This window lets you add a RADIUS server to Policy Manager for the purpose of authentication. Access this window by clicking Add in the RADIUS Authentication Server(s) window in the Device Configuration Wizard
Click the graphic for more information.
- IP Address
- Enter the IP or IPv6 address of the RADIUS authentication server. Not all devices support IPv6 address types.
- Client UDP Port
- Enter the UDP port number (1-65535) the device (RADIUS client) uses to send authentication requests to the RADIUS authentication server; 1812 is the default port number.
- Max Sessions (Sticky Round-Robin)
- Specifies the maximum number of sticky round-robin authentication sessions allowed on the server when the sticky round-robin RADIUS authentication algorithm is configured for a device. In sticky round-robin, if a MAC address needs to re-authenticate, the request is sent to the same RADIUS server as the initial authentication request, unless the current number of authentication sessions for the server has reached the specified Max Sessions value. When this value is reached, re-authentication requests will instead default to the standard round-robin behavior to determine which RADIUS server to send the request to. Devices that do not support this functionality will have the option grayed out.
- Number of Retries
- The number of times the device will resend an authentication request if the RADIUS authentication server does not respond. For ExtremeWireless Wireless devices, this value is configured here for each server. For all other devices, this value is global to all RADIUS servers, and is specified per device (Client Default) in the RADIUS Authentication Client Settings section of the RADIUS tab.
- Timeout Duration
- The amount of time in seconds the device will wait for the RADIUS authentication server to respond to an authentication request. For ExtremeWireless Wireless devices, this value is configured here for each server. For all other devices, this value is global to all RADIUS servers, and is specified per device (Client Default) in the RADIUS Authentication Client Settings section of the RADIUS tab.
- Server Shared Secret
- A string of characters used to encrypt and decrypt communications between
the RADIUS client (device) and the RADIUS server. This string must match the
shared secret entered when you added the client device
on the RADIUS server. Without the shared secret, the server and
client will be unable to communicate, and authentication attempts will fail.
The shared secret must be at least 6 characters long; 16 characters is recommended.
Dashes are allowed in the string, but spaces are not.
NOTE: If you are configuring multiple RADIUS servers, the same server shared secret must be used for each RADIUS server. This is because most Policy Manager devices (RADIUS clients) only support one shared secret. Matrix N-Series devices with firmware version 5.0 or above are an exception to this, as these devices do support a unique shared secret for each server. NOTE: This Server Shared Secret is not to be confused with the Application Shared Secret that encrypts communication between the RADIUS client and Policy Manager.
- Access Type
- Use the drop-down list to select the type of authentication access allowed for this
RADIUS server:
- Any access - the server can authenticate users originating from any access type.
- Management access - the server can only authenticate users that have requested management access via the console, Telnet, SSH, or HTTP, etc.
- Network access - the server can only authenticate users that are accessing the network via 802.1X, MAC, or Web-Based authentication.
- OK Button
- Saves the settings and returns you to the RADIUS Authentication Server(s) window in the Device Configuration Wizard. The new RADIUS server is displayed in the table of servers.
- Cancel (upper) Button
- Returns you to the RADIUS Authentication Server(s) window in the Device Configuration Wizard without saving any settings.
- Cancel (lower) Button
- Exits you from the Device Configuration Wizard without saving any of the settings you've entered so far.
For information on related concepts:
For information on related windows:
For information on related tasks:
