Configure RADIUS Clients

About this task

A RADIUS client is a mechanism to communicate with a central server to authenticate users and authorize access to the controller, service platform or access point managed network.

The client and server share a secret (a password). That shared password followed by the request authenticator is put through a MD5 hash algorithm to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, and if the username and password are correct, then the user is authenticated. If the client receives a verified access reject message, the user is not authenticated.

To define a RADIUS client configuration:


  1. Go to Policies > RADIUS Server.
  2. Select a RADIUS Server from the list and navigate to the Client dashboard.
  3. Select Add to create a new client IP address, mask, and a shared secret.
    The RADIUS Clients dashboard opens.
  4. Configure RADIUS clients settings:
    Setting Description
    IP Address/Mask Specify the IP Address and mask of the RADIUS client authenticating with the RADIUS server
    Shared Secret Specify a Shared Secret for authenticating the RADIUS client

    Shared secrets verify RADIUS messages with a RADIUS enabled-device configured with the same shared secret

  5. Select Add to create include the RADIUS clients settings.
  6. Select Save to update the RADIUS clients configuration.