Microsoft IAS Configuration - Adding New Remote Access Policy

Adding a RADIUS client into your IAS serves no purpose if there are no access policies controlling authentication requests inbound to the IAS from thw 802.1x enabled switch.

This page will show you how a remote access policy can be added and used to authenticate and authorize your users.

Right click on "Remote Access Policies" and select "New Remote Access Policies".

Click Next.

Give the policy a name.

Select "Ethernet" for Access Method.

Add a new group that will match this policy. In this case, we will authenticate all domain users. As long as you have a valid domain account, you will be granted access. Select "Group" and click "Add".

Add in "Domain Users".

In this case, we will be using PEAP (Protected EAP). You can read more about it here. Under "Type", select "Protected EAP (PEAP)". Click on "Configure".

Ensure that the EAP type has been selected as "Secured Password (EAP-MSCHAP v2)". You may use a certificate in this case too. This will allow the clients (connecting PCs) to validate the identity of your server. However, this can be left blank.

Click "Finish" to end the wizard.

You should see a new remote access policy added. Do note that this really works like a firewall. If a match is found in rule 1, it will not bother assessing rule 2.