I am attempting to split out different teams in our company radius authentication for several cisco and linux devices using NPS on server 2016.
I have added all IP ranges and single IPs to the Radius clients and can access them all with a ad user group membership fine. Now that I want to create a couple more AD groups and have each group only have access to a sub set of the devices, I am struggling with the regex required in the "client ipv4 address" field to include all devices per group.
The below works for 99% of devices the first group needs access to. 192.168.1|2|10|11|12|20|21|22..+ I then want to grant it access to a single device at 10.0.0.99 (but no other devices in that range) and a few other single IPs eg 172.0.0.45, 172.0.0.46, 10.10.10.50, 10.10.10.52
The 192.168.x.x range works fine, but adding the additional IPs using a separator stops the entire string working, such as , or | or ^ before and $ after each set.
Try using capturing groups.
(192\.168\.(1|2|10|11|12|20|21|22)\..+)|(10\.0\.0\.99)|(172\.0\.0\.45)|(172\.0\.0\.46)|(10\.10\.10\.50)|(10\.10\.10\.52)
Your regex also has a few vulnerabilities in it, since you're not escaping the .'s.
In order to maximise your security, remember to backslash the .'s, unless they are being used as "wildcards" (which match anything.
It also needs to have ( brackets ) around any | pipes, or they'll be interpreted in a way that you probably don't want.
See the Microsoft regex page for more info.