Server 2008 NPS RADIUS

[blin]

We have an enterprise network of around 700 Cisco switches and 15 routers. I want to deploy a new Windows Server 2008 NPS as a RADIUS. Is there any way that I can auto-enroll switches and routers instead of adding all 700 switches and 15 routers one by one. The configurations I already have on my switches and routers are,

aaa new-model
aaa authentication login default group radius local-case
aaa authorization exec default group radius local
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server key xxxxxxx

Thanks in advance.

Really appreciate your help in this regards

[blin]

The only network devices permitted to perform RADIUS authentication attempts to the RADIUS server are the clients set up in NPS. So you need to set up your clients in NPS.

I'm not too familiar with cisco's switch range, however if your deploying a wireless solution, you can centeralize your radius auth attempts through a wireless lan controller such as the 5500 series. Then you only need to set up the wireless lan controller in NPS as a client and point your wireless AP's to the lan controller. I'm not sure if theres something in the Cisco switch range that does something like this; but this is Cisco product specific and nothing to do with Microsoft or the 802.1x protocol. Therefor I suggest talking to the Cisco guru's over in the Cisco forums.

[blin]

I'm just now playing with NPS. In 2k3 IAS you could use wildcards and other expressions - that way you could put one entry in for your devices - say your routers all end in .1. Instead of creating a new client for each router, you could have one single entry to cover them all - eg: 192.168.[2-29].1, or 192.168.*.1

It looks like the expressions may have changed for NPS, but you may want to check into that - http://technet.microsoft.com/en-us/libr ... 5272(WS.10).aspx