在 [多重位址的電腦上設定 NPSConfigure NPS on a Multihomed Computer

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用本主題有多個網路介面卡設定 NPS 伺服器。You can use this topic to configure an NPS server with multiple network adapters.

當您在執行的網路原則 Server (NPS) 伺服器使用多個網路介面卡時,您可以設定下列各項:When you use multiple network adapters in a server running Network Policy Server (NPS), you can configure the following:

  • 執行,並執行未傳送和接收撥號使用者服務遠端驗證 (RADIUS) 流量網路介面卡。The network adapters that do and do not send and receive Remote Authentication Dial-In User Service (RADIUS) traffic.
  • 在每次網路介面卡,是否 NPS 監視 RADIUS 流量網際網路通訊協定第 4 版 (IPv4)、IPv6,或 IPv4 和 IPv6 上。On a per-network adapter basis, whether NPS monitors RADIUS traffic on Internet Protocol version 4 (IPv4), IPv6, or both IPv4 and IPv6.
  • 透過哪些 RADIUS 交通傳送和接收上每一位通訊協定 UDP 連接埠號碼 \(IPv4 或 IPv6\)-網路介面卡的方式。The UDP port numbers over which RADIUS traffic is sent and received on a per-protocol (IPv4 or IPv6), per-network adapter basis.

根據預設,NPS 接聽 RADIUS 流量連接埠 1812 年,1813 年、1645 年 1646 IPv6 與 IPv4 所有已安裝的網路介面卡。By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both IPv6 and IPv4 for all installed network adapters. 因為 NPS RADIUS 流量自動使用所有網路介面卡,您只需要指定您希望 NPS RADIUS 使用的網路介面卡流量當您想要使用的特定網路介面卡,防止 NPS。Because NPS automatically uses all network adapters for RADIUS traffic, you only need to specify the network adapters that you want NPS to use for RADIUS traffic when you want to prevent NPS from using a specific network adapter.

注意

如果您解除安裝 IPv4 或 IPv6 網路介面卡、NPS 不會監視 RADIUS 傳輸通訊協定解除安裝。If you uninstall either IPv4 or IPv6 on a network adapter, NPS does not monitor RADIUS traffic for the uninstalled protocol.

NPS 在伺服器上已安裝多個網路介面卡,您可以設定 NPS 傳送和接收 RADIUS 流量只在指定的介面卡。On an NPS server that has multiple network adapters installed, you might want to configure NPS to send and receive RADIUS traffic only on the adapters you specify.

例如,不包含用 RADIUS 戶端網路區段可能會導致安裝在伺服器 NPS 一個網路介面卡時提供的第二個網路介面卡, 設定網路路徑 NPS RADIUS 戶端。For example, one network adapter installed in the NPS server might lead to a network segment that does not contain RADIUS clients, while a second network adapter provides NPS with a network path to its configured RADIUS clients. 在本案例中,請務必直接 NPS 第二個的網路介面卡用於所有 RADIUS 傳輸。In this scenario, it is important to direct NPS to use the second network adapter for all RADIUS traffic.

在另一部範例中,如果 NPS 伺服器有三種網路介面卡,安裝,但您只想 NPS RADIUS 流量,使用的介面卡兩個您可以設定連接埠的兩個的介面卡的資訊。In another example, if your NPS server has three network adapters installed, but you only want NPS to use two of the adapters for RADIUS traffic, you can configure port information for the two adapters only. 藉由排除第三個配接器連接埠設定,您阻止 NPS RADIUS 流量使用介面卡。By excluding port configuration for the third adapter, you prevent NPS from using the adapter for RADIUS traffic.

使用網路介面卡Using a network adapter

若要設定 NPS 接聽和傳送 RADIUS 流量網路介面卡,請使用下列語法」的網路原則伺服器中 NPS 主機上:To configure NPS to listen for and send RADIUS traffic on a network adapter, use the following syntax on the Properties dialog box of Network Policy Server in the NPS console:

  • IPv4 流量語法:IPAddress:UDPport 位置 IPAddress IPv4 位址設定您想要傳送 RADIUS 流量,透過這的網路介面卡,UDPport 且想要使用適用於 RADIUS 驗證或計量流量 RADIUS 連接埠號碼。IPv4 traffic syntax: IPAddress:UDPport , where IPAddress is the IPv4 address that is configured on the network adapter over which you want to send RADIUS traffic, and UDPport is the RADIUS port number that you want to use for RADIUS authentication or accounting traffic.
  • IPv6 流量語法: [IPv6Address]: UDPport 位置括 IPv6Address 所需、IPv6Address IPv6 位址上您想要傳送 RADIUS 流量的網路介面卡設定並 UDPport 是您想要使用適用於 RADIUS 驗證或計量流量 RADIUS 連接埠號碼。IPv6 traffic syntax: [IPv6Address] : UDPport , where the brackets around IPv6Address are required, IPv6Address is the IPv6 address that is configured on the network adapter over which you want to send RADIUS traffic, and UDPport is the RADIUS port number that you want to use for RADIUS authentication or accounting traffic.

可以為分隔字元使用下列字元設定 IP 位址與 UDP 連接埠資訊:The following characters can be used as delimiters for configuring IP address and UDP port information:

  • 地址埠分隔字元:分號(:)Address/port delimiter: colon (:)
  • 連接埠分隔字元:逗號(,)Port delimiter: comma (,)
  • 介面分隔字元:分號(;)Interface delimiter: semicolon (;)

設定網路存取伺服器Configuring network access servers

請確定您的網路存取伺服器已使用您設定在您 NPS 伺服器的相同 RADIUS UDP 連接埠號碼。Make sure that your network access servers are configured with the same RADIUS UDP port numbers that you configure on your NPS servers. RADIUS 標準 UDP 連接埠 2865 年和 2866 Rfc 所述的驗證 1812 年和 1813,用於會計;不過,有些存取伺服器計量要求驗證要求 UDP 連接埠 1645 年與 UDP 連接埠 1646 年使用預設設定。The RADIUS standard UDP ports defined in RFCs 2865 and 2866 are 1812 for authentication and 1813 for accounting; however, some access servers are configured by default to use UDP port 1645 for authentication requests and UDP port 1646 for accounting requests.

重要

如果您不使用 RADIUS 預設連接埠號碼,您必須設定例外防火牆允許上新的連接埠 RADIUS 流量本機電腦上。If you do not use the RADIUS default port numbers, you must configure exceptions on the firewall for the local computer to allow RADIUS traffic on the new ports. 如需詳細資訊,請查看設定防火牆 RADIUS 流量的For more information, see Configure Firewalls for RADIUS Traffic.

設定多重主目錄 NPS 伺服器Configure the multihomed NPS server

您可以使用下列程序,設定多重主目錄 NPS 伺服器。You can use the following procedure to configure your multihomed NPS server.

資格在網域系統管理員,或相當於,才能完成此程序最小值。Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.

若要指定的網路介面卡和 NPS RADIUS 流量使用 UDP 連接埠To specify the network adapter and UDP ports that NPS uses for RADIUS traffic

  1. 在伺服器管理員中,按一下 [工具,然後按一下 [的網路原則伺服器打開 NPS 主機。In Server manager, click Tools, and then click Network Policy Server to open the NPS console.

  2. 以滑鼠右鍵按一下的網路原則伺服器,然後按一下 [屬性Right-click Network Policy Server, and then click Properties.

  3. 按一下連接埠索引標籤,然後在名稱前面加上您想要使用的現有的連接埠號碼 RADIUS 流量之網路介面卡的 IP 位址。Click the Ports tab, and prepend the IP address for the network adapter you want to use for RADIUS traffic to the existing port numbers. 例如,如果您想要使用的 IP 位址 192.168.1.2 和 RADIUS 連接埠 1812 年和 1645 年驗證要求,變更連接埠設定從1812,1645192.168.1.2:1812,1645For example, if you want to use the IP address 192.168.1.2 and RADIUS ports 1812 and 1645 for authentication requests, change the port setting from 1812,1645 to 192.168.1.2:1812,1645. 如果您的驗證 RADIUS 和 RADIUS 計量 UDP 連接埠不同的預設值,請變更的連接埠設定移動。If your RADIUS authentication and RADIUS accounting UDP ports are different from the default values, change the port settings accordingly.

  4. 驗證或計量要求使用多個連接埠設定,來以逗號分隔連接埠號碼。To use multiple port settings for authentication or accounting requests, separate the port numbers with commas.

如需 NPS UDP 連接埠,請查看設定 NPS UDP 連接埠資訊For more information about NPS UDP ports, see Configure NPS UDP Port Information

如需 NPS 的詳細資訊,請查看的網路原則伺服器For more information about NPS, see Network Policy Server