The RADIUS server allows the configuration of user groups with common user policies. User group names and associated users are stored in a local database. The user ID in the received access request is mapped to the specified group for authentication. RADIUS groups allows the enforcement of the following policies managing user access.
To access the RADIUS Groups menu:
| RADIUS Group Policy | Displays the group name or identifier assigned to each listed group when it was created. The name cannot exceed 32 characters or be modified as part of the group edit process. |
| Guest User Group | Specifies whether a user group only has guest access and temporary permissions to the local RADIUS server. The terms of the guest access can be set uniquely for each group. A red “X” designates the group as having permanent access to the local RADIUS server. Guest user groups cannot be made management groups with unique access and role permissions. |
| Management Group | A green checkmark designates this RADIUS user group as a management group. Management groups can be assigned unique access and role permissions. |
| Role | If a group is listed as a
management group, it may also have a unique role assigned.
Available roles include:
|
| VLAN | Displays the group‘s VLAN ID. The VLAN ID is representative of the shared SSID each group member (user) employs to interoperate within the network (once authenticated by the local RADIUS server). |
| Time Start | Specifies the time users within each listed group can access local RADIUS resources. |
| Time Stop | Specifies the time users within each listed group lose access to local RADIUS resources. |
| RADIUS Group Policy | If you are creating a new RADIUS group, assign it a name to help differentiate it from others with similar configurations. The name cannot exceed 32 characters or be modified as part of a RADIUS group edit process. |
| Guest User Group | Select this option to assign only guest access and temporary permissions to the local RADIUS server. Guest user groups cannot be made management groups with unique access and role permissions. |
| VLAN | Select this option to assign a specific VLAN to this RADIUS user group. Ensure Dynamic VLAN assignment (single VLAN) is enabled for the WLAN in order for the VLAN assignment to work properly. |
| WLAN SSID | Assign a list of SSIDs users within this RADIUS group are allowed to associate with. An SSID cannot exceed 32 characters. Assign WLAN SSIDs representative of the configurations a guest user will need to access. The parameter is not available if this RADIUS group is a management group. |
| Rate Limit from Air | Select the checkbox to set the rate limit for clients within the RADIUS group. Use the spinner to set value from 100-1,000,000 kbps. Setting a value of 0 disables rate limiting. |
| Rate Limit To Air | Select the checkbox to set the rate limit from clients within the RADIUS group. Use the spinner to set value from 100-1,000,000 kbps. Setting a value of 0 disables rate limiting. |
| Management Group | Select this option to designate this RADIUS group as a management group. If set as management group, assign member roles (System-Admin, Help Desk etc.) using the Role drop-down menu. This feature is disabled by default. |
| Access | If a group is listed as a management group, assign how the
devices can be accessed. Available access types are:
The conditions defined within the policy are applied to authentication requests on these interfaces only. |
| Role | If a group is listed as a management group, it may also have
a unique role assigned. Available roles include:
|
| Inactivity Timeout | ESelect the option to enable inactivity timeout. Use the drop-down menu to specify an interval in Seconds (60 - 86,400). When, for this duration no frame is received, the session is timed out. |
| Session Time | Select the option to enable session timeout. Use the drop-down menu to set a client session time in Minutes (5 - 144,000). This is the session time a client is granted upon successful authentication. When this time expires, the RADIUS session is terminated. |
Select Restrict Access By Time to enable time-based access.
| Time Start | Use the spinner control to set the time (in HH:MM format) RADIUS group members are allowed access the RADIUS server resources. Select either the AM or PM radio button to set the time as morning or evening. |
| Time Stop | Use the spinner control to set the time (in HH:MM format) RADIUS group members are denied access to RADIUS server resources. Select either the AM or PM radio button to set the time as morning or evening. If already logged in, the RADIUS group user is deauthenticated from the WLAN. |
| Days | Optionally select the Restrict Access by Day Of Week option, and select the days on which RADIUS group members can access RADIUS resources. This is an additional means of refining the access permissions of RADIUS group members. |