RADIUS

You can create, edit and delete RADIUS servers on the RADIUS tab.

Enterprise networks often use Remote Authentication Dial-In User Service (RADIUS) servers for Authentication, Authorization and Accounting (AAA) in the network. You can define the IP Address of the RADIUS server, the port numbers for Authentication and Accounting, and the Shared Secret between the APs at this location and the RADIUS server.

You can define multiple RADIUS profiles at a location. You can then directly invoke these RADIUS profiles in different SSID contexts by just selecting one of them. For example, if you use 802.1X Authentication in the SSID Security settings or in the SSID Captive Portal settings, you can select from among the RADIUS profiles defined here on the RADIUS tab. To take some use cases, an "Employee" SSID and a "Guest" SSID could both use the same RADIUS profile but in different contexts — employees might use WPA2-PSK with 802.1X, while guests might use a captive portal. Or, SSIDs at child "Branch" locations of an enterprise, for example, could all use the same "HQ RADIUS" profile defined at the parent HQ location.

The chapter contains the following topics:

Configure RADIUS Profile

RADIUS server configuration is location hierarchy specific. RADIUS server configuration defined at a specific location is visible at all its child locations. Whereas, vice versa is not true. RADIUS server listing is available in the card view layout. You can edit, copy and delete an existing RADIUS server from the card view layout.

To configure a RADIUS Server, follow these steps:
  1. Navigate to CONFIGURE > Network Profiles > RADIUS.
  2. Click theAdd RADIUS Server button.
  3. Specify a name for the new RADIUS server in RADIUS Server Name field.
  4. Specify the server IP or hostname in IP Address/Hostname field. The maximum limit for the hostname is 200 characters.
    Note: RADIUS server configured with hostname cannot be used with captive portal.
  5. Specify RadSec as ON to enable the RadSec protocol.
  6. Specify the port number of authenticating RADIUS server in Authentication Port field. The RADIUS server listens for authentication requests at this port number. The value can be between 1 to 65535. The default value is 1812.
  7. Specify the port number of accounting RADIUS server in Accounting Port field.The value can be between 1 to 65535. The default value is 1813.
  8. Specify a Shared Secret key. The primary RADIUS server and the AP identify themselves using the shared secret key.
  9. Save the settings.

Edit a RADIUS Profile

Any existing RADIUS profile can be edited at the location it was created. Changes made in profile created on the parent location reflect in the inherited profile on the child location.

To know more about parameters required in editing RADIUS Settings refer RADIUS Settings Parameters
To edit the RADIUS profile:
  1. Click on the options tab (three vertical dots), of the RADIUS profile that is to be edited.
  2. Select Edit.

    Choose from:

    1. If you are on the location where profile was created, then directly go to step 3.
    2. If you are on the child location and the profile is a inherited profile, then choose the appropriate option.

       
      Option Description
      If you select GO to Parent Folder and Edit. Then perform the Step 2 again and then perform step 3.
      If you select Duplicate & Continue. Then a ready to edit duplicate profile gets created on the child location.
  3. Make the necessary changes and click on Save.

Create a Copy of RADIUS Server

Any existing RADIUS server can be copied to same or different locations. The process, creates an exact copy. The copied profile contains name and configured properties as that of the original profile. The copy of a server created on parent location exists on child location as well. Where as vise versa is not true.

To make a copy of the existing RADIUS server:
  1. Click on the options tab (three vertical dots), of the RADIUS server that is to be duplicated.
  2. Select Create a Copy.
  3. Select option dependent on location where you would like to copy the RADIUS Server.
  4. Click on Copy.

Delete a RADIUS Profile

An existing RADIUS profile and a duplicate RADIUS profile can be deleted using the delete option. The profile once deleted is removed permanently from its specific location and its child location as well. Inherited profiles can not be deleted from the child location. Profiles can be deleted only on the location, where they were created.

Note: You cannot delete a RADIUS profile that is currently in use on an SSID. You need to disable/remove the RADIUS profile from the SSID configuration before you delete it.
To delete the RADIUS profile:
  1. Click on the options tab (three vertical dots), of the RADIUS profile that is to be deleted.
  2. Select Delete.
  3. Perform the below location dependent actions:
    Choose from:
    • If you are on the location where you had created the RADIUS profile, then select Delete.
    • If you are on the child location and profile to be deleted is an inherited profile then click on Go to Parent Folder & Delete.
    This action will divert you to its parent location, with an appropriate message. Once you are diverted to the parent location, perform all the above steps again.

RADIUS Setting Parameters

The below table provides information related to RADIUS Settings parameters.
 
Field Description
RADIUS Name Name for the RADIUS profile.
IP Address/Hostname IP / Hostname address of accounting RADIUS server.
Authentication Port The port number at which RADIUS server listens for authentication requests. The value can be between 1 to 65535. The default value is 1812.
Accounting Port The port number on which to contact the RADIUS accounting server. The value can be between 1 to 65535. The default value is 1813.
Shared Secret The secret shared between the primary RADIUS server and the AP.