I'm evaluting Microsoft Radius Server authentication for Cisco ISR Routers and did not find a solution for the customer need:
separate device access from vpn authentication. i.e. match against different IAS policies.
The ISR routers authenticate vpn users (traditional isakmp/ipsec), webvpn (anyconnect/webportal) users and tty/console access against IAS.
Can I change the requests to be unique if a user tries to connect to tty/console?
The NAS type is always "Virtual(VPN)" so there seems no difference.