Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

What is NAS-ID?

Key Points
  • NAS-ID helps identify the device sending authentication requests, enabling policy control in RADIUS.
  • It is used for VLAN sorting, role-based access, and other policy enforcement measures in networks.
  • SecureW2’s Cloud RADIUS with NAS-ID allows dynamic, runtime-level policy decisions for enhanced security and network control.

The Network Access Server (NAS) is the frontline of authentication – it’s the first server that fields network authentication requests before they pass through to the RADIUS.

The NAS Identifier (NAS-ID) is a feature that allows the RADIUS server to confirm information about the sender of the authentication request. It’s typically used to set up role-based access, automatic VLAN sorting, or some other form of policy enforcement

How Does NAS-ID Work?

A NAS-ID is generated by a controller or access point (AP) and used to set the NAS-Identifier attribute of RADIUS packets, indicating to the RADIUS server which AP sent the request. The RADIUS server must be preconfigured to receive and verify the identity of the access point, though not all RADIUS servers have the capability.

Note that WLAN profiles and VLAN interfaces can also be configured to generate a NAS-ID for use with RADIUS.

Once the RADIUS is connected to the client via NAS-ID, it can make policy decisions based on optional, customizable NAS-ID attributes assigned to a given group or segment.

How to Configure Custom Policies with NAS-ID

The following is a brief walkthrough of the steps needed to create user segmentation policies in the SecureW2 Management Portal with custom attributes. It assumes that you’ve already bound the controller or AP to the RADIUS via the NAS.

  • Select the Network Policies tab from the sidebar of the management portal.
  • Click “Create new policy Fill out the name and description, it’s for internal use only.
  • Choose which conditions activate the network policy.
    • Role conditions can be as basic as traditional user or device roles, or you can use our advanced dynamic roles for fine-grain policy decisions.
  • Copy the NAS-ID from the AP to the appropriate field.
  • NAS-ID attributes can be configured with predetermined values in the Settings

nas id config That’s all there is to it. It’s easy to create and track all of your network policies in one place.

Dynamic Cloud RADIUS Policy Enforcement with NAS-ID

SecureW2’s Cloud RADIUS makes great use of NAS-ID to offer unprecedented control over your network authentication. By combining it with our proprietary Dynamic Policy Engine and EAP-TLS certificate-based authentication, our Cloud RADIUS can make runtime-level policy decisions based on attributes stored in the user directory.

This process hugely enhances the security of the network by adding redundant authorization checks (both CRL and IdP) without impacting user experience or even authentication speed. Attributes can be stored in an easily-editable and dynamic user directory rather than on static digital certificates that need to be revoked and reissued to reflect role or permission changes.

The best part is that all of this is easily manageable from our robust single pane management interface. All our products are vendor neutral and can integrate with your existing network infrastructure to deploy more cheaply and quickly.

We have affordable options for organizations of all sizes. Click here to see our prices.

 

Learn about this author

Patrick Grubbs

Patrick is an experienced SEO specialist at SecureW2 who also enjoys running, hiking, and reading. With a degree in Biology from College of William & Mary, he got his start in digital content by writing about his ever-expanding collection of succulents and cacti.

What is NAS-ID?