Microsoft 70-411 Exam – Q28

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named Policy1. You need to configure Policy1 to ensure that users are added to a VLAN.

Which attributes should you add to Policy1?

A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID

Correct Answer: C

Explanation:

To configure a network policy for VLANs
1. On the NPS server, click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.

2. Double-click Policies, click Network Policies, and then in the details pane double-click the policy that you want to configure.

3. In the policy Properties dialog box, click the Settings tab.

4. In policy Properties, in Settings, in RADIUS Attributes, ensure that Standard is selected.

5. In the details pane, in Attributes, the Service-Type attribute is configured with a default value of Framed. By default, for policies with access methods of VPN and dial-up, the Framed-Protocol attribute is configured with a value of PPP. To specify additional connection attributes required for VLANs, click Add. The Add Standard RADIUS Attribute dialog box opens.

6. In Add Standard RADIUS Attribute, in Attributes, scroll down to and add the following attributes:
a. Tunnel-Medium-Type. Select a value appropriate to the previous selections you have made for the policy. For example, if the network policy you are configuring is a wireless policy, select Value: 802 (Includes all 802 media plus Ethernet canonical format).
b. Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned.
c. Tunnel-Type. Select Virtual LANs (VLAN).
7. In Add Standard RADIUS Attribute, click Close.

8. If your network access server (NAS) requires use of the Tunnel-Tag attribute, use the following steps to add the Tunnel-Tag attribute to the network policy. If your NAS documentation does not mention this attribute, do not add it to the policy. Add the attributes as follows:
a. In policy Properties, in Settings, in RADIUS Attributes, click Vendor Specific.
b. In the details pane, click Add. The Add Vendor Specific Attribute dialog box opens.
c. In Attributes, scroll down to and select Tunnel-Tag, and then click Add. The Attribute Information dialog box opens.
d. In Attribute value, type the value that you obtained from your hardware documentation.