This post lists a simple example of using regex to match the Radius client IPs in Windows Network Policy Server (NPS)
Scenario
Multiple NPS Radius clients
You only want NPS to execute that particular network policy for specific subnets/IP addresses.
Regex in “Client IPv4 Address” Condition
First, you need to create a new network policy or edit an existing one in the Network Policy Server (NPS) console. To do this, open the NPS console, navigate to Policies > Network Policies, and select the policy you want to modify or create a new one.
Next, in the policy conditions section, add the “Client IPv4 Address” condition. Once you have added this condition, you can click on the “Edit” button to open the “Client IPv4 Address Properties” dialog box.
In this dialog box, you can select the “Regular Expression” option from the “IP address match” drop-down menu. This will allow you to enter a regular expression that will be used to match against the client’s IPv4 address.
For example, if you want to match all IPv4 addresses in the 192.168.1.x subnet, you can enter the regular expression “192.168.1.\d{1,3}” in the “IPv4 Address Regular Expression” field. This expression matches any IP address that starts with “192.168.1.” and has one to three digits in the last octet.
Once you have entered the regular expression, click “OK” to save your changes and apply the policy. The policy will now match any clients whose IPv4 address matches the regular expression you have entered.
It’s important to note that regular expressions can be powerful tools, but they can also be complex and difficult to write correctly. Be sure to test your regular expressions thoroughly before deploying them in a production environment.
Example 1 – Certain Subnets
^10\.4\.4|8|9\.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$The above example will only accept NPS requests from the below subnets
10.4.4.0/24
10.4.8.0/24
10.4.9.0/24
Example 2 – Single Subnet
^10\.0\.8\.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$or a simple one
10.0.8.\d{1,3}the above example will only accept NPS request from one subnet
10.0.8.0/24