Create RADIUS Group

About this task

The RADIUS server allows the configuration of user groups with common user policies. User group names and associated users are stored in a local database. The user ID in the received access request is mapped to the specified group for authentication. RADIUS groups allows to create and apply the following policies managing user access.

Assign a VLAN to the user upon successful authentication
Define a start and end of time in (HH:MM) when the user is allowed to authenticate
Define the list of SSIDs to which a user belonging to this group is allowed to associate
Define the days of the week the user is allowed to login
Rate limit traffic

Note

A RADIUS group can only be assigned either a guest group or a management group.

Procedure

Go to Policies > RADIUS Group.

Select a group from RADIUS dashboard to view the following read-only information for existing groups:


Setting	Description
RADIUS Group Policy	Displays the group name or identifier assigned to each listed group when it was created. The name cannot exceed 32 characters or be modified as part of the group edit process
Guest Group	Specifies whether a user group only has guest access and temporary permissions to the local RADIUS server. The conditions of the guest access can be set uniquely for each group. A red “X” designates the group as having no access to the local RADIUS server and a green checkmark designates permanent access to the local RADIUS server. Guest user groups cannot be made management groups with unique access and role permissions
Management Group	A red “X” designates the management group having no access. A green checkmark designates this RADIUS user group as a management group. Management groups can be assigned unique access and role permissions
Role	If a group is listed as a management group, it may also have a unique role assigned. Available roles include: monitor - Read-only access helpdesk - Helpdesk/support access network-admin - Wired and wireless access security-admin - Full read or write access system-admin - System administrator access
VLAN	Displays the group‘s VLAN ID. The VLAN ID is representative of the shared SSID each group member (user) employs to interoperate within the network (once authenticated by the local RADIUS server)
Start Time	Specifies the time users within each listed group can access local RADIUS resources
Stop Time	Specifies the time users within each listed group lose access to local RADIUS resources
Action	Use the action option to edit or delete a RADIUS group policy

Select Add.
The RADIUS Group policy dashboard opens.
Assign a policy name and select Add.
The general settings dashboard opens.

Define the following settings to define the user group configuration general settings:


Setting	Description
RADIUS Group Policy	If you are creating a new RADIUS group, assign it a name to help differentiate it from others with similar configurations. The name cannot exceed 32 characters or be modified as part of a RADIUS group edit process
Guest User Group	Select this option to assign only guest access and temporary permissions to the local RADIUS server. Guest user groups cannot be made management groups with unique access and role permissions
VLAN	Select this option to assign a specific VLAN to this RADIUS user group. Ensure Dynamic VLAN assignment (single VLAN) is enabled for the WLAN in order for the VLAN assignment to work properly
WLAN SSID	Assign a list of SSIDs users within this RADIUS group are allowed to associate with. An SSID cannot exceed 32 characters. Assign WLAN SSIDs representative of the configurations a guest user will need to access. The parameter is not available if this RADIUS group is a management group
Rate Limit from Air	Select the checkbox to set the rate limit for clients within the RADIUS group. Use the spinner to set value from 100-1,000,000 kbps. Setting a value of 0 stops rate limiting
Rate Limit to Air	Select the checkbox to set the rate limit from clients within the RADIUS group. Use the spinner to set value from 100-1,000,000 kbps. Setting a value of 0 disables rate limiting
Session Time	Select the option to activate session timeout. Use the drop-down box to set a client session time in minutes (5 - 144,000). This is the session time a client is granted upon successful authentication. When this time expires, the RADIUS session is stopped
Inactivity Timeout	Select the option to activate inactivity timeout. Use the drop-down box to specify an interval in seconds (60 - 86,400). If no frame is received for this duration, the session is timed out
Management Group	Select this option to designate a RADIUS group as a management group. If set as management group, assign member roles using the role drop-down list box. This feature is not selected by default
Access	If a group is listed as a management group, assign how the devices can be accessed. Available access types are: Web - Web access through browser is permitted SSH - SSH access through command line is permitted Telnet - Telnet access through command line is permitted Console - Console access to the device is permitted
Role	Select a role if a group is listed as a management group. Available roles include: monitor - Read-only access helpdesk - Helpdesk and support access network-admin - Wired and wireless access security-admin - Full read and write access system-admin - System administrator access super user - web user admin - device provisioning admin - REST API user -

Set the schedule to configure access times and days.


Setting	Description
Restrict Access by Day	Select the days on which RADIUS group members can access RADIUS resources. This is an additional means of refining the access permissions of RADIUS group members
Restrict Access by Time	Start Time - Use the spinner control to set the time (in HH:MM format) RADIUS group members are allowed access the RADIUS server resources Stop Time - Use the spinner control to set the time (in HH:MM format) RADIUS group members are denied access to RADIUS server resources

Select Save to update set configurations.