Configuring RADIUS Server Clients

  1. Select the Client tab, and ensure the Activate RADIUS Server Policy button remains selected.

    The access point uses a RADIUS client as a mechanism to communicate with a central server to authenticate users and authorize access.

    The client and server share a secret (a password). That shared secret followed by the request authenticator is put through a MD5 hash to create a 16 octet value used with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, the username and password are considered correct, and the user is authenticated. If the client receives a verified access reject message, the username and password are considered incorrect, and the user is not authenticated.

    Click to expand in new window
    RADIUS Server Policy Screen - Add/Edit - Client Tab
  2. Select the + Add Row button to add a table entry for a new client's IP address, mask and shared secret.

    To delete a client entry, select the Delete icon on the right-hand side of the table entry.

  3. Specify the IP Address and mask of the RADIUS client authenticating with the RADIUS server.
  4. Specify a Shared Secret for authenticating the RADIUS client.

    Shared secrets verify RADIUS messages with a RADIUS-enabled device configured with the same shared secret. Select the Show checkbox to expose the shared secret‘s actual character string. Otherwise, the shared secret is displayed as a string of asterisks (*).

  5. Click OK to save the server policy's client configuration.

    Click Reset to revert to the last saved configuration.