the user account database. Different databases for AD
DS include untreated forests, untreated domains, or one-way trusted domains.
RADIUS protocol
A RADIUS client (typically a dial-up server, VPN server, 802.1X authenticating switch,
or wireless access point) sends user credentials and connection parameter information
3
Unit-602 assesment-02 vaishali
2. How do you design configure and implement such a policy server services by changing the current
RAS
NAT
NAT is stand for network address translation. Te concept behind NAT is that many computers can
communicate with NAT devices. For example we have four computers and that connected with same
NAT devices and shared the one IP address it will help to connect easily. It does not required for Ipv6.It
support server only.
Internet connection sharing (ICS)-If we have a small business there we can use ICS it usually helps to
share connection from one computer to another computer. In this we can not connect many computers
at one time. In ICS computer must always be on. ICS helps to change network adapter setting.
Remote access service – remote access services provide two basic services for client first is dial up
services through which client can access RAS server through the modem generally the modem will be a
normal modem rather than standalone modem. The RAS server provides access to the production
network for the client to connect to that modem. It also provide VPN access nowadays VPN access is
become more common where anyone to use modem access when VPN is used the client create a tunnel
through the public internet access the RAS server it means the RAS server need to have the access o
internet for this reason the RAS server is normally a member server.
VPN protocols – RAS support VPN protocols first is PPTP which is point to point tunneling protocol which
is developed by Microsoft protocol. It supported by the most Microsoft operating systems. VPN protocol
also support the TCP/IP . There is 1723 TCP port. Moreover next protocol is L2TP which is known as
layer two tunneling protocol this protocol is an open standard so we can use to connect the non
Microsoft client L2TP also support multiple protocols not just TCP/IP. L2TP can use IPSec for encryption.
The down side of L2TP is that it is not supported by the older operating systems. It also supports Ipv6. It
is better protocol in a lot of ways.
Processor performance depends not only on the clock frequency of the processor also on the number pf
processor cores and the size of the processor cache.
4
Unit-602 assesment-02 vaishali
RAM- minimum ram required 512 MB. If we have a virtual machine with the minimum supported
hardware parameters (1 processor core and 512 mb RAM) and then attempt to install this release on the
virtual machine.
References
http://quatr.us/math/geometry/radius.htm
https://www.draytek.com
TASK-2
Plan , design and install network policy server (NPS) for indigo.
firstly we install NPS in our main server where we have adds dns, dhcp. we have to change the computer
name and we have give the ip address as "172.168.100.15", connect with the main domain as
"indigo.com", and change the country region and turn off the firewalls.
5
Unit-602 assesment-02 vaishali
successfully installed
6
Unit-602 assesment-02 vaishali
7
Unit-602 assesment-02 vaishali
TASK-3
Configure RADIUS server and RADIUS clients.
8
Unit-602 assesment-02 vaishali
9
Unit-602 assesment-02 vaishali
After this go the radius client right click on radius client it will show which we created
after that we need to configure access rule allow for that open network access policy right click on that
select new and fill the policy name
10
Unit-602 assesment-02 vaishali
after this short click on next button then select NPS port type and then add VPN in that following option
11
Unit-602 assesment-02 vaishali
12
Unit-602 assesment-02 vaishali
13
Unit-602 assesment-02 vaishali
Configure remote access servers with necessary VPN protocols and access methods
14
Unit-602 assesment-02 vaishali
15
Unit-602 assesment-02 vaishali
TASK-4
Conduct a research and evaluate the following tunneling protocols.
PPTP - RAS support VPN protocols first is PPTP which is point to point tunneling protocol which
is developed by Microsoft protocol. It supported by the most Microsoft operating systems.
L2TP - . Moreover next protocol is L2TP which is known as layer two tunneling protocol this
protocol is an open standard so we can use to connect the non Microsoft client L2TP also
support multiple protocols not just TCP/IP. L2TP can use IPSec for encryption. The down side of
L2TP is that it is not supported by the older operating systems.
16