Configure NPS on a Multihomed Computer

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

A computer with multiple network adapters installed is known as a multihomed computer. When you use multiple network adapters in an NPS server, you can configure the following:

  • The network adapters that do and do not send and receive RADIUS traffic.

  • On a per-network adapter basis, whether NPS monitors RADIUS traffic on Internet Protocol version 4 (IPv4), IPv6, or both IPv4 and IPv6.

  • The UDP ports over which RADIUS traffic is sent and received on a per-protocol (IPv4 or IPv6), per-network adapter basis.

By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both IPv6 and IPv4 for all installed network adapters. Because NPS automatically uses all network adapters for RADIUS traffic, you only need to specify the network adapters that you want NPS to use for RADIUS traffic when you want to prevent NPS from using an adapter for RADIUS traffic.

Note

If you uninstall either IPv4 or IPv6 on a network adapter, NPS does not monitor RADIUS traffic for the uninstalled protocol.

On an NPS server that has multiple network adapters installed, you might want to configure NPS to send RADIUS traffic only on a specific adapter.

For example, one network adapter installed in the NPS server might lead to a network segment that does not contain RADIUS clients, while a second network adapter provides NPS with a network path to its configured RADIUS clients. In this scenario it is important to direct NPS to use the second network adapter for all RADIUS traffic.

In another example, if your NPS server has three network adapters installed, but you only want NPS to use two of the adapters for RADIUS traffic, you should configure port information for the two adapters only. By excluding port configuration for the third adapter, you prevent NPS from using the adapter for RADIUS traffic.

When you use the procedure in Configure NPS UDP Port Information, you can configure NPS to listen for and send RADIUS traffic on a network adapter by using the following syntax:

  • **IPv4 traffic syntax:**IPAddress:UDPport, where IPAddress is the IPv4 address that is configured on the network adapter over which you want to send RADIUS traffic, and UDPport is the RADIUS port number that you want to use for RADIUS authentication or accounting traffic.

  • IPv6 traffic syntax:[IPv6Address]:UDPport, where the brackets around IPv6Address are required, IPv6Address is the IPv6 address that is configured on the network adapter over which you want to send RADIUS traffic, and UDPport is the RADIUS port number that you want to use for RADIUS authentication or accounting traffic.

The following characters can be used as delimiters for configuring IP address and UDP port information:

  • Address/port delimiter: colon (:)

  • Port delimiter: comma (,)

  • Interface delimiter: semicolon (;)

Make sure that your network access servers are configured with the same RADIUS UDP ports that you configure on your NPS servers. The RADIUS standard UDP ports defined in RFCs 2865 and 2866 are 1812 for authentication and 1813 for accounting; however, some access servers are configured by default to use UDP port 1645 for authentication requests and UDP port 1646 for accounting requests.

Important

If you do not use the default RADIUS ports, you must configure exceptions on the firewall for the local computer to allow RADIUS traffic on the new ports.