You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A.
Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B.
Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C.
Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D.
Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
Explanation:
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that
support virtual local area networks (VLANs), you can configure Network Policy Server (NPS)
network policy to instruct the access servers to place members of Active Directory® groups
on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active
Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when
you run the New Network Policy wizard, add the Active Directory group as a condition of the
network policy.
You can create a separate network policy for each group that you want to assign to a VLAN.
For more information, see Create a Group for a Network Policy. When you configure network
policy for use with VLANs, you must configure the RADIUS standard attributes TunnelMedium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require
the use of the RADIUS standard attribute Tunnel-Tag.
To configure these attributes in a network policy, use the New Network Policy wizard to
create a network policy. You can add the attributes to the network policy settings while
running the wizard or after you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while
running the New Network Policy wizard. For example, if the network policy you are
configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus
Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group
members will be assigned. For example, if you want to create a Sales VLAN for your sales
team by assigning team members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device
requires this attribute, obtain this value from your hardware documentation.
http://technet.microsoft.com/en-us/library/cc754422(v=ws.10).aspx
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
provided answer matches microsoft’s description in JohnyBoy’s Technet link…
BUT: I just took a look and did not find “Tunnel-Tag” in the standard RADIUS attributes offered by 2012 R2 in the NPS?! Is there anything further to configure to let this attribute show up in the list??
ok…it’s “Vendor specific”, then Custom, stated as “Radius Standard”, wtf…