RADIUS Server Policies

About this task

A RADIUS server policy is a unique authentication and authorization configuration for client connection requests, authenticating users and returning the configuration information necessary to deliver service to the requesting client and user. The client is the entity with authentication information requiring validation. The controller, service platform or Access Point's local RADIUS server has a database of authentication information used to validate the client's authentication request.

The RADIUS server ensures the information is correct using an authentication scheme like PAP, CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information. A RADIUS server policy can also use an external LDAP resource to verify user credentials.

Procedure

  1. Select RADIUS → Server Policy.
    The Server Policy Browser displays. This screen lists existing server policies by group or randomly. A policy can be selected and modified from the browser.
    Click to expand in new window
    RADIUS Server Policy Screen
  2. Refer to the RADIUS Server screen to review high-level server policy configuration data:
    RADIUS Server Policy Lists the administrator assigned policy name defined upon creation of the server policy.
    RADIUS User Pools Lists the user pools assigned to this server policy. These are the client users who an administrator has assigned to each listed group and who must adhere to its network access requirements before granted access to controller or service platform resources.
    Default Source Displays the RADIUS resource designated for user authentication requests. Options include Local (resident controller or service platform RADIUS server resources) or LDAP (designated remote LDAP resource).
    Default Fallback States whether a fallback is enabled providing a revert back to local RADIUS resources if the designated external LDAP resource were to fail or become unavailable. A green checkmark indicates Default Fallback is enabled. A red “X” indicates it‘s disabled. Default Fallback is disabled by default.
    Authentication Type Lists the local EAP authentication scheme used with this policy. The following EAP authentication types are supported by the local RADIUS and remote LDAP servers:
    • All – Enables both TTLS and PEAP
    • TLS - Uses TLS as the EAP type
    • TTLS and MD5 - The EAP type is TTLS with default authentication using MD5
    • TTLS and PAP - The EAP type is TTLS with default authentication using PAP
    • TTLS and MSCHAPv2 - The EAP type is TTLS with default authentication using MSCHAPv2
    • PEAP and GTC - The EAP type is PEAP with default authentication using GTC
    • PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication using MSCHAPv2
    CRL Validation Specifies whether a Certificate Revocation List (CRL) check is made. A green checkmark indicates CRL validation is enabled. A red “X” indicates it‘s disabled.
  3. Select a server policy from the Server Policy Browser to edit or delete.
  4. Click Copy to copy the settings of a selected (existing) RADIUS server configuration to a new or existing policy.
    When selected, a small dialogue displays prompting the administrator to enter the name of policy to copy the existing policy settings to. Enter the name of the RADIUS server policy receiving the existing server policy settings within the Copy To field and click Copy to initiate the configuration copy operation. This feature streamlines the creation of RADIUS server policies using the attributes of existing server policies.
  5. An existing RADIUS server policy can be renamed at any time by selecting it from among the listed policies and clicking Rename.
    This allows an administrator to simply rename a server policy without having to create (or edit) a new policy with all the same settings.