Do you password protect your network devices? If so, are you using the same generic password? Wouldn’t it be awesome to leverage your Active Directory logon to sign into your switches?
In this guide, we are going to enable AD authentication on network switches and routers. The workhorse will be the Network Policy Server role in Server 2012/R2. After our server configuration, we will then configure our switches to point to our NPS (RADIUS) device and change their authentication method.
Install and Configure Network Policy Server
As a best practice, use a dedicated server to handle device authentication. In the past, I made the mistake of adding the role to a Domain Controller – this complicated by environment later.
Start the Add Roles and Features Wizard and proceed to the Server Roles screen. Expand Network Policy and Access Services and check the Network Policy Server box. Continue through the Wizard.
From the tools menu, launch the Network Policy Server MMC. For this particular use of NPS, we are going to deal with three specific sections.
The first section, RADIUS Clients, will contain a list of the devices needing to authenticate against Active Directory. The second section, Connection Request Policies, determines what devices can authenticate. The final section, Network Polices, determines who can authenticated and how it is done.