Configuring RADIUS Clients

A RADIUS client is a mechanism to communicate with a central server to authenticate users and authorize access to the controller, service platform or access point managed network.

The client and server share a secret (a password). That shared secret followed by the request authenticator is put through a MD5 hash algorithm to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, the username and password are considered correct, and the user is authenticated. If the client receives a verified access reject message, the username and password are considered to be incorrect, and the user is not authenticated.

To define a RADIUS client configuration:

  1. Select the Client tab from the RADIUS Server Policy screen.
    Click to expand in new window
    RADIUS Server Policy Screen - Add/Edit - Client Tab
  2. Select the + Add Row button to add a table entry for a new client's IP address, mask and shared secret. To delete a client entry, select the Delete icon on the right-hand side of the table entry.
  3. Specify the IP Address and mask of the RADIUS client authenticating with the RADIUS server.
  4. Specify a Shared Secret for authenticating the RADIUS client.

    Shared secrets verify RADIUS messages with a RADIUS enabled-device configured with the same shared secret. Select the Show checkbox to expose the shared secret‘s actual character string. Otherwise, the shared secret is displayed as a string of asterisks (*).

  5. Click OK to save the server policy's client configuration. Click Reset to revert to the last saved configuration.
9036512-01 Rev AB