In “Server Manager” select “Tools” and then “Network Policy Server.”
Create a new Network Policy for RADIUS
1.) Expand “Policies” on the left. Right click “Network Policies” and select “New” to add a network policy for Peplink RADIUS authentication.
2.) Name the new policy. Set the “Type of Network Access Server” as “Unspecified” and click “Next” to continue.
3.) Click the “Add” button to specify the conditions for the new RADIUS policy.
4.) Select the RADIUS connection condition. We recommend “Client IPv4 Address” and click “Add.” This will use the Peplink device IP address. Enter your Peplink device IPv4 address and click “OK.”
5.) The specified condition should now be listed. Click “Next” to proceed.
6.) Specify access permission of the Peplink device. For this guide we have utilized the “Access granted” permission option. Click “Next” after making your selection.
7.) Continue to click “Next” until reaching the page depicted below while making desired selections as needed. On this page select the options that are depicted and click “Next” to continue.
8.) Click next to continue on the following page.
9.) Select the permitted encryption for authentication purposes and click “Next.”
10.) Peplink devices support full access and read-only web admin users. By default RADIUS authenticated web admin users will have full access. To configure a specific access type for this policy click “Vendor Specific” under “Radius Attributes” and then click “Add” to create the attribute.
11.) Select “Custom” as the “Vendor” and “Vendor-Specific” for the “Attributes” then click “Add.”
12.) Click “Add” to enter the attribute. Select the “Enter Vendor Code” option and enter 23695 then click on “Configure Attribute.”
13.) In the “Vendor-assigned attribute number:” field enter 1 and select “Decimal” for “Attribute Format.” The attribute value determines if the user will be full access or read-only. Attribute number of 1 will make the user become read-only user while attribute number of 2 will make the user to become an admin. Click “OK” when complete.
14.) Click “OK” and then “Next” to continue.
15.) Verify the policy settings and click “Finish” if you are satisfied with the settings.
16.) The new policy is now added to the “Network Policies.” Prioritize the existing policies, ranking the newly added policy high enough to ensure it functions.
The Peplink device is now configured in Windows Server 2012.
Add the Peplink device as a RADIUS Client.
1.) Right click “RADIUS Clients” and select “New” to add a new RADIUS client.
2.) Enter a “Friendly name,” “Address” (the Peplink device IP address) and “Shared Secret” (as entered in the Peplink device “Web Admin” interface) and click “OK” to add the new RADIUS client.
3.) The “Advanced” tab should resemble this.
Configuring the Peplink device in the “Web Admin” interface.
1.) Access the Web Admin and select the “System” tab on top and the “Admin Security” page on the left. Select the “Enable” box for “Authentication by RADIUS.”
3.) Select “MS-CHAP v2” for the “Auth Protocol.” and the appropriate values in the fields depicted for the RADIUS and accounting servers.