Difference between revisions of "RADIUS Server"

From Edge Threat Management Wiki - Arista
Jump to: navigation, search
m (Radius Server)
(Radius Server)
Line 3: Line 3:
 
= Radius Server =
 
= Radius Server =
  
''Radius Server'' can be enabled to allow 802.1x wireless access points to perform RADIUS authentication of wireless users defined in list of ''Local Directory'' users.
+
The ''Radius Server'' enables 802.1x wireless access points to enforce authentication via WPA/WPA2 Enterprise against Untangle NG Firewall users. WPA2 Enterprise wireless networking provides an optimal level of network authorization by requiring each wireless device to authenticate with unique credentials of an authorized user rather than a shared password. Users can be authenticated against local [[Users]] or Active Directory via the [[RADIUS Proxy]].
  
To use RADIUS authentication, you will need to consult the documentation for your wireless access point to determine how to enable Network Authentication using RADIUS.
+
To configure WPA/WPA2 Enterprise authentication, you need to consult the documentation for your wireless access point.
 +
The following parameters may be necessary to configure WPA/WPA2 Enterprise for your access point.
  
When enabling that feature, somewhere in the settings you will have to input the authentication server details.
+
* RADIUS Server IP address - the IP address of your Untangle server on the same LAN segment as your wireless access point.
 
+
* RADIUS port number - the Untangle RADIUS server listens on port 1812
* The RADIUS Server IP address will be the IP address of your Untangle server on the same LAN segment as your wireless access point.
+
* RADIUS accounting port - the Untangle RADIUS server listens on port 1813 for accounting information. This parameter is optional and may not be supported or configurable on some access points.
* The RADIUS port number is 1812.
+
* Shared Secret - the password used to authenticate the access point to the Untangle RADIUS server.
* The Shared Secret will be the value you configure on the ''RADIUS Server'' configuration tab.
 
  
 +
To enable support for WPA/WPA2 Enterprise authentication, select '''Enable external access point authentication''' and assign a strong '''RADIUS password'''.
 +
When clients connect to the wireless network, they must install the root certificate of your server. See [[Certificates]]. Most devices supporting WPA/WPA2 Enterprise authentication prompt the user to install the certificate when joining the network for the first time.
  
 
{{BiScreenshot|config|radius-server}}
 
{{BiScreenshot|config|radius-server}}

Revision as of 01:41, 19 December 2020

Radius Server

The Radius Server enables 802.1x wireless access points to enforce authentication via WPA/WPA2 Enterprise against Untangle NG Firewall users. WPA2 Enterprise wireless networking provides an optimal level of network authorization by requiring each wireless device to authenticate with unique credentials of an authorized user rather than a shared password. Users can be authenticated against local Users or Active Directory via the RADIUS Proxy.

To configure WPA/WPA2 Enterprise authentication, you need to consult the documentation for your wireless access point. The following parameters may be necessary to configure WPA/WPA2 Enterprise for your access point.

  • RADIUS Server IP address - the IP address of your Untangle server on the same LAN segment as your wireless access point.
  • RADIUS port number - the Untangle RADIUS server listens on port 1812
  • RADIUS accounting port - the Untangle RADIUS server listens on port 1813 for accounting information. This parameter is optional and may not be supported or configurable on some access points.
  • Shared Secret - the password used to authenticate the access point to the Untangle RADIUS server.

To enable support for WPA/WPA2 Enterprise authentication, select Enable external access point authentication and assign a strong RADIUS password. When clients connect to the wireless network, they must install the root certificate of your server. See Certificates. Most devices supporting WPA/WPA2 Enterprise authentication prompt the user to install the certificate when joining the network for the first time.